Changes in the versions:

1.0
   - Commercial version released. All known decryption bugs fixed,
some options added. Freeware version be no longer updated.

0.9:
   - First  (BETA) version  released. There  are known decryption
bugs  (on  some  complex  Word  files).  Only freeware version is
available.

----------------------------------------------------------------



              GuaWorD (Guaranteed Word Decryptor)
        MS Word 97/2000 .doc encrypted files decryptor

                            v. 1.0

          (c) Copyright PSW-soft 2000 by P. Semjanov


THIS PROGRAM  IS DISTRIBUTED  "AS IS".  USE IT  AT YOUR OWN RISK.
GuaWord comes with ABSOLUTELY  NO WARRANTY. The AUTHOR  also DOES
NOT GUARANTEE releasing any future VERSIONS of the program.

This  program has two versions:

  1)   FREEWARE    (with   some    limitations)   that    can  be
distributed freely under  following conditions: the  program code
should not  be changed  and has  to be   distributed in  original
form.  Any   commercial  use  of  this  version   is  prohibited.
Support of this  version also is not guaranteed.

  2) COMMERCIAL (fully-functional)  that can't be  distributed in
any form with out written explicit permission of the author.


1. Objectives and characteristics.

The   program   GuaWord decrypts  encrypted MS  Word 97/2000  (v.
8.0 and 9.0)  document    files without password   knowledge. But
it   is not  PASSWORD recovery  program, the  decryption of   any
file is guaranteed   regardless of password  used.  The   program
has  been    tested on  Word  97/2000  files  only.   If   you're
using   Word   6.0/7.0 there  are a  lot of decryption utilities.
Moreover,  French  version  of   MS  Word   allows  much   faster
decrypting  and you don't  need this program  in this case.

It  is  well  known  that  Word  starting  from v. 8.0 uses a RC4
stream    encryption    that    is    cryptographically   strong.
(Un)fortunately, because  of U.S.  crypto export  regulation  key
length is  only 40   bits. Not  long ago  it was  impossible  for
individuals to test all keys,  but nowadays, the power of  modern
PC is sufficient for that procedure.

To crack ANY Word 97/2000 password  you need to  test 2^40  keys.
(No matter how  long the password  is, what charset  and national
symbols uses).  It's  implemented  in  this  program, but at  the
speed about  180000 keys/s  on Pentium  II/333 and  you will need
about 70 days to  finish   it. (Surely, in average you will  need
only a half  of this time).  The faster computer  you've got, the
earlier password is found.

To speed  up cracking  simple distributed  computing mechanism is
included in GuaWord program (*).

(*) - not available in free version

All keyspace is divided to 16384 (0-16383) "megakeys"  (they  are
simply   called   "keys"   below)   and   each   of  them  can be
tested in parallel  on separate computer.   One key testing  time
is  about   6  minutes  on   Pentium  II/333).  So, if you've got
thousand computers in your LAN,  you could find the right  key in
a few minutes.

2. Working with the program.

   You may run  GuaWord program under   MS DOS or   Win  (Windows
3.11,  Windows  95-98,  Windows  NT).   DPMI-host is necessary to
start the program  (under MS DOS  you may use  freeware CWSDPMI).
Also, you should  start SHARE.EXE  under  MS DOS before   running
this  program if you use more that one computer (see below).


Use the following command line to run the program:

   GUAWORD.EXE [options] doc_encrypted_file [start_key [end_key]],
where:

doc_encrypted_file  is  Word  97/2000  file  with  password  (for
opening).  Long  file names supported  only under Windows  95/98,
not MS-DOS or Windows NT.

Parameters in [] brackets are optional:
   start_key is a key to start from (0-16383), default = 0  (*);
   end_key   is a last key to test  (0-16383), default = 16383 (*).

There  is  no  known  reason  to  use these parameters in limited
clients versions (see FAQ, question 1).

(*) - not available in free version

Options are:
   /f        enables fast testing;
   /r        restarts cracking after any accident  (*);

Although 90% of  Word  encrypted  files allow fast   testing that
is enabled by /f option and is 15% faster, it is not  recommended
because  if  fast  testing  will  fail,  you  need to run GuaWord
again without /f   option. The  only  case  using the   /f option
would be well-founded,  if you are   trying to decrypt  a lot  of
files -  in average you get the result faster.

/r option may  be useful if  some accident has  occurred, such as
power was off or decryption  failed for some reason. This  option
sets to zero number of  clients and convert all interrupted  keys
(see below) to  "not tested" ones.  Of course, it  doesn't change
any other keys, already tested  keys never be tested again.   Use
/r option only on ONE client, all others should be run in  normal
mode.

When the  right key is found, the  .doc file  will be  decrypted.
Because  of  .doc  file  format  is  complex  and  non-documented
the decryption procedure  may fail (and file will be  corrupted),
therefore making   a backup   copy of   your file  is  ABSOLUTELY
NECESSARY.

To provide   distributed computing    mechanism (*)   the  shared
file (with  .key  extension)   is  created  in current  directory
at the first   run of   the    GuaWord  program.    Thus,     you
will   need to  have  WRITE PERMISSION   to the current  (shared)
directory.  NEVER   do not  delete  nor modify this   file if you
are  not sure that this is right thing to do. If you delete  .key
file,  you  lost  all  information  about  not  matching keys and
start_key/end_key parameters  also WON'T  help you  in this  case
(**).

(**) They help only in unlimited clients version.

Normally, there should be no  interrupted keys in the .key  file,
but  they could     appear if   computer accidentally powers  off
or   if  you  interrupt    the program,   running on Windows  NT.
To  resolve   the    problem with    the    interrupted keys  the
program please look at the messages of the LAST client  finished.
If it says, "ATTENTION:  But there are some possibly  interrupted
keys", rerun this  client with /r  option and the  same keyspace.
The  program  will retest all interrupted  keys.

Here are the examples of GuaWord using:

1) To crack the TEST.DOC file on one computer use:
   GUAWORD.EXE TEST.DOC

This is only supported method by freeware version of the program.

2)  To  crack  TEST.DOC  file  on  several computers on the LAN,
copy the   GuaWord  program   and TEST.DOC  file to   the  shared
directory (don't forget  to run   SHARE.EXE under   MS DOS)   and
use the same command line (*):

   GUAWORD.EXE TEST.DOC

3) To crack TEST.DOC on two divided LANs, use (*) (**)
   GUAWORD.EXE TEST.DOC 0 8191   - on first LAN
   GUAWORD.EXE TEST.DOC 8192     - on second LAN

   Use the similar command lines on several LANs.

(*) not possible in freeware version.
(**) possible only on unlimited clients version

3. Mini-FAQ.

1) How to interrupt and continue searching?

The  program  can   be  interrupted  by  pressing Ctrl-C once and
continued by  running with  the same  options (no  need to change
the keyspace range - it will be picked up automatically).

(*) Continuing is impossible in freeware version, it will start
from key 0.

   ATTENTION: on pressing  Ctrl-C  Windows  NT  will  cause   the
"Application   error" window  and   interrupted key   will appear
in the .key file (see above).

2) What do the values in .key file mean?

First 16 bytes are  special. The byte   with n  offset  mean  the
state of (n-16)  key and  may  be one of   3 values: 0  - key  is
not tested yet,  1 -   key was  tested and   is not  right, 2   -
key is testing now (or may be interrupted key).

So, if  after the  test of a given  keyspace is completed,  there
are still some values (in this keyspace) which are  not equal  to
1, then there must  be a bug in  the program. Those  keys,  which
have  not  been  tested,   can  be  tested by simply running  the
program on this keyspace again with /r option.

3)  I've  got Pentium III/1000  computer, but key testing time is
extremely large.

Make   sure   that   other   CPU   hungry   programs   (including
3D-screensavers) are not running simultaneously.

3a) One key testing time is 2 times longer under Windows NT  than
under MS-DOS or Windows 95.

Give 100% CPU time to the program.  Easiest way to do it is click
on  blank space on  the taskbar and  next  click on  the  program
window.

4) How can I test if your program works?

Run GuaWord  on test.doc  file in  the archive.  The password for
this file is 'nyxo'.

5) I've  got a message "XXXXX  is not Word 97/2000 file".  How to
crack it?

Maybe the program is right?

6) The full keyspace has been tested, no key found.

If  you're  using  /f  option,  it's  normal.  Run  program again
without it. Else check for interrupted keys in .key file (see  q.
2) or just simply run  program again with the same  arguments. If
it is still fails, it's a bug.

7) Your program  found a key, successfully  decrypted  a file and
Word still can not open it...

First,  don't  be  despair.  The  key  it found is right and your
file can be   decrypted. Another   method exists   to read   your
document (only if you  made backup  copy  of your file).  If  you
are  legal customer of  commercial version of  the  program, just
send  by  e-mail  me  your  order  number, the key found and Word
version you are using (I  don't need your doc!) and  your problem
will be solved.  I  DON'T SUPPORT FREEWARE PROGRAM, but  it's not
too late to became a legal customer.

8)  What  are  the  differences  between  freeware and commercial
version?

a) Distributed mechanism
b) Starting and ending key arguments, /r option
c) May be better optimization (in next versions)
d) Support

9) Is it possibly to speed up your program?

On Pentium Pro  architecture processors (including  Celeron, PII,
PIII)  is  not   possible.   On   other  architecture  -   maybe,
especially with newest AMD processors.

10)  I'm  using  UNIX,  OS/2,  BeOS  etc.  Will  such  version be
available?

Possibly.   At   least,   I'm   ready   to   make   Linux    i386
version.  Regarding other OS   and platforms, have  in mind  that
GuaWord   is   optimized    exclusively     for    Pentium     II
architecture  and  may  be  much  slower  even  on  very powerful
processors.  Mail me if you desperately need such version.

11)  Program  displays  "no  more  clients (N) allowed", although
less than N clients are running.

Most likely you incorrectly interrupted some clients. Stop others
and use /r option.

12a) Freeware  version founds  the key,  but couldn't (correctly)
decrypt the  file. Is  there the  way for  not searching  for key
again?

12b) Freeware version tested some  (a lot of) keys when  I decide
to buy commercial version. Is there the way for not testing  them
again?

Yes, mail me.


4. How to contact to the author.

Only on e-mail.
e-mail: psw@ssl.stu.neva.ru
FIDO:   2:5030/145.17
WWW:    http://www.ssl.stu.neva.ru/psw/

Main program URL is
http://www.ssl.stu.neva.ru/psw/crack/guaword.html

Although   I   already  mentioned   that  I   will  not    accept
any claims, I  shall be grateful  to  here  about obvious errors,
such as:

- the program hangs  at brute force;
- the   program  does   not  find   the  key   of  a  given  file
although all keys were tested

I appreciate any constructive ideas for improving this program.

5. Special thanks.

  To Eric Young for his great SSLeay library.
  To Caolan McNamare for his not less great wv library.
  To Phil Frisbie, Jr. for CPU identification function.
  To Alexander Perematko for correcting this doc.

Good luck!

Pavel Semjanov, St.-Petersburg.

