FC.EXE to the Rescue
by akaak
I don't know who said that the best things in life are free, but in many
ways the best utilities in computer life are free. In the following example,
the utility in question comes a la DOS/Microsoft, is called 'FC.EXE', and
can be found in the Windows command directory. This is a handy little program
for comparing the data values contained in two different files, and its use
saved a friend from at least a month of reentering boxes of bills and/or
suffering possible income tax invasion.
A bit of background:
A friend runs a very, very small design company and runs it on a frayed
shoestring, but has managed to eke out a survival for the past decade. As it
happens will all struggling entrepreneurs, he got a call from the tax department
wanting to audit not just his last year's expenses, but his expenses for the
past seven years, which is the statutory limit they are entitled to go back and
audit at a whim. As a rule, small, struggling firms are perfect for the tax
department as any company that's not struggling can at least put up a decent
defense, so the tax department prefers to target the really, really small
companies who are like wounded animals; they're easy prey.
While my friend had all of his tax info entered in a popular small business
accounting program, his ex-partner had done the accounting and had the passwords
for the last six years, but had split the scene a year ago and who was who
knows where. Buddy did not remember nor could he find the passwords for the
past six years, and only had the password since he started doing the accounting
last year.
I checked around on the Internet for password cracks for this program and
found some pricey programs for all of the other small business accounting
software, but not this one. My friend had upgraded the program a few times
and this version was circa 1998/1999.
I pondered several solutions, like helping him with a brute-force/
dictionary attack, or possibly "Soft Ice," but this kind of stuff is out of
my realm as I'd never done anything like this before, or even used these types
of programs. On top of this, the accounting program boasted "PGP Armor
Password" something or other, which seemed pretty daunting to me, an average
computer user. As well, I had no idea as to how long the passwords would be,
so from what I'd read, a dictionary attack could take a long, long time, and
"Soft Ice" didn't look like something out could just "pick up" and start using
quickly - or at least I couldn't.
My feeble brain then caused me to remember my favorite Sesame Street
song: "one of these things does not belong" and at about the same time I
remembered this little utility that came with DOS which will compare two files
and report their differences. I thought I'd give this methodology a try, not
expecting much, but who knows?
The first step was to run a test on a non-passworded file versus a
passworded accounting file. Opening the accounting program, I first created
a new company file named "xx", and put in the required default parameters like
type of business, location, bank account, etc., saved it with no password, and
closed it.
I then created a new company file with the exact same parameters, but
added a password, and called this file/company "xxp", and closed it.
OK, now it was time to see if 'FC.EXE' found anything of use.
I entered the command 'FC.EXE /?' to view the commands, then I entered
the command: 'FC.EXE /B C:\XX.ABC C:\XXP.ABC > FCRESULTS.TXT' to generate
and store the results.
To view the results I opened the file 'FCRESULTS.TXT' in a text editor
to find:
Comparing files C:\XX.ABC and C:\XXP.ABC
000001A0: 00 F5
000001A1: 00 BC
000001A2: 00 FA
000001A3: 00 2F
000001A4: 00 DB
000001A5: 00 88
000001A6: 00 DB
000001A8: 00 A0
000001AA: 00 13
000001AB: 00 D5
000001AC: 00 F0
000001AD: 00 95
000001AE: 00 B5
000001B0: 00 FF
000001B1: 00 0F
Hmm... 'FC.EXE' found a few differences! Could those differences be the
password? I opened a freeware hex editor, viewed the two new accounting files,
and found the following data at the 'FC.EXE' designated offsets:
--------------------------------------------------------------------------------
file: XX.ABC
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000180 3C 00 5A 00 21 C8 21 C8 21 C8 21 CE 00 00 E0 40 <.Z.!.!.!.!....@
00000190 00 00 00 80 00 00 00 41 00 00 00 80 00 00 00 00 .......A........
000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001C0 00 00 00 00 00 00 43 6F 6D 70 75 74 65 72 20 44 ......Computer D
000001D0 65 61 6C 65 72 00 00 00 00 00 00 00 00 00 00 00 ealer...........
-------------------------------------------------------------------------------
file: XXP.ABC
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000180 3C 00 5A 00 21 C8 21 C8 21 C8 21 CE 00 00 E0 40 <.Z.!.!.!.!....@
00000190 00 00 00 80 00 00 00 41 00 00 00 80 00 00 00 00 .......A........
000001A0 F5 BC FA 2F DB 88 DB 00 A0 55 13 D5 F0 95 B5 00 .../.....U......
000001B0 FF 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001C0 00 00 00 00 00 00 43 6F 6D 70 75 74 65 72 20 44 .......Computer D
000001D0 65 61 6C 65 72 00 00 00 00 00 00 00 00 00 00 00 ealer............
--------------------------------------------------------------------------------
I decided to zero ("00") the following offset of 'XXP.ABC' (below) to make
it look like the offset of 'XX.ABC', the file without the password:
-------------------
000001A0 F5 BC FA 2F DB 88 DB 00 A0 55 13 D5 F0 95 B5 00
000001B0 FF 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-------------------
So I did and saved the 'XXP.ABC' file in the hex editor. I opened up the
'XXP.ABC' file in the accounting program and to my surprise an elation, 'xxp'
opened without asking me for the password. At the very least I was expecting
a "file corrupt" message to be generated but it wasn't, and everything in the
new file was exactly how I had created it.
Next, onto the real files! My feeble brain then sent me some impulses
telling me that I should make backup copies of my friend's files and not screw
with the originals. I followed those impulses and then opened up each of the
files in my hex editor. I went to the same offset range noted above and zeroed
out the data at the offsets 1A0 to 1B1 for each of the real accounting files.
I was then able to open up each file in the accounting program without
being prompted for the required password, and all his data was intact and
ready for printing. Thanks to 'FC.EXE', my friend was able to avoid the time
and expense of reentering all the bills for the years in question and was able
to send the tax people his expense reports.
Again, I really had no firm idea what I was doing. I hadn't used 'FC.EXE'
before and I've only screwed around with hex editors (hitherto causing more
damage to files than anything positive). As well as not being familiar with
"End of File" markers, file system ASCII codes, etc. I hadn't had the time or
inclination to spend in this area, to really figure it all out, beforehand.
This was just a quick and dirty exercise to help a friend.
So that's my experience with 'FC.EXE', a freeware hex editor, and a simple
illustration of what can be done with some of those little utility programs
we forget about but that can be so helpful. I haven't had time to test this
system on other passworded programs, but check it out and see what else works
with it.
Return to $2600 Index