Cracking askSam

by Datum Fluvius

I have used askSam since my friend lent me a copy several years ago, and since then I have come to appreciate the advantages it offers.

For those out there unfamiliar with askSam, I will elaborate: it is a database program which thinks like a word processor with a powerful macro language.  It is unique in my experience of databases.  Unlike any other database I have ever used, askSam needs no fields or labels.  It will accept them, or course, but it does not insist on them at all.

This means you can import your word processing documents into askSam and search them in ways your word processor's "find" command doesn't support, like asking for each instance of "Dale Drew" within ten words of the term "snitch", while ignoring documents which contain "Nancy".

In addition to its unique search functions, askSam also supports hypertext links.  I was introduced to this concept by askSam a good five years before Netscape made it a household word.

Since I am poor, though, the deciding factor for me was that I bought my own copy of askSam 4.2 for DOS for under $40.

Anyone who wishes to have the latest can get askSam for Windows 3.0 for just $150.  If you have ever priced databases, you know that is dirt cheap!  This combination of inexpensive, powerful search possibilities has made askSam a librarian's dream.  Many libraries use it, as well as genealogists and social scientists.

My favorite use is to import an electronic phone directory into it, so I can search for patterns in the prefix assignments for my city, or search for phone numbers by address rather than name.  If I wanted to, I could pull the address of every woman named Martha on Oak Street.  But that hardly ever comes in handy anymore since I met my wife.

I used askSam for so many projects over the years that keeping track of my passwords on the various files became impossible.  Eventually I found myself locked out of seven or eight of my old files and had to crack my way back inside.  Oops!

The next time you feel secure in your security measures, lose your password and crack your favorite program.  You will either fail and feel uncertain of your own skill, or you will succeed and feel absolutely silly for extending your trust to any password.

askSam, to put it bluntly, is not secure.

It uses a simple substitution cipher which can easily be made into a table and passed around, or hacked individually with an hour's worth of simpleminded effort.  I have found this to be true on both askSam for DOS 4.0 and the askSam for Windows 3.0 demo.

The Procedure

First, obtain a working copy of askSam, of any flavor you wish.  (You might want to download the demo copy direct from the company for free: www.asksam.com) I will not guarantee that this will work on all versions, but the law of conservation of code probably holds true here, so it is worth a try.

Next, create a series of askSam files, and create "update" passwords for each of them in the format "AAAAAAAA," "BBBBBBBB," "ZZZZZZZZ".  (You only need to crack the "update" password, since it is the high level access you need to change the low level "retrieve" password, and to access askSam's encryption if that is invoked.)  Keep plugging at this until you have exhausted the capital letters and lower case letters, and perhaps the digits and special characters as well.

Next, use your favorite hex editor to peek at the file headers of each file, dumping the eight hex bytes beginning at the 30th byte into any convenient location you choose, such as a printer.  In the DOS version, these bytes are preceded by a 0x50 ("P") and are easy to spot by eye.  In the Windows version they are in exactly the same location, without any giveaway "P."  Instead, it's an 0xA0.  Note the password letter of the file next to the string, so you know where it fits in the Big Picture.

Once you have a list of what askSam does with each letter and number possible, you can set up a table to decode the passwords by hand on a single spreadsheet.  You will not be required to actually do this, since askSam's programmers got lazy and left the same substitution table on every copy of askSam I've ever seen.  Just use my handy-dandy password decrypting table, but remember that the password is stored backwards.  The procedure merely gives you an idea of how to get around a custom substitution cipher if one is present.  Perhaps you could make one yourself.

askSam Password Table

Look for each hex value in order, and find its plaintext meaning in column zero.  The order is the same as in the file header (backwards).  Start at byte 0x30.

0    1   2   3   4   5   6   7   8     0   1   2   3   4   5   6   7   8
a   35  0F  43  32  17  01  13  12     A  15  2F  63  12  37  21  33  32
b   36  0C  40  31  14  02  10  11     B  16  2C  60  11  34  22  30  31
c   37  0D  41  30  15  03  11  10     C  17  2D  61  10  35  23  31  30
d   30  0A  46  37  12  04  16  17     D  10  2A  66  17  32  24  36  37
e   31  0B  47  36  13  05  17  16     E  11  2B  67  16  33  25  37  36
f   32  08  44  35  10  06  14  15     F  12  28  64  15  30  26  34  35
g   33  09  45  34  11  07  15  14     G  13  29  65  14  31  27  35  34
h   3C  06  4A  3B  1E  08  1A  1B     H  1C  26  6A  1B  3E  28  3A  3B
i   3D  07  4B  3A  1F  09  1B  1A     I  1D  27  6B  1A  3F  29  3B  3A
j   3E  04  45  39  1C  0A  18  19     J  1E  24  68  19  3C  2A  38  39
k   3F  05  49  38  1D  0B  19  18     K  1F  25  69  18  3D  2B  39  38
l   38  02  4E  3F  1A  0C  1E  1F     L  18  22  6E  1F  3A  2C  3E  3F
m   39  03  4F  3E  1B  0D  1F  1E     M  19  23  6F  1E  3B  2D  3F  3E
n   3A  00  4C  3D  18  0E  1C  1D     N  1A  20  6C  1D  38  2E  3C  3D
o   3B  01  4D  3C  19  0F  1D  1C     O  1B  21  6D  1C  39  2F  3D  3C
p   24  1E  52  23  06  10  02  03     P  04  3E  72  03  26  30  22  23
q   25  1F  53  22  07  11  03  02     Q  05  3F  73  02  27  31  23  22
r   26  1C  50  21  04  12  00  01     R  06  3C  70  01  24  32  20  21
s   27  1D  51  20  05  13  01  00     S  07  3D  71  00  25  33  21  20
t   20  1A  56  27  02  14  06  07     T  00  3A  76  07  22  34  26  27
u   21  1B  57  26  03  15  07  06     U  01  3B  77  06  23  35  27  26
v   22  18  54  25  00  16  04  05     V  02  38  74  05  20  36  24  25
w   23  19  55  24  01  17  05  04     W  03  39  75  04  21  37  25  24
x   2C  16  5A  2B  0E  18  0A  0B     X  0C  36  7A  0B  2E  38  2A  2B
y   2D  17  5B  2A  0F  19  0B  0A     Y  0D  37  7B  0A  2F  39  2B  2A
z   2E  14  58  29  0C  1A  08  09     Z  0E  34  78  09  2C  3A  28  29

Why does this work?  The reason is that askSam simply substitutes one hex value for another, in a one-to-one relationship.  It only looks encrypted to a human, in part because the replacement alphabets are slightly scrambled (the substitutions don't follow alphabet order strictly) and each bit position uses a different setting of the "wheel."

There are no random offsets, RSA keys, or anything at all fancy to it.  It is, in fact, a computerized version of the outdated code wheel, made famous in hundreds of grammar-school cipher textbooks.  It is also as insecure as any cipher could possibly be, since every copy of the program seems to use the same cipher wheels, set in the same way.

These kinds of ciphers (Enigma) were broken by some of the earliest digital computers in the Second World War, but they at least depended on new code wheels every few days or weeks.  Poor askSam need be broken only once, and it's curtains for the entire lot.

If you really like askSam, as I do, you'll probably want to secure it with PGP or some sneaky steganographic method.  At least those offer some defense.  I think...
Return to $2600 Index