
Advanced ARJ Password Recovery 1.07 (c) Elcom Ltd., 1998
========================================================


Contents
--------

  Description
  Requirements
  Usage
  Known bugs and limitations
  Future enhancements
  Registration
  Technical support
  Where to get the latest version
  Ombudsman statement

Description
-----------

This program (Advanced ARJ Password Recovery, or simply AAPR)
can be used to recover your lost password for ARJ archive. At
the moment, there is no known method to extract the password
from the compressed file; so, the only available methods are
"brute force" and dictionary-based attacks.

Well, there are a lot of programs like this around, but
all of them have their own "pros" and "cons". Here is a brief
list of AAPR advantages:

- The program is very fast: up to 30 million passwords per
  minute (on Pentium-200/MMX).
- The program is customizable: you can set the password length
  (or length range), the character set to be used to generate
  the passwords, and a couple of other options.
- Dictionary-based attack is available.
- The maximum password length is not limited (in registered
  version).
- No special virtual memory requirements.

The next versions will have much more useful features, of
course.


Requirements
------------

- Windows 95 (any version), or Windows 98, or Windows NT 4.0 running
  on Pentium CPU
- 4 megabytes RAM
- less than 1 megabyte of hard disk space
- patience...


Usage
-----

The program is a windows application and have powerful
graphical user interface (GUI). You can run this program
from "Advanced ARJ Password Recovery" group created by
the installation program.

You have to select the following:

  Name of the file
  ~~~~~~~~~~~~~~~~
  Just the name of ARJ archive you'd like to get the password
  for. Use the "Browse" button to pick it from the list.

  Password length
  ~~~~~~~~~~~~~~~
  Maximum and minimum length of the password to verify.

  Type of attack
  ~~~~~~~~~~~~~~
  Brute-force or dictionary attack. You can select both of this
  types; if the dictionary attack fails - brute-force attack will
  be executed.

  Brute-force range options
  ~~~~~~~~~~~~~~~~~~~~~~~~~
  Instructs the program what characters have been used in
  the password), if you have this information. You can choose
  from all capt, all small letters, all digits, all special
  symbols; or just all printable (includes all of the above).
  
  Alternatively, you can define your own character set. Just
  enable the option "Custom charset", and click the "Define"
  button. The imput window will appear; just enter all the chars
  the password may contain. For example, if you remember that
  the password has been entered in the bottom keyboard row
  ("zxcv..."), the charset will be "zxcvbnm,./", or in caps:
  "ZXCVBNM<>?", or for both of those: "zxcvbnm,./ZXCVBNM<>?".
  
  In addition, you can load and save your own custom charsets.
  Each CHR-file (*.chr) contains a string with specified charset;
  you can define national symbols (in Windows code page), and
  they will be automatically converted into OEM encoding (just
  because ARJ uses OEM encoding for password encryption).

  Start from password
  ~~~~~~~~~~~~~~~~~~~
  This option may help if you know what the first character of
  the password is. For example, if you're sure that the small
  letters have been used (from 'a' to 'z'), the length is 5, and
  the the password definitely starts with 'k', than type 'kaaaa'
  here. Please also note, that if you press the "Stop" button
  when AAPR is working, the program writes the current password
  to this window ("Start from password"). It can be used later
  to restart the program from the same point. National symbols
  also allowed.

  Dictionary options
  ~~~~~~~~~~~~~~~~~~
  Simply select the desired dictionary file. In addition, you can
  select an option "Try to capitalize first character" or "Try
  to capitalize all characters" -- it may really help if you're
  not sure about the register the password has been typed in.
  For example, for the word "password" (in dictionary), the
  program will also try the "Password" (if the first option is
  checked), and "Password", "PaSsWoRd" etc (if the second one is
  checked).

  The small, but really effective dictionary is included into
  AZPR distribution: "english.dic" (about 27,000 words). Some
  other very good ones are available at:
    ftp://sable.ox.ac.uk/pub/wordlists/
    ftp://ftp.cdrom.com/pub/security/coast/dict/wordlists/
    ftp://ftp.cdrom.com/pub/security/coast/dict/dictionaries/
  Also, please have a look at our "Password Recovery Software"
  page -- you'll find a few dictionaries, wordlists and dictionary
  generators there, as well as the links to related sites:
    http://www.elcomsoft.com/prs.html

  Analysing options
  ~~~~~~~~~~~~~~~~~
  Block size analysing and Huffman table analysing. The block size
  analysing option is for advanced users and turns on analysing the
  block length (in archive). The value given in this option is a
  "percentage". It allows to set the block length. If it is used,
  the program performance could be much better, but there is a chance
  that the password will not be find at all. The optimum value is 30%;
  actually, it depends on file contents, i.e. distribution of
  "redundant" segments in the compressed file. The Huffman table
  analysing must be always turned "on". It improves analysing speed
  up to 50%. When it is enabled, an analysis of some Huffman table
  parameters (idential in all ARJ-archives) is performed.

  Priority
  ~~~~~~~~
  Normal or high. If you want to start AAPR as "background" process
  -- you have select "Normal". If you want to increase performance
  -- select "High", but it will decrease performance of all other
  applications running on your computer.

  Save and Read setup
  ~~~~~~~~~~~~~~~~~~~
  You can save you current AAPR setup in specified INI-file.
  When you press a "Save setup" button, the "Save file" dialog
  appears. Just select an INI-file name (e.g. "myarch.ini") or
  select an existing INI-file for overwriting. You can read your
  setup later -- simply press a "Read setup" button.

  AutoSave
  ~~~~~~~~
  If you'd like AAPR to save its state perodically, please check
  an appropriate options, and select the time (in minutes). If
  you'll do that, AAPR will create (and update) a restore file
  "~aapr.ini" (in the same folder where "aapr.exe" is located;
  similar to one created when using the "Save setup" button), and
  even if your computer will stop resonding (or on power fail),
  you'll be able to restore breaking the password from the last
  saved state.

When (if) the password is found, the program prints it (as well
as the number of passwords which have been tested, and the
program speed):

'qwert' is a valid password for this file
Processed 1760765 passwords
time = 22 second(s)
speed = 80034 passwords/second

If all possible passwords (in the given range) have been verified
without success (so the valid one has not been found), the
message is:

Password not found in specified range
Processed 456976 passwords
time = 1 second(s)
speed = 456976 passwords/second

If you stopped your recovery by pressing a "Stop" button - the current
step of brute-force is saved in "Start from" field. Now you can
press a "Start" button again and recovery will be continued from
this step.


Known bugs and limitations
--------------------------

- The program might not work with archives created with ARJ
  newer than version 2.60.
- When files in archive are "stored" (ARJ method 0) or packed
  with method 4, the performance might be lower than expected,
  because unpack the whole file is required.


Future enhancements
-------------------

We know that the program could be improved, and here are some
facilities we're going to implement:

- Ability to select totally custom character set, probably
  using regular expressions.
- Selecting particular file (in archive) to crack.
- Automatic (smart) selection of the file to crack, according
  to size, password complexity etc.
- Running as a service under Windows NT.
- "Known plaintext" attack.
- Working on SMP systems (when more than one CPU is available).
- Network Password Recovery
- Further performance optimizations.

If you have any ideas how the program can be improved, please
don't hesitate to contact us! Your comments are very appreciated.


Registration
------------

This program is distributed as shareware (look at "license.txt"
for details). Being unregistered, it does not allow to set the
maximum password length (it is always 5).

After you register (look at "order.txt" for details), we'll
send you your personal registration code. You'll just have to
click the "Register" button; the program will open the input
window to enter the registration code; after you do so (you can
use cut'n'paste to avoid typing errors), it will have the full
functionality.

Please note that your registration will be valid for all future
versions of AAPR -- so, all upgrades (minor and major) are free
for registered users.


Technical support
-----------------

For technical support, please contact us at support@elcomsoft.com.
In the subject of your mail, please write "AAPR x.y" (where x.y
is the version number), followed by "problem", "suggestion" or
whatever.


Where to get the latest version
-------------------------------

The latest version of AAPR is always available from our
web page at http://www.elcomsoft.com/aapr.html.


Ombudsman statement
-------------------

Elcom Ltd is a member of the Association of Shareware Professionals
(ASP). ASP wants to make sure that the shareware principle works
for you. If you are unable to resolve a shareware-related problem
with an ASP member by contacting the member directly, ASP may be
able to help. The ASP Ombudsman can help you resolve a dispute or
problem with an ASP member, but does not provide technical support
for members' products. Please write to the ASP Ombudsman at 157-F
Love Ave., Greenwood, IN 46142 USA, FAX 317-888-2195, or send email
to omb@asp-shareware.org.
