Advanced Office 97 Password Recovery 1.0
========================================
(c) 1998-99 Andy Malyshev, Elcom Ltd.


Contents
--------

1. Overview
2. About Office 97 passwords
  2.1. About Word and Excel passwords
  2.2. About Access passwords
3. Working with AO97PR
  3.1. Working with projects
    3.1.1. Creating the project
    3.1.2. Selecting the Office document file
    3.1.3. Saving your project
  3.2. Project options
    3.2.1. Selecting the type of attack
    3.2.2. Selecting the password length
    3.2.3. Selecting a brute-force range
    3.2.4. Selecting the dictionary file
    3.2.5. Selecting priority
    3.2.6. Auto Save Project
  3.3. Recovery process
  3.4. Status window
4. System requirements
5. Future enhancements
6. Contact information
Ombudsman statement


1. Overview
-----------

Advanced Office 97 Password Recovery (or simply AO97PR) has been
designed for recovering the lost passwords for Microsoft Office 97
documents. In addition, it can be used for analysing the
security of your Office documents. You can recover passwords for 
Microsoft Word, Excel and Access 97 (Access 95 is also
supported).

The program is compatible with all international (non-english)
versions of MS Office, except French one.


2. About Office 97 passwords
----------------------------

2.1. About Word and Excel passwords

When you assign the password to your Word or Excel 97 document, 
Microsoft Office encrypts the document using relatively complicated
algorythm (wityhout storing the password itself inside the
file), so it is impossible to retrieve it at all. However, we
can recover the lost password using the "brute-force" and
dictionary attacks. For the "brute-force" attack, you have to
set up the password length (it is limited to 15 characters) and
password range (which, by the way, can include a national
symbols).

2.2. About Access passwords

Microsoft Access uses a very simple and weak algorythm for password
storage. All Access passwords can be recovered instantly.
National symbols also supported. Password length is limited to
13 characters.


3. Working with AO97PR
----------------------

3.1. Working with projects

3.1.1. Creating the project

First, you have to create a project. Project file contains all
information about the source file, selected options and
character set. It is based on the Word document file, so you
have to select the file first.

When the program starts, it creates a new project automatically.
Also, you can create a project by pressing the "Create new
project" button or selecting the "Project -> New" menu item.
Project can not be created for MS Access document, because
recovering process doesn't require a long time.

3.1.2. Selecting the Office document file

Next step is a source file selection. Press the "Load an Office
document into project" button and select an appropriate file; 
file format will be recognized automatically with corresponding
message in the Status window; if the specified file is not an
Office 97 document, or it's corrupted, or used by another
application - appropriate error message will be displayed.

3.1.3. Saving your project

When the file is loaded, you can save your project -- all the
changes you've made will be reflected in the project file; the
name for the project is selected automatically based on the name
of the file; if you want to give an alternative name - use
"Project -> Save as..." menu item. If you don't want to change
the name, just use the "Save project" button or "Project ->
Save" menu item. You can not save a project when Access file is
loaded.

3.2. Project options

3.2.1. Selecting the type of attack

AO97PR supports three attack types: brute-force, brute-force
with mask and dictionary-based. A brute-force attack will try
all possible passwords in specified range; if you remember a
part of password, you can select a "brute-force with mask" type
and enter the password mask, where the mask is consist of the
"static" characters (i.e.  the ones you already know), and
"masked" symbols, i.e. the ones you have to guess. For the
masked symbol, the questionmark ('?') is used. For example: if
you remember that password begins with single 'a' character and 
the password length is 5 symbols, the mask will be 'a????' (without
quotes).  If your password itself contains a '?' symbol, you can
change the mask symbol to '*', for example.

A dictionary attack verifies the words stored in specified
dictionary file. The dictionary is just the text (ASCII file)
with one work at a line; the lines are separated with line
breaks. A dictionary attack is faster, and so we recommend to
run it first; only if it fails, perform a brute-force attack.

(*) Please note, that dictionary attack and brute-force masks
are not available in unregistered version of AO97PR.

3.2.2. Selecting the password length

As noted above, the password length can be from 1 to 15
characters; you can set minimun and maximum length in AO97PR.
When "brute-force with mask" attack is used, the length is
"fixed" and calculated just as a length of the mask.

(*) If you are using an unregistered version of AO97PR, you can
not set the password length greater than 4 characters.

3.2.3. Selecting a brute-force range

In Office 97 documents, passwords may contain the following 
characters: latin letters (both small and capital), digits,
special symbols (like @, #, $ etc) and national languages
symbols. You can select these ranges separately, or define your
own password range. To define your own range, check the box
"Custom", press the "Define custom charset" button, and enter
all characters you think the password may consist of. You can
load, save and insert your defined character sets, using
appropriate buttons in "Define custom charset" dialog.

The "Start from password" field is used for resuming the
interrupted recovery process. Don't change this field, if you've
stopped the attack and want to continue it from the same point,
until you want to start the recovery from the beginning (in this
case, just clear it). This option is also useful when you know
first few characters (or even one) of the password -- so, you
can reduce the number of passwords to verify, by entering an
appropriate initial password into this field.

3.2.4. Selecting the dictionary file

If you want to perform the dictionary attack, just select the
dictionary file. Press the "Select dictionary file" button to
pick up the file name from the list.

3.2.5. Selecting priority

You can select an application priority; it is useful when you
work on machine with many other applications running.

3.2.6. Auto Save Project

You can enable an auto-saving of your project file. Check an
appropriate box and enter an interval between savings.

3.3. Recovery process

After creating the project and selecting all the options, you're
ready to start the recovery process: press the "Start recovery"
button. The program will start to verify the passwords. You can
interrupot the program at any time (by pressing the "Stop"
button), and later resume the process from the same point.

3.4. Status window

All program steps and results are displayed in the Status
Window.  The contents of the Status Window is also saved into
the "ao97pr.log" file for future analysis. You can disable logging
checking out a "Log to ao97pr.log" checkbox.

(*) In unregistered version of AO97PR, creating the log file is
disabled.


4. System requirements
----------------------

- Pentium or higher CPU
- Windows 95, Windows 98 or Windows NT operating system
- about 1 megabyte of space on hard disk


5. Future enhancements
----------------------

- Frencg Word/Excel 97 support
- SMP support
- enchanced masks and regular expressions
- network recovery
- speed improvements


6. Contact information
----------------------

Please send your suggestions and bug reports to
support@elcomsoft.com. The most current version of AO97PR is
always available on http://www.elcomsoft.com/ao97pr.html


Ombudsman statement
-------------------

Elcom Ltd is a member of the Association of Shareware Professionals
(ASP). ASP wants to make sure that the shareware principle works
for you. If you are unable to resolve a shareware-related problem
with an ASP member by contacting the member directly, ASP may be
able to help. The ASP Ombudsman can help you resolve a dispute or
problem with an ASP member, but does not provide technical support
for members' products. Please write to the ASP Ombudsman at 157-F
Love Ave., Greenwood, IN 46142 USA, FAX 317-888-2195, or send email
to omb@asp-shareware.org.
