File: HISTORY.txt

package info (click to toggle)
chntpw 0.99.2-2
  • links: PTS
  • area: non-free
  • in suites: sarge
  • size: 256 kB
  • ctags: 360
  • sloc: ansic: 3,062; makefile: 71
file content (158 lines) | stat: -rw-r--r-- 6,720 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

The Offline NT Password Editor

(c) 1997-2004 Petter Nordahl-Hagen

See COPYING for copyright & credits.
See INSTALL for compile/installation instructions.

Revision history 
(chntpw utility only, see website for info on bootdisk revisions)

* v 0.99.2 040105
 - Added RecoveryConsole parameter change
 - Try to guess type of hive loaded (sam, system, security etc), this
   is used by the user edit, syskey edit, RecoveryConsole edit
   to look up into the right hive.
 - Do not confirm save if the change-tracking option is set (-L)
   (assume wrapper does it..)
 - Hid the hash-stuff during password reset. I got all kinds of
   confusing questions about it (most often: can I find the original
   pw? Answer: NO if win2k or higher)
   Option -v turns this on again for debugging.
 - Also reduced some other debug output, -t and/or -v turns on again
   most of it.
 - Fixed some bugs:
   - check of return value from open()
   - corrected prototype defs for some calls into OpenSSL,
     this fixes some compilation errors people have reported.
   Thanks to Alexander Poquet for that.
 - Probably _added_ more bugs :-} but they are yet unknown :)

* v 0.99.1 030126
 - Fixed bug in ntreg, seems some files has garbage instead of zero
   pages at end. Now stops enumerating on first non 'hbin' page.
   Thanks to Jim Andersen for giving me a hive file that showed this.
 - Reports strongly indicates that blanking a password
   (* at the prompt) works more often than changing passwords.
   Changed some wording regarding this.

* v 0.99.0 030112
 - There is now full registry edit support with expansion of value
   size and add / delete of keys and values!
   See regedit.txt for more info on registry editing
   See source for details on data block allocation etc in registry.
 - Changed interactive mode (-i) a bit, now features menues.
 - Syskeystatus/change not shown unless selected from menu.
 - New option: -N to set it in old-edit mode, ie only exact
   overwrites. This is for safety in testing etc.

* v 0.98.6 021213
 - Added parsing of users F and SAMs F value, which stores account type bits
   and lockout information. Ability to reset it if locked.
 - As usual, see source (especially sam.h for details) on this.

* v 0.98.5 021208
 - Added ability to enter RID (in hex) instead of username by
   starting the entry with 0x. Works interactive and on commandline.
   This will enable edit of users that has names which actually
   use unicode, like some russian and asian systems.
-  Only entering * for password will blank password by setting
   hash lengths to zero. Seems to be working ok in 2k and XP.
   This may also clear up an earlier failed change.
   One bug/drawback: Seems to leak about 30-50 bytes in the V struct.
-  Fixed bug in handling of blank LANMAN-pass.

* v 0.98.4 011022
 - Fixed input buffer overflow that made it impossible to enter
   usernames at 16 chars (the \n would flow over into the password
   prompt thus not changing it)
 - New option -L that will write the names of changed hives to
   /tmp/changed. Mainly for use in my bootfloppy scripts.

* v 0.98.3 010808
 - Blank password detection rewritten. The NT or LANMAN hash seems
   to actually be missing from the sam entry if password is blank.
   This will now be detected, and if only LANMAN is present, it
   will be convertet to NT password.
 - Some minor changes in text & prompts.

* v 0.98.2 010107
 - Changed to use OpenSSL for MD4 & DES encryption instead of
   the old libraries. Only change of build process from source
   is to point the Makefile to wherever your OpenSSL libraries & includes are.
 - Minor changes in wording of Syskey warnings.
 - No functional changes.
 - Known bugs: Hive statistics often wrong (but the numbers are not used
   later, so it's not critical)

* v 0.98.1 000607

 - Discovered that when a key has lots of subkeys (typically about
   300 or more?) its hashtable is split and accessed through an
   indirect ('ri') table, almost as some filesystems do with
   datablock lists on large files. This caused an error "Not 'nk' node"
   and sometimes a crash in earlier versions. In SAM this happens in
   \SAM\Domains\Account\Users when the number of users are large
   (which often is the case on domain controllers).
   See source code for technical details on this. (WinReg.txt not updated)

* v 0.98 000401

 - Disabling syskey on Win2000 corrupts the SAM somehow, makes it
   unable to reenable + leaves it in a partial mode 1 syskey.
   Also corrupts the Domain Trust password, making it impossible
   to join og leave a domain.
   Delete HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC (the trust key,
   may need to change ACLs to get to it) to leave the domain and make it
   possible to rejoin.
 - Added support for changing passwords without disabling or
   changing syskey, simply by inserting old type password hash
   into the sam. It gets converted to syskey-hash on next boot.
   Why I didn't discover this before is beyond me.
 - A few smaller bugfixes.

* v 0.98 000215

 - Can now write, too, but only existing values, & same datalength.
 - Internals rewritten, registry manipulation functions
   now in separate "library".
 - Added ability to check for and disable syskey. (see syskey.txt
   & sourcecode for details)
 - "Command line"-type registry-editor improved a bit.
 - Possible to load and edit several hives at once
 - Several minor changes.
 - Since a lot has been rewritten, there's probably more bugs.

* v 0.90 990307

Major updates:

 - Full registry parse/read/viever. Can follow the tree like a filesystem.
   No write-support yet.
 - 3.51 & 4.0 support. Seems to be working on NT5 betas, too.
 - 100% sure to find usernames/passwords.
 - Support for localized admin-names (will automatically find it)
 - Several minor bugs from earlier versions fixed.
 - Sorry, but still no syskey support. (but since full registry
   read capabilities exsist, it's now easier to make it)

* PRE-1 970611
 - Got reports on "Netlogon service not started"
   (and then it was impossible to logon)
   if attempt to change blank password into something else. 
   This was because if the password is set blank (from NT), the NT-logon
   hash (md4) is not stored in SAM at all (the LANmanager hash seems to be
   there..) However, chntpw didn't know about this, and happily(?) wrote away
   and corrupted the SAM file, causing Netlogon to fail.
   This version will flag accounts with blank passwords, and refuse to change it.

 - The -i (interactive) option now loops. Will ask for a new name repeatedly,
   until '!' is entered. This enables you to change multiple passwords in
   one run.
 
 - No support for syskey, yet.

* PRE-1 970528:
 - First public release