Cracking Big Al's File Locker What is it? Big Al's FileLocker password protects a file, so that other users can not access it without the correct password. Defeating Big Al's FileLock is a very simple process. It took me less than five minutes to figure out how the author hid the password. When you lock a file with “Big Al's FileLocker” it hides the password in the STR# resource of the protected file. But the password is not totally obvious. Steps to defeat Big Al FileLock: 1. Open the protected file with ResEdit. 2. Open the STR# resource. 3. Open resource ID 1001 Now you will see a bunch of numbers ranging from 32 to 126. These numbers are the ordinal position of each character. That may sound confusing but it's not. Every ASCII character is simply assigned a number, these numbers are universal. Big Al just took the password and got every single characters ordinal value. Then Big Al stuck them in the STR# resource. The ASCII Character list: (Option characters are not listed) Ordinal Character Position 32 space 33 ! 34 " 35 # 36 $ 37 % 38 & 39 ' 40 ( 41 ) 42 * 43 + 44 , 45 - (dash) 46 . 47 / 48 0 49 1 50 2 51 3 52 4 53 5 54 6 55 7 56 8 57 9 58 : 59 ; 60 < 61 = 62 > 63 ? 64 @ 65 A 66 B 67 C 68 D 69 E 70 F 71 G 72 H 73 I 74 J 75 K 76 L 77 M 78 N 79 O 80 P 81 Q 82 R 83 S 84 T 85 U 86 V 87 W 88 X 89 Y 90 Z 91 [ 92 \ 93 ] 94 ^ 95 _ (underscore) 96 ` 97 a 98 b 99 c 100 d 101 e 102 f 103 g 104 h 105 i 106 j 107 k 108 l 109 m 110 n 111 o 112 p 113 q 114 r 115 s 116 t 117 u 118 v 119 w 120 x 121 y 122 z 123 { 124 | 125 } 126 ~ After you hopefully see some of those numbers in the STR# resource, ID 1001, simply relate the numbers with the corresponding characters in the ASCII list. For instance say you see the following numbers: 98, 111, 98 You will know the password is “bob” The last two strings in the resource are the file type and the creator. These are of little importance to you though. And that's how you crack a file protected with Big Al's File Locker. -VoiD (voidx@lorien.ml.org)