home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Media Share 9
/
MEDIASHARE_09.ISO
/
private
/
pw500.zip
/
PASSWORD.DOC
< prev
next >
Wrap
Text File
|
1993-02-06
|
23KB
|
465 lines
PASSWORD 5.0
(C)1993 Ray Dittmeier
P.O. Box 4724
Louisville, KY 40204
DESCRIPTION
PASSWORD is designed with two main ideas in mind. The first is
that a good password protection program shouldn't look like a password
protection program, and the second is that even though you can't keep
a determined expert out no matter what you do, you can at least design
a feature or two that will probably keep most folks out, and that will
tip you off if someone has been poking around at your system.
When PASSWORD starts, it gives you a normal-looking but phony C>
prompt. Type in anything but the correct password, and the program
gives a "Bad command or file name" message. After a specified number
(chosen by you) of wrong guesses, it goes into an endless loop of
giving the phony C> prompt, accepting input, running the disk drive a
little (for the sake of realism), and giving the error message. The
only way out of the loop is to reboot the computer. What we hope is
that the intruder will think something is wrong with the computer,
give up, and go down to the corner bar for a beer.
However, typing in the correct password will cause the program to
display a message telling you the time and date of the last attempted
access, and whether or not the correct password was entered.
FILES YOU SHOULD HAVE:
1. PASSWORD.EXE--The main program.
2. NEW.EXE--A utility program that allows you to change the password.
3. PASSWORD.DOC--This documentation file.
The password provided with the program is "hello" (without the
quotation marks). The program is case-sensitive, meaning that upper
case letters and lower case letters are not interchangeable.
RUNNING THE PROGRAM:
PASSWORD is designed to be run from your AUTOEXEC.BAT file.
Since batch files can be terminated early by hitting Control-C,
PASSWORD should run as early in your AUTOEXEC.BAT as possible. This
will give your intruder less opportunity to cut it off. Ideally,
PASSWORD should be preceeded only by ECHO OFF (or @ECHO OFF), and by
the PATH command if necessary (discussed below). After displaying the
above-mentioned "last attempted access" information, PASSWORD waits
for you to press any key to continue. This way, you have the
opportunity to read the message and still run subsequent programs from
AUTOEXEC.BAT.
PASSWORD gives you various options for controlling its appearance
and behavior. You can select these options by using command-line
parameters when you run the program. (Command-line parameters are
merely commands you type after the name of a program at the DOS
prompt. For example, when you type FORMAT A:, the "A:" part is a
parameter.)
The parameters can be typed in any order, and must be separated
by spaces. The parameters, and what they do, are:
F : This parameter will cause PASSWORD to save the last attempted
access information to a text file called PLOG.TXT instead of
displaying it on the screen. (You can't get it to use PLOG.TXT
and display the information on the screen at the same time; it's
either/or.) The program will put the time and date in an ASCII
text file, so you can use any text editor (or even DOS' TYPE
command) to look at it later. If the correct password was
entered, the program adds a + sign after the time/date for that
attempt. If the correct password was not entered, the program
puts a - after the time/date.
The first time you use the F option, PASSWORD creates PLOG.TXT.
Thereafter, it adds the time/date/result of each attempt to the
file. PLOG.TXT will appear in the same subdirectory with the
PASSWORD program. If you want to move PLOG.TXT to a different
subdirectory, PASSWORD will be able to find it, and add to it
where it is, as long as it's in a subdirectory included in your
PATH command.
Using F will also bypass the "press any key" feature after the
password is entered. Therefore, anyone watching over your
shoulder may not catch on that a password program is running.
Or if they do, it won't be apparent that the program keeps
track of when the computer is turned on.
(any number) : Tells PASSWORD to give the user the given number of
chances to enter the correct password before going into the
endless loop. For example, if you run the program with
PASSWORD 5
the program will go into the endless loop after the fifth time
something wrong is typed in. Of course, if the right password is
entered before the fifth input, the last access information is
displayed immediately, and the program proceeds onward from there.
If no parameter is given, PASSWORD gives you, by default, three
chances.
If 0 (number zero) is entered, the program will continue to accept
input until the correct password is typed in, no matter how many
times the user tries.
A : This parameter tells PASSWORD to sound an alarm each time an
incorrect password is entered.
O : This parameter will cause PASSWORD to simulate loading a different
operating system when it starts. You will see a message that "The
Delta Operating System is being loaded," with some disk drive
activity, and you will see a different prompt. But the PASSWORD
program will still operate exactly as it does otherwise.
W : This parameter will cause PASSWORD to execute a warm boot after
the last-allowed incorrect password is entered. For example, if
you're using the program with the default of allowing three
incorrect passwords, W will warm boot the computer after the third
incorrect entry. Of course, if you use 0, giving users an
unlimited number of guesses, there will be no warm boot.
P : Allows the user to designate his or her own prompt. By default,
the program uses C> as the phony prompt. But you can set your own
by entering it on the command line, with P as the first character
to tell PASSWORD that what follows is a new prompt. As is the
case with the regular DOS prompt command, the $ character can be
used to put certain items in the prompt:
$D = Current Date (read from system clock)
$T = Current Time (read from system clock)
$G = > (the "greater than" character)
$L = < (the "less than" character)
$_ = Space
Note that $_ is not one of the choices in the regular DOS PROMPT
command. In DOS, a blank space can be placed in the prompt by
merely putting a space in the appropriate place in the PROMPT
command. However, PASSWORD will interpret a blank space as a
space between parameters; therefore, anything after the space will
be seen as a different parameter and left out of the prompt. So
$_ is necessary to give you the possibility of including a space.
A period cannot be used in the prompt. If a period occurs
anywhere in your P parameter, PASSWORD will think the entire
parameter is supposed to be a file name rather than a prompt.
(The reason for entering a file name is explained below.)
Although DOS recognizes other "$ commands" for its prompts, the
ones listed above are the only ones PASSWORD uses. Anything else
you want, such as a directory name, must be typed in exactly as
you want it. For example, if you want your PASSWORD prompt to
give the current time and show the C:\ directory with the usual >
character at the end, enter
PASSWORD P$TC:\>
Using the letter P by itself will give you no prompt at all; the
cursor will appear at the left-hand edge of the screen.
The following six parameters affect the screen display only. The
PASSWORD program will still recognize the real letters you type from
the keyboard. These options are designed to confuse intruders, hide
the password if someone's looking over your shoulders, or both.
R : Displays a randomly chosen ASCII character instead of the actual
letter typed from the keyboard. Remember that some ASCII codes,
when sent to the screen, will do things like give you carriage
returns, backspaces, beeps, etc., which may be distracting. So
with R, it might take a bit of extra concentration to get the
password correct.
L : Displays a randomly chosen letter, rather than actual letter typed
at the keyboard. (Not any ASCII character, as with "R"; this
option limits the choice to letters of the alphabet.) If you type
an upper-case letter, an upper case letter will be displayed. If
you type a lower case letter, a lower case letter will be
displayed.
This option can be useful if other people are likely to be in the
room when you turn on your computer. Anyone who watches the
screen will, we hope, think the randomly-chosen letters are
actually the password.
In addition to selecting this option by typing "L" on the command
line, you can also turn it on after the program's already running.
Merely press the Tab key, and all further input will give randomly
chosen letters on your screen.
The reason for this "Tab" feature is that using "L" in your
AUTOEXEC.BAT will give it to you every time. But if you have
extra people lurking in the room only occasionally, you might want
to use it only on those occasions.
D : Displays a dot (period) instead of the letter typed.
N : Displays nothing in response to keyboard entry (until the Enter
key is pressed).
B : Clears the screen and displays nothing at all--not even a cursor.
V : This parameter will cause PASSWORD to start with a phony virus
warning. The message (falsely) identifies the program as "Virus
Cop" (as far as I know, there's really no program by that name)
and states that a virus has been detected. The message instructs
the user to "run the INSPECT program from the original floppy disk
in your VIRUS COP package before proceeding further. Insert disk
in drive A and press return to continue." Any time an incorrect
password is entered, the program runs the A drive a bit, beeps,
and repeats the message--as if it's looking for the INSPECT
program and not finding it. However, all you have to do is enter
the correct password.
Some of the parameters described above can be used in various
combinations; others can't. For example, you can use V and O
together. It'll simulate loading the other operating system, then
give the phony virus warning. However, B and R won't work at the same
time; B gives you nothing on your display, and R gives you random
characters. They are, obviously, not compatible. However, if you
choose options that don't work together, it's not a problem. PASSWORD
will merely use the one that appears first on the command line and
ignore the other. If you don't get what you expect on the screen,
it's likely you've chosen a combination of options that won't work
together.
Any file name (as a parameter):
First, a brief (I hope) explanation.
The program maintains a text file called PLS.COM (by default),
which contains:
1. The current password,
2. The date and time of the last attempted access, and
3. Whether the correct password was given.
The .COM extension in the file name is just in case an intruder
gets in and pulls up a directory listing. He's not likely to try to
look at the file with the "TYPE" command, since he'll think it's a
program. But even if he does for some weird reason, he'll just see
high-ASCII graphics characters because the file's encrypted--hopefully
giving the appearance of an authentic .COM file.
Obviously, PLS.COM will be read from, and written to, every time
you start your computer. But it was brought to my attention by a user
of an earlier version of PASSWORD that his virus-detection program
sounds an alarm every time an .EXE or .COM file is modified. Not
really a big deal. In fact, I like the idea (thus the A option
described above). But modifying a .COM file could be a real problem
with other virus-detection schemes, or for people who don't want an
alarm.
So I've provided the possibility to have PASSWORD use a name
other than PLS.COM for its text file. Simply enter the new name you
want to use for the text file as a command-line parameter, and
PASSWORD will use that name instead. This file doesn't have to be in
the same subdirectory with PASSWORD; if you don't want it there,
specify the full subdirectory name or make sure it's in a subdirectory
included in your PATH command.
If you use this feature, keep the following in mind:
1. The new file name must have an extension (the one-to-three-
letter part of the file name that follows the period, such as the
.COM in PLS.COM). It doesn't matter what the extension is, but
PASSWORD looks for the period to determine whether a parameter is
a file name. If there's no period, the program won't recognize it
as a file name. If you don't want to use an extension, put a
period at the end of the file name on your command line:
PLS. rather than PLS
2. Make absolutely sure that the new name you use isn't the name of a
file that already exists. Otherwise, PASSWORD won't work
correctly, and you'll destroy the already- existing file that has
that name.
3. Test-run PASSWORD after you set it up to use the new file name.
If you've make a mistake in typing in the new file name, PASSWORD
will display the error message "Illegal file name for PASSWORD
data file." In this case, the problem is probably one of two
things. Either you've used an illegal file name (consult your DOS
manual for guidelines on legal file names), or you've specified a
subdirectory that doesn't exist on your system.
EXAMPLES
PASSWORD A R 4
will run PASSWORD with the alarm option, have it display random ASCII
characters, and give the user four chances to enter the correct
password.
PASSWORD O 0 C:\DOS\SAMPLE.TXT
will run password with the simulation of another operating system,
give the user an unlimited number of chances to enter the correct
password, and use a file called SAMPLE.TXT (located in the
subdirectory C:\DOS) instead of PLS.COM.
PASSWORD N B
will run password with the N parameter option only--it can't run both
N and B, and N appears first on the command line.
PASSWORD O B
This is one I particularly like. It gives the simulation of the other
operating system, leaving the "Delta" message at the top of the
screen, but gives no prompt or cursor. It gives the appearance that
loading Delta locked up the machine.
PASSWORD P$D$T$G 2 L F
will run PASSWORD with a prompt that gives the current date and time,
ending with the > character. It gives you two chances to enter the
correct password, and displays random letters in response to what you
type. The "attempted access" information is added to PLOG.TXT, and is
not displayed after the password is entered.
OTHER IDEAS
I named PASSWORD and NEW as I did to make them easy for you to
identify. However, this will, at least in the case of PASSWORD, make
identification easy for the intruder also, should he happen to get in.
You may want to rename them to something less obvious. If you do,
though, keep in mind that they must have the .EXE extension in order
to run.
Also, you can place each file in a different directory. If you
do this, be sure of two things:
(1) PLS.COM (or the renamed version) must be in the same subdirectory
with PASSWORD, or in a subdirectory listed in your PATH command, or
its directory must be specified on your PASSWORD command line.
(2) The PATH command, if you need it, must come before the call to
PASSWORD in AUTOEXEC.BAT.
CHANGING THE PASSWORD
To change the password, I've provided NEW.EXE. If you're using a
different name than PLS.COM for your data file, enter that name after
you type NEW at the DOS prompt. Typing
NEW C:\DOS\SAMPLE.TXT
will run NEW and instruct it not to look for PLS.COM, but for
C:\DOS\SAMPLE.TXT instead.
If you specify a file name, and there is no file with the name
you specify, NEW will create it. If you don't specify a file name,
NEW will use PLS.COM.
If you don't specify a subdirectory, NEW will first look in the
current directory to see if the information file exists. If it's not
there, it will look at all the subdirectories listed in your PATH
command, if you have one. If it still doesn't find the file, the
program will create a new one with the name you specified on the
command line--or, if you didn't specify a name, it will use PLS.COM.
When NEW starts, it gives you a ? as a prompt. Enter the current
password. The program then prompts you to type in your new password.
The new password can be up to 79 characters long and can include any
character that can be typed on the keyboard, including spaces. NEW
then replaces the old password in PLS.COM (or its replacement) with an
encrypted version of the new one. The last access information
contained in the file is preserved. Or, if appropriate, NEW creates a
new file containing the password you give it.
If, when starting NEW, you enter an illegal file name, or specify
a subdirectory that doesn't exist, NEW will merely stop and give you
back your real DOS prompt.
If, at NEW's ? prompt, you enter the wrong password, the program
harmlessly goes back to DOS. You get just one chance to get it right,
but if you make a mistake, you can run NEW again.
A FEW OTHER NOTES:
PASSWORD can be run at times other than when you boot up your
computer. For example, suppose you're running an application that has
a DOS Shell feature. When you're ready to go out to lunch, simply
shell to DOS and run PASSWORD. This will keep other folks in the office
from snooping around on your machine. If you do this, it might be a
good idea to use the 0 option (unlimited number of wrong entries).
That way, if someone gets curious, you'll still be able to get back in,
no matter how much typing your curious friend does. In any case, be
certain to save your work first.
If you're using an option that doesn't display your input (N, B, or
V), and you lose track of what you're typing, remember that Escape will
wipe out anything you've typed for the current entry. So you can hit
Escape and start over without PASSWORD counting a wrong guess. (I just
mention this because it might be useful some time, but some folks might
not think of it if they can't see any input.)
If PLS.COM isn't present (such as the first time you run the
program, or if something happens to erase it), PASSWORD will create a
new one. The only way you will know this has happened will be if you
are sure you have entered the correct password but are still denied
access. In this case, the password will be "hello."
When PASSWORD creates a new PLS.COM, it will be in the same
subdirectory as the program itself, unless you've specified a
different subdirectory with the "rename PLS.COM" option described
above. If you've specified a different file name on your PASSWORD
command line, the new PLS.COM-type file will have the name you gave
it.
If you forget your password, simply follow these steps:
(1) Start your computer with a bootable floppy disk in drive A, so
that PASSWORD will not run.
(2) Delete PLS.COM. (Or whatever name you're using for the file)
(3) Run NEW. The password will be "hello". It will create a new
PLS.COM containing the password you enter at the ? prompt.
PASSWORD is set up to simulate DOS with as much realism as is
reasonably possible. For this reason, the F1 key will give you a
single character from your previous entry (if there is a previous
entry), and the F3 key will reproduce your entire previous entry.
The Escape key will erase anything you've typed in your current
entry.
However, if the L option is in effect, F1 will give you any
random character that can be typed from the keyboard. F3 will display
a different, but same-sized, set of random characters. If you're
using the R option, those two keys will do the same thing, but will
give you any ASCII character at random.
After entering the correct password, keep in mind that if the
message indicates the password was not given, this still doesn't mean
the intruder didn't get in. He may have figured out that he was
dealing with some kind of security system and rebooted with a floppy
disk in drive A. Of course, PASSWORD has no way of knowing if this
happens, but if the intruder starts out by trying to boot off the hard
drive (and that's the most likely thing he'd do), you'll at least know
someone was there. A hedge against this would be to include PASSWORD
in the AUTOEXEC.BAT of each of your bootable floppy disks (The
password program doesn't have to be on the disk; just specify C: and
the path in the line that calls it). This way, the intruder will have
to bring his own disk in order to avoid PASSWORD.
I was careful to design PASSWORD so that it would run smoothly if
used correctly, and I'm sure I succeeded. Further, the possibility of
disaster is, to the best of my knowledge, nonexistent, because you can
always bypass PASSWORD by booting off drive A. However, since this is
a harsh and unpredictable world, and since I've seen people do many
weird and impossible things on computers, I feel it's prudent to
disclaim responsibility for any disasters that may result from the use
of this software. I'm happy to help with whatever problems I can, but
don't send me a bill for a new computer.
Finally, I'm distributing this program as shareware. Feel free to
copy it and pass it around; just be sure to keep all the files together.
If you're a distributor, put it in your catalog and send me a copy.
If you like and use PASSWORD, please register it for $12.00, and I'll
send you a disk with more programs. These programs will be my most
popular and/or most recent ones. Usage of anything on the disk is
covered by the one registration fee you'll already have paid. So you
may use any or all of the programs with no further obligation. Also,
I'd like to receive any comments, criticisms, or suggestions you may
have, and I'll be glad to answer questions. Send all correspondence
to:
Ray Dittmeier
P.O. Box 4724
Louisville, Ky. 40204
E-mail can be sent on GEnie to R.DITTMEIER, or on CompuServe to
71650,1214.