Changes in the versions: 1.0 - release version. 5-10% speed up. EXE compressed by UPX 0.7. 0.9: - First (BETA) version released. ---------------------------------------------------------------- N M S S (No More Secret Stuff) Norton Secret Stuff Password Cracker v. 1.0 (c) Copyright PSW-soft 1998-99 by P. Semjanov THIS BETA-VERSION of the PROGRAM IS DISTRIBUTED "AS IS". You CAN USE IT AT YOUR OWN RISK. ANY CLAIMS ON WORKING of the PROGRAM WILL NOT BE ACCEPTED. The AUTHOR also DOES NOT GUARANTEE FURTHER SUPPORT and UPDATING of future VERSIONS of THIS PROGRAM. This program is FREEWARE and can be distributed freely under following conditions: the program code may not be changed and the program has to be distributed in original form. Any commercial use is prohibited. 1. Objectives and characteristics. The program NMSS is intended for the extraction of files encrypted with Norton Secret Stuff (NSS) without the password knowledge. The program has been tested on NSS v. 1.0 files only. NSS uses a Blowfish encryption with a very short key length (32 bits) because of the export regulation of strong cryptography. But the key expansion function of Blowfish is very slow and gives about 3-4 additional bits to effective key length. So, to crack ANY NSS password you only need to test 2^32 possible keys. It's done in this program, but the speed is about 2000 keys/s on Pentium-166 and you need about 20-25 days to finish it (I have no idea how the search will take on PII-400, let me know if you have any ideas). Because of slow speed the simple distributed computing mechanism is included in NMSS program. All keyspace is divided into 4096 (0-4095) "megakeys" (they are simply called "keys" below) and each of them can be tested in parallel on different computers. One key testing time is about 9 minutes on Pentium-166. So, if you've got 4096 computers in your LAN, you could find the right key in a few minutes. 2. Working with the program. You may run NMSS program under MS DOS or Win (Windows 3.11, Windows 95-98, Windows NT). DPMI-host is necessary to start the program (you may use freeware CWSDPMI). Use the following command line to run the program: NMSS.EXE NSS_encrypted_file [start_key [end_key]], where start_key is a key to start from (0-4095), default = 0; end_key is a last key to test (0-4095), default = 4095. When the right key is found, the NSS encrypted file will be patched and user can enter any password. So, making the copy of your NSS file is recommended. To provide distributed computing mechanism the shared file (with .key extension) is created in current directory at the first run of the NMSS program. Thus, you will need to have write permission to current (shared) directory. Please do not delete nor modify this file if you are not sure you are right. Normally, there must be no interrupted keys in the .key file. But they could appear if computer accidently powers off or if you interrupt the program run on Windows NT. To resolve the problem with the interrupted keys the program will stop after all keyspace is tested and wait until all shared copies of program will stop too. Because the program doesn't know how many shared copies are running, user must press ENTER (on each copy) when all copies stop. If the program finds the interrupted key, it will be tested again. Here are the examples of NMSS using: 1) To crack the CRYPT.EXE file on one computer use: NMSS.EXE CRYPT.EXE 2) To crack CRYPT.EXE file on several computers on the LAN, copy the NMSS program and CRYPT.EXE file to the shared directory and use the same command line: NMSS.EXE CRYPT.EXE 3) To crack CRYPT.EXE on two divided LANs, use NMSS.EXE CRYPT.EXE 0 2047 - on first LAN NMSS.EXE CRYPT.EXE 2048 - on second LAN Use the similar command lines on several LANs. 3. Mini-FAQ. 1) How to interrupt and continue searching? The program can be interrupted by pressing Ctrl-C once and continued by running with the same options (no need to change the keyspace range - it will be done automatically). ATTENTION: on pressing Ctrl-C Windows NT will cause the "Application error" window and interrupted key will appear in the .key file (see above). 2) What do the values in .key file mean? The first byte must be 'N'. The byte with n offset mean the state of (n-1) key and may be one of 3 values: 0 - key is not tested yet, 1 - key was tested and is not right, 2 - key is testing now (or may be interrupted key). So, if after the test on a given keyspace is completed, there are still some values (in this keyspace) which are not equal to 1, then there must be a bug in the program. Those keys, which have not been tested, must be tested by simply running the program on this keyspace again. 3) I've got Pentium-II/400 computer, but key testing time is extremely large. Check if others program (including 3D-screensavers) are not running in the same time. 4) How can I test if your program works? Encrypt file with NSS using "abm" password. Next run NMSS with parameter 2571. 5) Is it possibly to speed up your program? During the investigation of the NSS algorithm no backdoors nor statistical defects in password-to-key conversion function (it is MD5) have been found. I think only machine-dependent (like MMX) optimization could be done. I will NOT make such optimization (at least, for free). 4. How to contact to the author. Only on e-mail. e-mail: psw@ssl.stu.neva.ru FIDO: 2:5030/145.17 WWW: http://www.ssl.stu.neva.ru/psw/ Main program URL is http://www.ssl.stu.neva.ru/psw/crack.html#NMSS Although I already mentioned that I will not accept any claims, I shall be grateful to here about obvious errors, such as: - the program hangs at brute force; - the program does not find the key of a given file although all keys were tested I shall be glad to any constructive offers on improvement of the working of the program. 5. Special thanks. To Eric Young for his great SSLeay library. Good luck! Pavel Semjanov, St.-Petersburg.