home *** CD-ROM | disk | FTP | other *** search
- MS Money 2.0 Back Door
-
- While most password protection schemes AccessData encounters require a great deal of complex
- analysis to break, some password schemes are easily broken with nothing more than a pencil, paper,
- a good hex editor, and a little bit of creativity. MS Money 2.0 is an example of the latter type.
-
- To recover an MS Money 2.0 password open the data file (the file with the MNY extension) with a
- disk editor like Norton Utilities DiskEdit. Move to offset position 444. This value is the number of
- characters in the password. Starting with offset 445 is the hash of the password. The generation of
- the hash value is very simple. The password simply XORed with a portion of the string "Microsoft
- Barney". The result is then padded with hex 0xFF to make 16 bytes and stored at offset 445. To
- recover the original password simply re-XOR the hash value with the string "Microsoft Barney" for
- a second time and the password simply falls out.
-
- As an example: this is the hex values starting at offset 444 of an MSMONEY.MNY file locked with
- the password "ALEXANDER". Note that the HEX value at offset equals the number of characters
- in "ALEXANDER."
-
- 09 0C 25 26 2A 2E 3D 2B 23 26 00
-
- If we start with offset 445 and XOR this string with the Hex representation of the string "Microsoft
- Barney" we get a result as following:
-
- 0C 25 26 2A 2E 3D 2B 23 26
-
- ^ 4D 69 63 72 6F 73 6F 66 74
-
- 41 4C 45 58 41 4E 44 45 52
-
- The resulting string is the Hex representation of the password "ALEXANDER." .
-
- This back door is provided as a courtesy of AccessData Corporation. If you have interest in
- password recovery for any other applications please feel free to give us a call or e-mail us. Our
- phone numbers are 800-489-5199 or 801-224-6970. E-mail amber@accessdata.com.
