Changes in the versions:

1.0a
  - Minor bug fixed: /r option was always enabled by /f option.
No changes in program kernel.

1.0
   - Commercial version released. All known decryption bugs fixed,
/r option added. Freeware version will be no longer updated.

0.9:
   - First  (BETA) version  released. There  are known decryption
bugs  (on  some  complex  Word  files).  Only freeware version is
available.

----------------------------------------------------------------



              GuaWorD (Guaranteed Word Decryptor)
        MS Word 97/2000 .doc encrypted files decryptor

                            v. 1.0

          (c) Copyright PSW-soft 2000 by P. Semjanov


THIS PROGRAM  IS DISTRIBUTED  "AS IS".  USE IT  AT YOUR OWN RISK.
GuaWord comes with ABSOLUTELY  NO WARRANTY. The AUTHOR  also DOES
NOT GUARANTEE releasing any future VERSIONS of the program.

This  program has two versions:

  1)   FREEWARE    (with   some    limitations)   that    can  be
distributed freely under  following conditions: the  program code
should not  be changed  and has  to be   distributed in  original
form.  Any   commercial  use  of  this  version   is  prohibited.
Support of this  version also is not guaranteed.

  2) COMMERCIAL (fully-functional)  that can't be  distributed in
any form with out written explicit permission of the author.


1. Objectives and characteristics.

The   program   GuaWord decrypts  encrypted MS  Word 97/2000  (v.
8.0 and 9.0)  document files without knowing the password. But it
is not  PASSWORD recovery  program, the  decryption of   any file
is guaranteed regardless of password  used. The program  has been
tested on Word  97/2000 files only. If you're using  Word 6.0/7.0
there are a lot of decryption utilities. Moreover, French version
of   MS  Word   allows  much faster decrypting and you don't need
this program  in this case.

It  is  well  known  that  Word  starting  from v. 8.0 uses a RC4
stream    encryption    that    is    cryptographically   strong.
(Un)fortunately, because  of U.S.  crypto export  regulation  key
length is  only 40   bits. Not  long ago  it was  impossible  for
individuals to test all keys,  but nowadays, the power of  modern
PC is sufficient for that procedure.

To crack ANY Word 97/2000 password  you need to  test 2^40  keys.
(No matter how  long the password  is, what charset  and national
symbols uses).  It's  implemented  in  this  program, but at  the
speed about  180000 keys/s  on Pentium  II/333 and  you will need
about 70 days to  finish   it. (Surely, in average you will  need
only a half  of this time).  The faster computer  you've got, the
earlier password is found.

To speed  up cracking  simple distributed  computing mechanism is
included in GuaWord program (*).

(*) - not available in free version

All keyspace is divided to 16384 (0-16383) "megakeys"  (they  are
simply   called   "keys"   below)   and   each   of  them  can be
tested in parallel  on separate computer.   One key testing  time
is  about   6  minutes  on   Pentium  II/333).  So, if you've got
thousand computers in your LAN,  you could find the right  key in
a few minutes.

2. Working with the program.

   You may run  GuaWord program under   MS DOS or   Win  (Windows
3.11,  Windows  95-98,  Windows  NT).   DPMI-host is necessary to
start the program  (under MS DOS  you may use  freeware CWSDPMI).
Also, you should  start SHARE.EXE  under  MS DOS before   running
this  program if you use more that one computer (see below).


Use the following command line to run the program:

   GUAWORD.EXE [options] doc_encrypted_file [start_key [end_key]],
where:

doc_encrypted_file  is  Word  97/2000  file  with  password  (for
opening).  Long  file names supported  only under Windows  95/98,
not MS-DOS or Windows NT.

Parameters in [] brackets are optional:
   start_key is a key to start from (0-16383), default = 0  (*);
   end_key   is a last key to test  (0-16383), default = 16383 (*).

If you  reduce  keyspace  using these  parameters,  the available
clients number will be reduced in proportion.

Options are:
   /f        enables fast testing;
   /r        restarts cracking after any accident.  (*)

(*) - not available in free version

Although 90% of  Word  encrypted  files allow fast   testing that
is enabled by /f option and is 15% faster, it is not  recommended
because  if  fast  testing  will  fail,  you  need to run GuaWord
again without /f   option. The  only  case  using the   /f option
would be well-founded,  if you are   trying to decrypt  a lot  of
files -  in average you get the result faster.

/r option may  be useful  if  an accident  has  occurred, such as
power was off or decryption  failed for some reason. This  option
sets the number of  clients to zero  and convert  all interrupted
keys (see below)  to  "not tested" ones.  Of course,  it  doesn't
change any other keys, already tested keys never be tested again.
Use /r option only on ONE (first) client when all clients are not
working, next clients should be run without /r option.

When the  right key is found, the  .doc file  will be  decrypted.
Because  of  .doc  file  format  is  complex  and  non-documented
the decryption procedure  may fail (and file will be  corrupted),
therefore making   a backup   copy of   your file  is  ABSOLUTELY
NECESSARY.

To provide   distributed computing    mechanism (*)   the  shared
file (with  .key  extension)   is  created  in current  directory
at the first   run of   the    GuaWord  program.    Thus,     you
will   need to  have  WRITE PERMISSION   to the current  (shared)
directory.  (Also  you  need  write  permission to  the temporary
directory). Do not delete  nor modify  this  file if  you are not
sure that this is right thing to do.

Normally, there should be no  interrupted keys in the .key  file,
but  they could     appear if   computer accidentally powers  off
or   if  you  interrupt    the program,   running on Windows  NT.
To resolve  the problem  with the interrupted keys please look at
the messages of the LAST client finished. If it says, "ATTENTION:
There  are  some possibly  interrupted  keys", rerun this  client
with /r  option and the  same keyspace. The  program  will retest
all interrupted  keys.

Here are the examples of GuaWord using:

1) To crack the TEST.DOC file on one computer use:
   GUAWORD.EXE TEST.DOC

This is only supported method by freeware version of the program.

2)  To  crack  TEST.DOC  file  on  several computers on  the LAN,
copy the   GuaWord  program   and TEST.DOC  file to   the  shared
directory (don't forget  to run   SHARE.EXE under   MS DOS)   and
use the same command line (*):

   GUAWORD.EXE TEST.DOC

3) To  crack  TEST.DOC on two  divided  LANs or  on  two  divided
computers (e.g. at home and at work), use (*):

   GUAWORD.EXE TEST.DOC 0 8191   - on first LAN
   GUAWORD.EXE TEST.DOC 8192     - on second LAN

   Use the similar command lines on several LANs.

(*) not possible in freeware version.

3. Mini-FAQ.

1) How to interrupt and continue searching?

The  program  can   be  interrupted  by  pressing Ctrl-C once and
continued by  running with  the same  options (no  need to change
the keyspace range - it will be picked up automatically).

(*) Continuing is  impossible in  freeware version, it will start
from key 0.

   ATTENTION: on pressing  Ctrl-C  Windows  NT  will  cause   the
"Application   error" window  and   interrupted key   will appear
in the .key file (see above).

2) What do the values in .key file mean?

First 16 bytes are  special. The byte   with n  offset  mean  the
state of (n-16)  key and  may  be one of   3 values: 0  - key  is
not tested yet, 1 - key was  tested and is not  right, 2 - key is
testing now (or may be interrupted key).

So, if  after the  test of a given  keyspace is completed,  there
are still some values (in this keyspace) which are  not equal  to
1, then there must  be a bug in  the program. Those  keys,  which
have  not  been  tested,   can  be  tested by simply running  the
program on this keyspace again with /r option.

3)  I've  got Pentium III/1000  computer, but key testing time is
extremely large.

Make   sure   that   other   CPU   hungry   programs   (including
3D-screensavers) are not running simultaneously.

3a) One key testing time is 2 times longer under Windows NT  than
under MS-DOS or Windows 95.

Give 100% CPU time to the program.  Easiest way to do it is click
on  blank space on  the taskbar and  next  click on  the  program
window.

4) How can I test if your program is working?

Run GuaWord  on test.doc file  in the  archive and  wait until it
finishes testing key 0.  The password for this file is 'nyxo'.

4a) I  try to  put  'nyxo' password  on  my  .doc file,  and your
program can't decrypt it within 0 key attempt.

Sure, test.doc is an especially constructed example, and you have
no chances to make such (fast breakable) file using standard Word.
See q. 13.

5) I've  got a message "XXXXX  is not Word 97/2000 file".  How to
crack it?

Maybe the program is right?

6) The full keyspace has been tested, no key found.

If  you're  using  /f  option,  it's  normal.  Run  program again
without it. Else check for interrupted keys in .key file (see  q.
2) or  just simply  run program  again with /r option.  If  it is
still fails, it's a bug.

7) Your program  found a key, successfully  decrypted  a file and
Word still can not open it...

First, don't despair. The found key is correct and your file can
be  decrypted. Another method exists to read  your document (only
if you made backup copy of your file). If you are  legal customer
of commercial version of  the  program, just send  by  e-mail  me
your  order  number, the key found and Word version you are using
(I don't need your doc!) and your problem will be solved. I DON'T
SUPPORT FREEWARE PROGRAM, but it's not too late to became a legal
customer.

8)  What  are  the  differences  between  freeware and commercial
version?

a) Distributed mechanism
b) Starting and ending key arguments, /r option
c) May be better optimization (in next versions)
d) Support

9) Is it possible to speed up your program?

On Pentium Pro  architecture processors (including  Celeron, PII,
PIII)  is  not   possible.   On   other  architecture  - perhaps,
especially with newest AMD processors.

10)  I'm  using  UNIX,  OS/2,  BeOS  etc.  Will  such  version be
available?

Possibly.   At   least,   I'm   ready   to   make   Linux    i386
version.  Regarding other OS   and platforms, bear  in mind  that
GuaWord   is   optimized    exclusively     for    Pentium     II
architecture  and  may  be  much  slower  even  on  very powerful
processors.  Mail me if you desperately need such version.

11) Program  displays  "no  more  clients  (N)  allowed  in  this
keyspace", although less than N clients are running.

a) You  are running  the program on reduced  (using starting  and
ending  key parameters)  keyspace.  For  example,  if you've  got
10-clients version,  only 5 clients will be available on keyspace
0-8191.
b) You incorrectly interrupted some clients.  Stop others and use
/r option.

12a) Freeware version  found the  key,  but couldn't  (correctly)
decrypt the  file. Is  there the  way for  not searching  for key
again?

12b) Freeware version tested some  (a lot of) keys when  I decide
to buy commercial version. Is there the way for not testing  them
again?

Sure, just  run  commercial  version  with  appropriate start_key
parameter.

13) I'm sure all of my files are encrypted with the same password,
and  I succesfully decrypted  one of them.  Can I decrypt  others
without running GuaWord on all files?

Files with the same password  DON'T have the same key, because it
depends on  file ID etc. and  there  is no  way to  decrypt other
files if you even know the key of one of them. I think,  however,
that it  is possible  to write  PASSWORD  recovering utility from
given  key and .doc file.  It  will take  the same  (or  slightly
greater) time as GuaWord does.


4. Ordering and contact information.

Program support URLs are
    http://www.ssl.stu.neva.ru/psw/crack/guaword.html
    http://www.password-crackers.com/crack/guaword.html (mirror)

Here  you  find  the  link  to  ordering  page.  There are  three
commercial versions:
     5 clients (max) version  - $59;
    10 clients (max) version  - $99;
    unlimited version         - $450.

You may also use Guaranteed Decryption Service at:
http://www.password-crackers.com/service.html

Contacting information:
    e-mail: psw@ssl.stu.neva.ru
    WWW:    http://www.ssl.stu.neva.ru/psw/

A lot of great password crackers are at
    http://www.password-crackers.com

Although   I   already  mentioned   that  I   will  not    accept
any claims, I  shall be grateful  to  here  about obvious errors,
such as:

- the program hangs  at brute force;
- the   program  does   not  find   the  key   of  a  given  file
although all keys were tested.

I appreciate any constructive ideas for improving this program.

5. Special thanks.

  To Eric Young for his great SSLeay library.
  To Caolan McNamare for his not less great wv library.
  To Phil Frisbie, Jr. for CPU identification function.
  To Alexander Perematko for correcting this doc.

Good luck!

Pavel Semjanov, St.-Petersburg.

