                              F-DCRYPT

1. Purpose.

F-DCRYPT is a program for recovering the password and decrypting
documents produced by Microsoft Word versions 6.0-7.0a and
Microsoft Excel versions 5.0-7.0.

Several macro viruses encrypt the documents of the user as part
of their destructive payload. Our macro virus scanner, F-MACROW,
versions 1.06 and above can scan encrypted documents, locate the
macro viruses inside (if there are any) and even disinfect them.
However, it leaves the encryption in place - because there is no
reliable way of determining whether the document has been
encrypted by the user or by the virus. If it turns out that the
encryption of the document has been done by the virus and is,
therefore, unwanted, the user can use this F-DCRYPT utility to
display the password and even decrypt the documents.

Granted, the utility can be used for malicious purposes too - to
crack the protection of legitimately encrypted documents.
However, the encryption used by Microsoft Word versions 6.0-7.0a
and Microsoft Excel versions 5.0-7.0 is ridiculously weak and
does not provide any significant protection anyway. There are
many freeware Word and Excel password cracking programs available
on the Internet - so an attacker could use one of them anyway.

The users who are concerned about the confidentiality of their
documents should use a real encryption program and not rely on
built-in encryption algorithms of Microsoft Word 6.0-7.0a and
Microsoft Excel 5.0-7.0. Therefore, we have decided to provide
this utility for free - for the benefit of those who need to
recover a forgotten password or a document encrypted by a macro
virus. We also have tried to make the utility smaller, more
reliable, and more convenient than any of the other available
ones.

2. Usage.

The program is used from the command line (in a DOS window on the
different brand of Windows) in the following way:

        f-dcrypt [/d] file...

where "file..." are the names of the encrypted files. More than
one document can be specified and wildcards can be used. For
instance

        f-dcrypt *.do? *.xl?

will instruct the program to process all files with the
extensions matching the specifications *.DO? and *.XL? in the
current directory. If the option "/d" (or "-d") is specified, the
documents will be decrypted. Otherwise, only the password they
are encrypted with will be displayed - then the user can use Word
or Excel to open the document for editing. The password is
displayed between double quotes ("), so that it can be seen if it
contains spaces. These double-quotes MUST NOT be typed when
opening the encrypted document with Word or Excel and entering
the password.

3. Limitations.

F-DCRYPT can decrypt only documents encrypted with Microsoft Word
versions 6.0 to 7.0a and Microsoft Excel versions 5.0 to 7.0. It
CANNOT decrypt documents encrypted with other versions of
Microsoft Word (e.g., 2.0 or 8.0) or Excel (e.g., 8.0) or with
other word processors (e.g., WordPerfect). The encryption of Word
version 2.0 is even more ridiculously insecure, but there are no
macro viruses for that version of Word which encrypt documents as
part of their destructive payload. Word 8.0 (Word 97) and Excel
8.0 (Excel 97) use a reasonably strong encryption algorithm (RC4)
and while it is still too weak for really confidential stuff,
breaking it on-the-fly is definitely beyond the capabilities of a
simple freeware utility.

F-DCRYPT currently supports only documents encrypted by the
following language versions of Microsoft Word:

        - Czech
        - Dutch
        - English
        - Finnish
        - French
        - German
        - Greek
        - Hungarian
        - Italian
        - Norwegian
        - Polish
        - Russian
        - Slovenian
        - Spanish

If your particular language version is not supported (please
check first - some minor local language versions will be covered
by the above languages), please send an encrypted and an
unencrypted document (the text contents of the document is
irrelevant and can be empty) to bontchev@complex.is and we will
try to improve the program and make it support your language
version of Word too.

The cryptanalysis of Excel workbooks is not language version
dependent.

5. Version history.

Version 1.05:

- Added support for documents produced by some Far Eastern versions
  of Word 6/7.

- Fixed a minor bug which would cause the cracking of encrypted
  Excel workbooks to fail if the password contained foreign
  characters.

- Fixed a typo in the known plaintext used to crack Word documents
  produced by the Russian version of Word, which could cause the
  program to fail to crack such documents in some very rare cases.

Version 1.04:

- Fixed another bug which caused the program to sometimes fail to
  crack successfully encrypted Excel workbooks.

- Used a new, better-written version of the OLE2 library.

- A few minor cosmetic changes in the program and in the
  documentation.

Version 1.03:

- Fixed a bug which caused the program to sometimes fail to crack
  successfully encrypted Excel workbooks.

Version 1.02:

- Implemented cryptanalysis of Excel 5.0-7.0 workbooks.

- Added support for documents created by the Hungarian and Greek
  language versions of Word.

- Updated the documentation and slightly optimized the code.

Version 1.01:

- Program name changed from WDCRYPT to F-DCRYPT, to conform with
  the naming of our line of software products.

- There was a bug in our OLE2 parsing libraries which would cause
  the program to occasionally report "Could not find the root
  storage" on some documents. No data was damaged, but those
  documents could not be decrypted. Fixed.

- Added support for documents created by the Finnish and Russian
  language versions of Word.

- Improved the cryptanalysis algorithms to use additional known
  plaintexts. Now the program can often crack successfully even
  documents created by some unsupported language versions of Word.

Version 1.00:

- First public release.

6. Bugs.

None left, we hope. :-) If you find any, please report them to
bontchev@complex.is.

7. Copyright and acknowledgements.

F-DCRYPT is Copyright (C) 1997-1998 FRISK Software International.
It is NOT in the public domain. It can be distributed freely,
provided that this document always accompanies it and neither the
program nor this document are modified in any way.

We would like to express our thanks to the following people who
have helped directly or indirectly with the development of this
program:

Fauzan Mirza <fauzan@dcs.rhbnc.ac.uk> for valuable advice about
Microsoft Word's document encryption algorithm and cryptography
in general;

Peter <peter@cvclinic.com> for his OLE2 access library and for
reverse-engineering Microsoft Word's password validation
algorithm and Microsoft Excel's encryption and password
validation algorithms.

Bjorn Sveinbiornsson for writing this program under pressure.

Vesselin Bontchev <bontchev@complex.is> for conceiving this
program, designing it, insisting that it is written properly,
implementing the Excel cryptanlysis routines, and otherwise
making an annoyance of himself.

All people who have provided us with documents created with the
different language versions of Word.

Microsoft, for the weak encryption and the arkane file formats.
