Please consider a donation to the Higher Intellect project. See or the Donate to Higher Intellect page for more info.


From Higher Intellect Vintage Wiki
Jump to navigation Jump to search
	  #									 #
	  #	written by: rorian 1998          #

1.) What do I really need?

¥ResCompare - Is FreeWare; Getit on nearly every Macintosh FTP site
¥ResEdit with CodEditor (SuperResEdit) - Getit it on, or your favorite
Hackintosh site
¥UpdateMaker - A little bit difficult to find. If you use hotline go to 
If you don't, try to find with FTP-search (

2.) What do this tools do, and how to use them:

ResCompare compares the ResourceFork of two files (surprise!). It even tells you where
the differences of two files are. It's easy to use: Let's say, that you have decided to
make an update of you own ShareWare. Startup ResCompare, and go to the File Menu. Select
'open' and choice the further version of your Shareware. Then select Compare and open 
the new version. ResCompare will give out the differences. It's also possible to make a
Patch (an Update). Go to the Change menu and select 'update'. ResCompare will build an
self running application that changes you old ShareWare version to your new one.
*NOTE: The update will only run if you use it on EXACTLY the same File, you choose in

I believe you know what ResEdit does. You can change Dialogs, Icons, Menus, and stuff 
like this. SuperResEdit is a little bit more flexible. It let's you even change the
data fork (I'll explain later) of a file. If you're interrested on crackin' you can look
to the dissasembled code of a program, but for getting passwords we will not need this

Does pretty much the same like ResEdit, but it even compares the datafork of two files.

3.) Where's the password saved?

First of all, you have to find out, where the programm you will crack, saves the
password. Most programms do this in it's preferences but some safes their passwords in
itself. To find out, open the programm and set a new password. Write down the password 
and make a copy of the preferences. Open the program again and set another password.
Make a copy of your second preferences and compare the two pref files. If there are
differeneces the programm writes the password to it's Prefs.
*NOTE: Nearly every program writes passwords to the datafork of it's preferences. 
*ResCompare doesn't compare the datafork, so use UpdatMaker.
If there are no differences the programm stores the password in itself or in a hidden
prefs file. Lets hope for a hidden file: Finding a hidden pref file is easy: Open 
ResEditand look for pref files with strange names like: Sleeper - priority Prefs. Make 
the file visible. If there's no hidden prefs file the program saves the password in 
itself. Open the program set a password quit it and copy the programm. Open the program 
again, set another password and compare your the copie with the original file. Most 
times the password is written to the datafork.

4.) Doing the crack:

If you are very luky, the password isn't decrypted. For example: A document's password
is 'cat'. Open ResEdit and go to the Resource, where the password is safed. Look for
the ASCII code (the right one, of the three columns). If you see something like this:


you know, that you password isn't decrypted. If the pref-file is to long for 'normal' 
looking do an ASCII-Search (Command-G). Search for your password. 

Most times passwords will be decrypted and we only can see a bunch of shit like È ¨ üäÈ. 
Not really fun to work with this, isn't is? But must we really know the password to 
change it? No. It's beautiful if passwords are only stored in one resource. Make a
file with a passwords, and remember it :-). You know that the program stores the
password in the PSWD (just an example) Resource in it's prefs file. Open the Prefs with
ResEdit and copy the whole PSWD Resource. Now open the programm again and set any 
other password. Open the prefs file with ResEdit and paste the PSWD resource from your
old pref file. If ResEdit tells you, that some Id's are the same just press 
"unique Id's". Save your changes and run the program again. Your new password is the 
one of the old pref's file.

My english isn't the best, and it's not to easy to follow my senteces, I belive :-) So
an example will perhaps help:

We wan't to write a crack for password-saved-StuffIt-Archives. Okay, we'll open StuffIt
Lite, stuff any file and save it with a password. Let's say our first password is 'new'.
Okay, now it's necessary to find out where the password is saved. It can't be in the 
prefs and in the porgram itself, cause StuffItArchives must be portable, and on another
machine the prefs differs. So the password must be saved in the Stuffed Archive. We 
need a second archive to check where the password is saved. The two archives are only 
allowed to have one difference: the password. So we'll stuff the file we stuffed the
first time again (not the *.sit) and set a new password. 'Cracked' sounds god, I 
believe :-)! Now we have two stuffed files only differs in the password. Here start's 
ResCopmares work. We Compare the two file's and what do we see?
The only differs in the MKey resource. Let's copy the MKey resource of the Archive 
with the password 'Cracked' and paste it to the archive with the password 'cat'. Open
the changed Archive with the original password 'cat' (we've now changed to 'Cracked')
and try to expand it. We'll be asked for a password. Type 'Cracked', and unstuff the
archive. You have now acces to every password-saved-StuffIt-file. Just paste the MKey 
Resource with your password.

This is how to write a crack for password-saved documents, but you also wana know how
to figure out the password of something like a screensaver:

Just do the same. For exmaple I'll take Sleeper: After checking we know, that the
password is saved in the preferences SSpw resource. You can use the method I described
with Stuffit-archives (making a new prefs file and copy the resource with the password),
but perhaps this is' your boss computer and you want to be as unobtrosive as possible. 
So open the prefs file's SSpw resources. You'll see something like this:

0006 0000 000B 0008 0002 000E 0003

Infact you know that your boss' screensaver is Sleeper you've messed up a lot at home 
with Sleeper, so you know what to do on you boss computer to get the password. At home
you figured out that the first two bits (two bits = 4 digits) - here 0006 - giving the
length of the password 0006 means that the password is 6 digits long. At home you also
wrote a table. You set sleepers password to 'abcdefghijklmnopqrstuvwxyz'. So you know
that 0000 stands for A, 000B stands for B, 0008 stands for C, etc. You can now decrypt
the password of your boss computer. It's 'abcdef'. If your boss' password is really 
huge (longer than nine digits) the length of the pasword will converted to HEX.
For example, your boss' password is: 'nobodyknows', you'll see.

000B 002D 001F 000B 001F 0002 0006 0028 002D 001F 0001

Yor boss' password is eleven digits long {the 000B says that (B HEX = 11)}.

Okay, that's it. Hope I could inspire you in any way, and sorry for my bad english