THIS WAS A MACHINE TRANSLATION!
I HAVE NO TIME TO CORRECT IT - WHO CAN HELP, E-MAIL ME PLEASE!
----------------------------------------------------------------
Changes in the versions:

2.0c
  - minor fixes. Now is open source project.

2.0b
  - ".c(1) not defined" error message appeared although you were not
using .c(1); Has been fixed. Passwords counter is now unsigned long long
for gcc compiler and double for others. Password printing in hex has been
added. Compiled with Pentium Pro/II optimizations.

2.0a
  - "5th line" bug fixed for password definitions greater than
4 lines. Thanks to Dmitry Lisiy.
   
2.0:
- Added: support for different languages and encodings, charset
definition, new modifiers and their parameters, timing and benchmarking,
maximum password length now depends only on the amount of free memory.
The max_psw_len, min_psw_len parameters were changed.

1.1:
- The small defects are corrected. The support of special character sets was
added.

1.0:
- First version released.
-----------------------------------------------------------------


           Password Cracking Library (PCL) v. 2.0.

        (c) Copyright PSW-soft 1996-2001 by P. Semjanov


THE PROVIDED VERSION of the LIBRARY IS the BETA-version And IS
DISTRIBUTED "AS IS". USE IT AT YOUR OWN RISK.
ANY CLAIMS ON WORK of the PROGRAM WILL NOT BE ACCEPTED.
THE AUTHOR DOES NOT GUARANTEE FUTURE SUPPORT or UPDATES
TO VERSIONS of THE LIBRARY.

The program included in this archive is FREEWARE and can be 
distributed freely under the following conditions: 
the program code may not be changed,
the program must be distributed in its original form, 
and the reference to PCL in your applications is obligatory.


1. Purpose and characteristics.

The Password Cracking Library is intended to simplify the
writing of password cracking applications
and facilitates the following actions:
- Multifunctional dictionary attack;
- Brute force attack with known characters;
- Recovering an incorrectly typed password, and more.
The library is released as the object files and is 
intended for use with the following compilers:
- Turbo/Borland C/C ++;
- Watcom C/C ++;
- gcc (DJGPP)


2. Password definition file.

The password definition file (PDF) is the main managing file. 
Its  compilation and processing is purely the basic task of the PCL.
The format of the PCL is independent of the application it's used on, 
therefore this library can be used with any 
password-protected filetype.

2.1. Format of the password definition file.


The password definition file is a plain text file divided into two parts:
dictionaries and character set descriptions, and password description.
These parts are divided by the line '##' as in the example below:

[ <the description of the dictionaries and character sets> ]
##
<the description of the passwords>

The first part can be absent; if so, then the file should begin with '##'.
Thus in any other place the symbol '#' is considered as the beginning of
a comment. The blanks and tabulation in a file of the descriptions are
ignored and can be used to visually divide any components.

For convenience, let's first consider the mechanism of the description of 
the passwords, and then the description of character sets, instead of 
against a sequence of the descriptions in a file: 

2.2. Description of the passwords.

It is a required part of the file which goes after "##' line, and 
consists of text lines. Each line defines a set of passwords and 
the working mode, i.e. which algorithm will be used. Each line is 
independent and is processed separately, thus the total number of the 
checked passwords is counted. The basic components of the password 
definition file are: character sets, and words from the dictionaries.
They define one or more characters or symbols, which will be inserted
in the specified places during the password attempts.

2.2.1. Character sets.

The character set (charset) is a set of symbols which can be in a
specified position in the password. They can be either of the following:

 1) Simple single symbols (a, b, etc.). Meaning, that in the
specified position of the password, this will be the only character tried.

 2) Shielded symbols. Special symbols, if they are known to be in
the password, should be shielded. The meaning  is identical
with mentioned above

They are:

  \$, \., \*, \?, \=     - "$", ".", "*", "?", "="
  \], \[, \ , \}, \(, \) - appropriate brackets
  \ (space)              - space
  \\                     - "\"
  \XX, where X is a hex-digit - any symbol in hex-code
  \0 - empty symbol (absence of a symbol). This is usually applied
  in association with the "present" symbol (see examples below).

Basically, any symbols can be shielded, if they are not hex-digits.

  3) Symbol set macros. These sets are defined in 
the first part of the description file (see 2.3.2). 
Meaning that in a current position of the password there is 
any symbol, determined by following macros:

  $a - lower Latin letters (if not defined, there are 26 possibilities);
  $A - upper Latin letters (if not defined, there are 26 possibilities);
  $! - special marks (if not defined,  32 possibilities);
  $1 - Figures (if not defined,  10 possibilities);
  $i - lower national letters;
  $I - upper national letters;
  $o - User's set;
  ?  - Any symbol, i.e. all chars included in these macros.

Note: $v and $p (see 2.3.4) could not be used to generate passwords.

4) Combinations of any of the listed symbols above. The combination
must be enclosed with square brackets. The  meaning is identical with
mentioned above.

Examples:

[$a $A] - any Latin letter;
[abc] - or a, or b, or c;
[$1 abcdef] - hex-digit;
[s \0] - or s, or nothing;
[$a $A $1 $! $i $I $o] - is equivalent to ?.

5) Repetition of symbol(s) "*". Means that the previous 
character set needs to be repeated 0 or more times in 
the appropriate position of the password. Examples:

$a * - password of any length from the small Latin letters;
[ab] * - is empty, a, b, aa, ab, ba, bb, aaa...
[$a $A] [$a $A $1] * - "identifier" - sequence of the letters and
figures, and first letter.

Please note that a password of length 0 symbols can exist, 
and is not always equivalent to absence of a password.
Length of recurrence is calculated automatically on the basis of given maximum
and minimum password by a call of the basic function of the library
parse_rules_file(). Also note that these parameters influence only the
length of a password generated using the "*" symbol and will
not be used if the password consists only of words or static symbols.
It is recommended that you use "*" as often if possible due to the 
fact that it will create the most effective brute force attack.
Current restriction: "*" can only be the last element of a line.

2.2.2. Words from the dictionaries and their modifiers.

Unlike a character set, the word uses not one, but a few
symbols of the password in succession. The PCL library supports
two dictionaries: basic (where more frequently used words are found),
and user (more specific information such as names or dates).
The dictionary is a text file, consisting of words, divided by end of 
line (EOL) symbols. Files such as DOS (CR/LF), and UNIX-format (LF)
can be used. It  is desirable (to increase search rate, among other
factors) to use words of the same (lower) case in dictionaries.

Thus, two macros exist:

$w - Word from the basic dictionary
$u - Word from the user dictionary.

Special character sets are  also considered as words,  because
they can be  of arbitrary length.  They are denoted  as $s(1),
$s(2),  ...  and  depend  on  peculiarities of the task.
The use of special charsets is meaningful only for the specified 
location in the password. Let's assume that $s(1) determines the 
first 2 symbols of the password, and $s(2) determines the third. 
Then only following examples make sense:

$s(1) $s(2)
$S(1) ?
?? $s(2)

Frequently, passwords are altered words. Therefore, to
determine such passwords, the whole set of modified words
are entered. Use following switches:

.u (upper) - convert to uppercase;
.l (lower) - convert to lowercaser;
.t (truncate) - truncate at given length;
.c (convert) - transform the word;
.j (joke) - convert some letters to uppercase;
.r (reverse) - reverse the word;
.s (shrink) -  reduce a word;
.d (duplicate) - repeat a word 2 times.

The modifiers can have parameters enclosed in parentheses. For
modifiers intended to work on separate letters, it is possible to 
set the parameter to indicate the position of the specific letter;
absence of the parameter or a parameter of zero applies the switch 
to the whole word. Further, specific letter positions can be set 
both from the beginning or from the end of the word. The end of a 
word is designated by the '-' symbol.

Currently there are only 3 such modifiers: .u, .l, .t. So,

.u or .u(0) - uppercase the whole word (PASSWORD);
.u(1), .u(2) - uppercase only first (second) letter (Password, pAssword);
.u(-), .u(-1) - uppercase last (last but one) letter (passworD, passwoRd);
.t(-1) - cut off last letter in a word (passwor).

Other switches work only with the whole word and the parameter sets the 
conversion mode. Currently, only the following switch parameters are legal:

.j(0) or .j - uppercase the odd letters (PaSsWoRd);
.j(1) - uppercase the even letters (pAsSwOrD):
.j(2) - uppercase the vowels (pAsswOrd);
.j(3) - uppercase the consonants (PaSSWoRD);
.r(0) or .r - reverse a word (drowssap);
.s(0) or .s - reduce a word by removing vowels, if it is not the first char (password - > psswrd, offset - > offst);
.d(0) or .d - duplicate a word (passwordpassword);
.d(1) - add the reversed word (passworddrowssap);
.c(<number>) - convert all letters in a word according to the
conversion string (see item 2.3.3).

All switches will work correctly with both latin characters and 
national characters (if the national characters are set correctly).
Switch can also be combined (restriction of their
number in succession - 63, which is hardly possible to exceed).
Examples (let $w - password):

$w.u(1).u(-) - PassworD
$w.s.t(4) - pssw
$w.t(4).s - pss


2.2.3.  Permutation brackets.

Maybe you know the password, but it does not work when you enter it.
You probably made a mistake when you typed it. To discover such
passwords, the program has its own specific algorithm. It checks the 
following common typing errors while trying to discover your password:
two letters are swapped (psasword), 
one letter is removed (pasword),
an extra letter is inserted (passweord)
or one is replaced with another (passwird).

Such changes of a password are called "permutations".
The start and end of a possible permutation in the
password are indicated with permutation brackets: "{" and  "}". 
"}" is followed by the permutation number (default=1), 
separated by "." or in parentheses. The value of the permutation 
number sets the number of simultaneously allowed mistakes. Examples:


{abc} - will receive 182 (different) passwords, such as:
  bac, acb - 2 swaps;
  bc, ac, bc - 3 removals;
  aabc, babc... - 4 * 26 - 3 inserts;
  bbc, cbc... - 3 * 25 replacements;
  abc - and the word;

{Password}.2 or {Password}(2) - in particular, words as:
 "psswrod", "passwdro" and "paasswor" will be received;

{$w} - all words with one error from the basic dictionary.

Notes:
1) It  is obvious  that some  passwords will  be generated more
than once, so  the larger is  the number of  permutations, the
larger is the  number of replicas.  Efforts were made  in this
program to reduce replicas, but they are purely empirical  and
were made for  two permutations at  most. In other  words, for
the  large  numbers  there  is  no certainty that a particular
password  cannot  be  discarded  erroneously.  Fanatics of the
theory  of  combinations  can  compute  the  exact  number for
{password}.3, for  example, then  I'll be  able to  compare it
with that one obtained by the program.
2) For insertion  and replacement you  are to know  the set of
characters to be inserted or  replaced. In the event this  set
is not specified explicitly (see section 4.3.4), this  program
forms  it  automatically  for  character  sets, in relation to
standard set these characters  are from (i. e.  for {password}
$a will be inserted, for {Password} [$a $A] will be inserted).
The similar operation  with words is  performed, based on  the
first word from the dictionary with modifiers being taken into
account. In the event this set is specified explicitly, it  is
just the set to be used.

3)  Current  restriction  is  that  the  character  '{'   must
necessarily   be   the     first    in   the     line.    Such
expressions   as  good_{password} remain to be  supported, but
{good}_password is quite possible.

2.3. Description of the dictionaries and character sets.

The dictionaries to be used are set in the beginning of 
the password definition file before the line beginning with '##'.

2.3.1. Description of the dictionaries.

The beginning of the definition file can be used to specify the basic 
and user dictionary (see item 2.2.2). It is necessary only if the 
password description file will be using words from the dictionaries, 
(i.e. $w or $u).

The dictionaries are set as follows:

$w = "<dictionary_filename>"  # the basic dictionary
$u = "c:\\dict\\user.dic"     # additional
It is necessary to place the filenames in quotes, and to use 
shield symbols when defining the filepath(s).

2.3.2. Definition of used character sets.

Used character sets can be further defined by the user if needed, or
predefined sets may be used. The predefined sets consist of:

$a - small latin letters, only 26 elements;
$A - large latin letters, only 26 elements;
$! - special symbols  {}:"<>?[];\',./~!@#$%^&*()_+`-=\|  - (32 elements);
$1 - figures, (10 elements).

User-defined sets consist of:

$i - lowercase letters of the national alphabet;
$I - uppercase letters of the national alphabet;
$o - additional set (for example, any character which does
not actually appear on a physical keyboard key).

The definition of sets is determined by the following format:

$<set> = [< single symbols or character sets >]

The character set can also consist of the name and a combination of
symbols (see 2.2.1), for example:

$o = [$! $1 \FF]

NOTES:
1) You may specify any character sets, including the predefined sets. 
For example, it is possible to add additional symbols in set $!, 
such as a blank or \FF.
2) The definition of sets $i and $I automatically determines
rules of upper/lowercase conversion. Therefore it is important 
that the letters in these sets are in the same order.

Only after all character sets are defined, the complete set of
'?' symbols will be formed, consisting of [$a $A $1 $! $i $I $o],
in that order (it is important for following item).

2.3.3. Definition of the conversion modifiers.

Conversion modifiers .c (see item 2.2.2) can be defined with 
reference to a complete set of symbols '?' using lines of 
the following format:

?.c(<number>) = " < conversion line > "

Each symbol available in a complete set will be transformed 
according to its position in the conversion string. For
example, let

?      = [1234567890], then
?.c(0) = "!@#$%^&*()"

sets shift-conversion.

In the conversion string it is necessary to shield the symbols '\' and '"".
The value of the conversion modifier can be from 0 up to 255.

2.3.4. Definition of special character sets

The special character sets are:
$v - the set of vowels (in all alphabets) - this is required only if
the modifiers .s and .j are used.
$p - the set for insertion within permutation brackets - this is
required only if, for some reason, this set does not include
a previously defined permutation string (see item 2.2.3).
They are are used like previously explained character sets.


2.4. Useful examples of password descriptions.

1) Let me give you a fragment from the documentation on the
program ZEXPL2L:  "Let's assume that you have an archive with a
password, similar to "Heaven!!!", but you have forgotten, how
many exclamation points '!' were at the end of the password,
and if the vowels in the password were upper or lower case.
This password would be written using the PCL language as:
 "He [aA] v [eE] n! * "
Let's also assume that you weren't sure about a
set within basic part of the password. Then it would be 
necessary to try following:  
"{He [aA]  v [eE]  n} !  * "

2) Another quote: "If you were to have two variants of a line
of the password:  "myprog", "MyProg","my_prog" and "My_Prog".
It should be written down as:
"[mM] y [_ \0] [pP] rog".

3)  It  is  often  recommended  to  use  two meaningful words,
separated   by   certain   character,   as   a  password.  The
description is as following:
 "$w [$1 $!] $w" or
 "$w.u(1) [$1 $!] $w.u(1)"
It is important to note that the use of $w are not equal in these two
examples, and will generate a total of (if there are 20000 words in the dic-
tionary): 20000 * 42 * 20000 = 1.68E10 passwords.
Accordingly, if it is simply two words separated by a number,
breaking the password would be 42 times faster.

4)  You remember that your password was "MyVeryLongGoodPassword",
but it  does not match for some reason when you type it in. Try these
combinations:
  "{MyVeryLongGoodPassword}" - 2382 passwords
  "{MyVeryLongGoodPassword}.2" - 2836413 passwords


5) You know that the password consists of an meaningful word,
inside of which some figure is inserted ("meanin8gful"). The appropriate
description would then be:

$p = [$1]  # define insert set
##
{$w}

7) Attack on syllables. Create a dictionary of allowed syllables in your
language, and then it is possible to test all intelligent-sounding words
as follows:

$u      # all one-syllable words
$u$u    # two-syllables
$u$u$u  #etc.
$u$u$u$u
...

8) To do the work on 2 computers, set
the following descriptions:
"[abcdefghijklm] $a * " - first
"[nopqrstuvwxyz] $a * " - second.
You can do likewise for n of computers.


3. Interface with the application.

It's rather simple and is described in the PCL.H file.


4. How to contact to the author.

Only by e-mail.

FIDO: 2:5030/145.17
e-mail: psw@ssl.stu.neva.ru
WWW: http://www.ssl.stu.neva.ru/psw/

The PCL library is distributed by the author as FREEWARE containing .LIB files 
(under Borland, Watcom C) or .a (under DJGPP) with the requirement that if you
use it in your programs, you are required to include a reference to 
it and the author in your programs. Basic URL of library:

http://www.ssl.stu.neva.ru/psw/crack.html#PCL

Comments on the source texts - subject of a separate conversation.
It is now in a the development stage, therefore I would be very glad to hear
about any mistakes and defects in it, especially comments, ideas, or
wishes concerning its improvement and additions.


5. Thanks to.

Solar Designer and Alec Muffett - for ideas of some modifiers.
Eric Young - for timing function from libdes.
John Vandermeersch for correcting this docs.



