home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cream of the Crop 11
/
Cream of the Crop 11-1.iso
/
utility
/
passw204.zip
/
PASSWORD.DOC
< prev
next >
Wrap
Text File
|
1995-12-06
|
12KB
|
269 lines
12/95 Freeware Release
Addendum 12/6/95: Added FILE_ID.DIZ at BBS Sysop request. Also a copy is
attached to the end of this file.
*** PASSWORD PROTECT (PASSW204) version 2.04 Introduction. ***************
Some time ago, I was searching for a simple password protection program
to use on a project I was working on. The project incorporated setup modes
that could be accessed from the multiple configuration menu available both
in Microsoft and DataLight versions of DOS 6.xx. The intention was to
provide a "reasonable" amount of protection against unauthorized access
to these super-user functions. The most practical method for accomplishing
this was to use a password driver that was called within DOS "CONFIG.SYS".
By combining such a program with the appropriate BIOS and startup file
options, it was possible to keep all but the most persistant and DOS-savvy
intruders out of the machines.
My search turned up a number of useful public-domain utilities of this
nature--most of which can be found in the "security" subdirectories of the
Simtel or Garbo sites on the internet. While these files were useful to my
cause, most of them were not finished products, or put certain restictions
on their usage. One file "PASSW11.ZIP" by Cristoph Christ was the simplest
of the group (i.e. no ANSI graphics, no screen coordinates, no sounds),
and I embarked on modifying it to fit my needs. Changes made included:
General Modifications:
---------------------
- removed copyright notice printing to stdout
- changed output strings to be similar to a Unix login
- user *must* hit return to process entered password
- max password length reduced to 8 characters
Bugfixes:
--------
- fixed backspace behavior when at leftmost position
- fixed so input cannot include ascii below space character
- changed read int 21h, function 8 to function 7 so that
^C would not be printed on screen! Same for function 6
- fixed error accepting password after backspace
- fixed indexing errors on backspace
Enhancements:
------------
- changed system halt on repeated failures to a bus reboot
- added timeout capability, if no keypress after n seconds,
system will reboot after failure message and delay
- removed case-sensitivity by borrowing routine from "PW.8"
by Bob Montgomery, in the simtel archive file:
"msdos/security/passwrd6.zip"
- wrote new utility to modify embedded password in
"PASSWORD.SYS" without the need to recompile the source
*** System Requirements: *************************************************
- 80286 or better processor (286 bus reset used).
- MSDOS 6.xx or DataLight ROM-DOS 6.xx recommended,
but not required.
*** Contents. The distribution package for "PASSW204" includes:
PASSWORD SYS - default driver password "GUEST"
ENCRYPT EXE - utility to change password in above
PASSWORD ASM - source to PASSWORD.SYS
ENCRYPT C - source to ENCRYPT.EXE
PASSWORD DOC - this file
BUILD BAT - batch file to build PASSWORD.SYS
*** Usage. Setting up the password driver is simple:
1. You may choose to skip to step 2. If you do so, the default password
for this distribution is "GUEST". To change the password, run the
"ENCRYPT.EXE" program. Note that the maximum password length is eight
characters. If you enter more, additional characters will be stripped.
2. Copy the modified PASSWORD.SYS to the root-directory of your C: drive.
3. Add the line "DEVICE=C:\PASSWORD.SYS" to your CONFIG.SYS file.
4. Reboot. Try entering the wrong password three times. Try letting the
program idle for 30 seconds without typing anything at the keyboard.
5. After you are satisfied the program does not allow the user to continue
with the wrong password (and you are quite tired of seeing your machine
reboot :-) ), enter the correct password to continue.
6. If your machine is working properly at this point, you can increase
security by not allowing users to bypass the startup files via the "F5",
"F8", or "SHIFT" keys. Place the line:
"SWITCHES = \F \N"
near the top of your "CONFIG.SYS" file. Refer to your MSDOS manual for
more information.
7. Finally, if your BIOS supports them, make the following changes to your
BIOS setup:
a. Change boot sequence to "C: only" or "C: then A:"
This option prevents the easy bypass of the password program
by booting from a floppy.
b. Disable BIOS setup prompt on startup
This option prevents the display of the keypresses needed to
enter the BIOS utility.
c. Password-protect your BIOS
This option prevents the user from entering the BIOS utility
w/o entering a password first. Note that most BIOS's have a
manafacturer's "back door" password and can also be reset by
draining the CMOS battery. If someone adept with PCs wants
to get in, there is little you can do to stop them without
resorting to much more complicated methods. The methods
outlined here do, however, stop most intrusions.
Refer to the manual that came with your computer to learn more about
configuring your BIOS through the setup utility.
8. Do not leave the "ENCRYPT.EXE" or the program sources on the protected
PC. The password program is useless if the users know how it works!
*** Sample Configuration. Contents of CONFIG.SYS: ************************
SWITCHES = \F \N
[Menu]
menuitem=STANDARD, Standard Setup
menuitem=NETWORK, My Novell Network
menudefault=STANDARD, 5
[Common]
FILES=60
BUFFERS=10,0
DEVICE=C:\PASSWORD.SYS
[STANDARD]
; Your "standard" drivers go here!
[NETWORK]
; Your network drivers go here!
*** Known Bugs. None at time of this writing. ****************************
*** Modifications you can make. ******************************************
1. Case-sensitivity. You can add case-sensitivity by commenting out or
removing the following lines in the source file:
; *** Case-Sensitivity Section -----------------------------------------------
;
; Notes:
; 1. This section was extracted "as-is" from "PW.8" on SimTel on
; 08/05/95. See "HISTORY" above for details.
;
; Case-sensitivity is removed by converting any received ASCII
; characters in the range 'a' through 'z' to caps.
;
; 2. This is recommended for applications in which the user
; may not be readily aware of the state of the CAPS LOCK key!
;
; 3. For other applications, the input may be treated as case sensitive
; by commenting out this section and recompiling.
;
mov ax, ds ;
mov es, ax ; ES=DS
mov di, si ; DI=SI
ScanCase: ;
cld ; clear the direction flag
lodsb ; get char at DS:[SI] to al, inc SI
cmp al, 'a' ; < a ?
jl ScanStore ; yes
cmp al, 'z' ; > z ?
jg ScanStore ; yes
sub al, 20h ; no, convert to uppercase
ScanStore: ;
stosb ; store al to ES:[DI], inc DI
loop ScanCase ; loop until CX = 0
; *** End Case-Sensitivity Section -------------------------------------------
; ----------------------------------------------------------------------------
2. 80x86 support. The only thing preventing support of all 80x86-family
processors is the 286 bus reset used to reset the machine:
; ******* actual reboot ********
mov al, 0feh ; reboot now by pulsing
mov dx, 064h ; .
out dx, al ; the CPU bus reset
These lines may be replaced by the standard far jump software reset for
backwards compatibility.
**************************************************************************
**************************************************************************
This software is released to the general public as freeware and is freely-
distributable on any media. This is not public domain! The author retains
the copyright to the source files found in this archive. If you include
these sources in a work of your own, you must include the original
banners as they appear in this archive.
The author will not be held responsible for any damages resulting from the
use of this software. Continued use of this software indicates agreement
with the above statement.
If you find this program useful, you may send donations on the suggested
order of 5 to 25 U.S. dollars. Donations serve as inspiration for authors
to continue releasing products to the general public. Please show your
support!
*** How to contact the author: *******************************************
via internet: gruess@gruess.ip.portal.com
gruess@eng.umd.edu
via snail mail: Joseph A. Gruessing Jr.
RE: Password Program
2906 Greenway Drive
Ellicott City, MD 21042 USA
via phone: (703) 758-6281 (9 a.m. - 5 p.m. EST)
******************************************************************************
------> FILE_ID.DIZ cut here <----------
(v2.04)PASSWORD PROTECTION IN CONFIG.SYS
This program is loaded as a device
driver in CONFIG.SYS, and requires the
user to enter the "proper" password to
continue the boot process. Failure to
enter the correct password after "n"
tries results in a cold reboot. Also,
if the user input remains idle for "n"
seconds, the system will be rebooted.
Keypresses refresh the timeout counter.
A success results in the continuation of
CONFIG.SYS. It is intended that this
program be used with the multiple config
capabilities of MSDOS 6.xx, or DataLight
ROM-DOS 6.22. Passwords are not case-
sensitive in this program!
Freeware by Joe Gruessing,
gruess@gruess.ip.portal.com
------> FILE_ID.DIZ cut here <----------