Every file I have ever read about hacking FoolProof has said that the best way to find the password for a FoolProofed system is to install a keystroke recorder, break something, and wait for the Administrator to come in and type it (the password, that is).
This is great. The best way, though, is in fact to use TWBFPH.
The last time I hacked FoolProof, I thought it would be neat to have a copy of my own — so I could test hacks, etc., without ever having to leave my room. So, I copied INIT, Control & all onto a disk, set FoolProof back up, and went home. I soon realised that I had a very useful thing indeed — FoolProof Control would contain the password encryption algorithm, where the password was stored, and so on. I set about finding these things. After three days, I found what I was looking for. I decided it would be good to write a program based on what I’d got. TWBFPH is the result. If you can run programs on the FoolProofed computer, just make a copy of TWBFPH on a disk, put the disk in the computer, and double-click it. A little window will appear immediately with the password in it. When you click the mouse, the window disappears, and the program ends. Neat, huh?
There are exactly two things that can go wrong. They are:
— TWBFPH beeps at you, and then closes. This means that it’s missing its WIND resource, so it doesn’t know how to make a window anymore. If you know for sure nobody messed with it (including yourself), then e-mail me and I’ll send you a replacement.
— TWBFPH displays “I can’t find the FoolProof INIT!” in its little window. This means exactly what it says. Either (a), the computer doesn’t have FoolProof on it, in which case you should ask yourself why you’re running TWBFPH in the first place, or (b) the admin changed the INIT’s name to something other than FoolProof INIT. This makes no impression whatsoever on any part of FoolProof. I’ll probably make a version of TWBFPH that gets around this whenever I find out how. If you know, tell me.
I would appreciate feedback, like whether the program should have some more features & what they are exactly.
My E-mail address is: reciproc@freenet.edmonton.ab.ca
(Anyone who wants to read this, do it)
Basically, the encryption algorithm is a simple exclusive-or operation with the password and a 32-byte encryption key, which is stored in bytes $144-$163 (324-355 in decimal) of DATA resource ID 0 in FoolProof Control. The encrypted password is then stored in bytes $74-$93 (116-147 decimal) of FPrf resource ID 128 in the FoolProof INIT. It is also stored in the FoolProof Prefs file, which is pointless, since both the INIT and the Control really
only care about the INIT. The encryption key, in hexadecimal, is this:
