Password File Updater Version 2.0 NEWHACK for OS/2 and DOS by John Deere FILES INCLUDED: NH2OS2.EXE -The OS/2 version of NEWHACK 2.0 NH2DOS.EXE -The DOS version of NEWHACK 2.0 NEWHAK20.DOC -Documentation for both versions (this file) WHY THE NEW VERSION? Well, basically for 2 reasons: my hard disk crashed, and I got OS/2. When my hard disk crashed, I temporarily lost my source to NEWHACK version 1.0, so I started rewriting it. Since I now have OS/2, I decided to compile a version for OS/2 as well. WHY THE JUMP FROM VERSION 1.0 TO VERSION 2.0? Well, hey, the first version of Windows NT was 3.1, so why can't I be cool too? :) No, anyway, it's because the ENTIRE program has been re-coded from scratch. NEWHACK version 1.0 was coded in Turbo Pascal 7.0. This new version was coded in Borland C++ for OS/2 and also compiled with Borland C++ for DOS. So, since I changed everything, I decided a jump in the version number was necessary. IS IT CALLED NEWHACK OR PASSWORD FILE UPDATER? I prefer NEWHACK, but I kept the old name because version 1.0 used it. WHAT IT DOES You know when you get a new version of the passwd file from your favorite hack site, but you don't want to bother hacking all the accounts? You should just be hacking the new and changed accounts, since those are the only ones worth hacking. Well this will do it for you. Basically, it compares the old passwd file and the new passwd file, generates a new file with only the new/changed accounts, and also generates a status file just listing the account names that have been changed/new (for your reference). WHY USE PASSWORD FILE UPDATER? Well, here's a quickie chart showing the speed improvement of NEWHACK versus the *other* program on the market, Hacker's Password Accountant (HPA). Version # of times FASTER than HPA ------------------------------------------------ NEWHACK for DOS 1.7 version 1.0 NEWHACK for DOS 2.3 version 2.0 NEWHACK for OS/2 3.0 version 2.0 So, as you can see, if you were to run the OS/2 version of NEWHACK, you'd be done in 1/3 the time it would take to run HPA. Quite an improvement. POSSIBLE PROBLEMS Make sure the passwd files are cleaned up. Don't have any extra text or carriage returns in the files. Remember that each account should consist of ONE string. Both versions will accept lines up to 254 (yes, 254) characters. Keep in mind that there IS a difference between UNIX and DOS end-of-line markers (DOS uses CR-LF), and don't expect the program to work properly unless you use the DOS format. If the password file itself has errors in it (like a missing ':') this will cause a bit of a problem. In fact, the program MIGHT crash. I think I've put enough error-checking in, but there's always the possibility. If you run a program like QEMM386 (for the DOS version) it will break the program and return a 386 instruction error. On the OS/2 version, you'll get a SYS3175 or a SYS1808 with an exception code of 0005. The chance of either version crashing is VERY slim, so don't worry about it. Usually, the worst that will happen (and only on the DOS version) is that your stat file will contain a one-character username instead of the whole thing, but it will still output correctly to the re-hack file. LIMITATIONS The DOS version will only accept 32,767 user accounts, and the OS/2 version will only accept about 2.14 million user accounts. This shouldn't be a problem. The DOS version has been compiled for 286's and above, so there may be problems if NEWHACK is run on anything below a 286. WHAT'S NEXT? This will probably be my last version of NEWHACK, unless there's some major bug that I didn't catch. The next program you'll see from me is a brute force passwd cracker for DOS and OS/2 that will try as many combinations and iterations as you want it to. Naturally, it will be the fastest available because I wouldn't release it if it wasn't. If there's any problems, or you need an 8088/8086 version, or you find something faster than NEWHACK, drop me an e-mail at John.Deere@lambada.oit.unc.edu John Deere 26 February 1994