Apologies for not being a forensic based query but does anyone have experience overcoming the user password login in TAS Books?
Done all the hard stuff of getting the image running in a VM and ophcracking the Windows login password but when I load the file it asks for password. Anyone know a TAS Books 3 bruteforcer or password overwrite?
Tried all the keyword searching, indexing, Google and finger in the wind stuff to no avail. The suspect is not playing ball and TAS has been taken over by Sage with zero support.
Any help would be appreciated.
Shep
I am assuming no one has looked at this before and there is no off the shelf solution.
If you have the software, then maybe you can create a new project file, then set the password to several different passwords.
Then do a compare on the registry and file system to see what file or registry entry gets changed as a result of the password change. If it is in a file do a binary compare to work out where the password is.
If you find at this point that a new password re-encrypts the whole document, then you have a problem as the task becomes significantly harder. You could then load up your dis-assembler and step through the code to find it. Might even be possible at this point to patch the code so a password is no longer required.
After you work out where the password is, it might then be obvious how it is stored. e.g. XOR, MD5 hash. And from there you can crack it, for example via rainbow tables, or overwrite it with a known hash.
You'll need a fair bit of time however.
Thanks for the reply. I will try to source the application and give it a whirl as the format of the file appears to have clear text formatting (not SQL though). Was hoping there would be a point and click solution (ie Passware or similar) but as with most things we come across its never that easy, especially for such an obscure product like TAS Books!
Regards