Using BRW: How to make passwords hidden by "stars" visible

by Lord Caligo
02 December 1998
Courtesy of fravia's pages of reverse engineering
slightly edited by fravia+

I have two observations about this text.
The first one regards the delay in publishing it: I have more than 20 email addresses, because I discard those that have been spammed (one of my email addresses 'felt' into the database of those commercial bastards at xoom, for instance, and has been since continuously spammed), I use some email addresses with automatic filtering capabilities and automatic responders for some automatic tasks, I have special addresses for people in 'real life' that have nothing whatsoever to do with my site, I have three different chains of email addresses for pseudo-anonimity purposes, and I have a couple of 'dormient' addresses as well...
The problem with email addresses changes: you tend to check the 'remote' ones less and less often. Thta's the reason this nice essay by LordCaligo remained unpublished until now... Sorry, old pal :-)

As second observation I may add that, even if BRW version 4,5 is undoubtely the best resource editor ever made, since BRW has been 'discontinued' (see my various essays about it) I'm afraid we'll have all to carry on our studies with a Micro$oft product... (at least until the arrival of a better -and new- resource editor) the most recent version of Micro$oft's resource editor, dubbed 'Developer studio', seems to do the resource job done (albeit not as well as BRW). 
                   _   _   ___   _ _ _  _____   ___
                   | |_| | / _ \ | | | ||_   _| / _ \
                   |  _  || (_) || | | |  | |  | (_) |
                   |_| |_| \___/ \_____/  |_|   \___/

                make passwords hidden by "stars" visible
                      a 'tutorial' by lord caligo
                          02 december 1998

OVERVIEW:  I.    INTRODUCTION
           II.   NEEDS
           III.  WHAT IS RESOURCE WORKSHOP ?
           IV.   THE THING TO DO
           VII.  PATCHING THE DIALUP NETWORK
           VIII. LAST WORDS

 --------------------------------------------------------------------------

I. INTRODUCTION

It's been a while since i've been writing these howto's, my only public
essays available. The time I am writing this there are four, if you're 
interested in earlier ones just ask me or Fravia+.
But let us begin: Since a few months a tool became more and more popular:
Snadboy's Revelation (http://www.snadboy.com/) - a great tool to view
passwords hidden by asterisks (just everything uses them, except a few
good ones like PGP). Unfortunately I don't know enough of Win32 Programming 
yet and the author did not tell us how the program works, but I did not
find a thing it does NOT work with.
The only "disadvantage" of Revelation is that you always have to run
it when you need to 'remember' a password - and it needs 1,3MB of my
(important) hard disk space. ;-)
Now I want to show a simple way to get rid of these asterisks in (nearly) 
every Windows program using the Borland Resource Workshop (I don't 
know a 'stable' Internet address for it, but try to locate it
using FTPsearch or Archie. The two versions I have are v1.02 (included in
an old Turbo Pascal/Win Package :) and the last release, v4.5 (filename is
BRW45.ZIP). Some of thhose available on the net do not work correctly, you
cannot directly edit bitmaps/cursors/icons... If you know why or you have 
a fixed version please email me.

 -------------------------------------------------------------------------

II. NEEDS

That's what you need:

 - Borland Resource Workshop (any version, but only newer ones are abled
   to handle Win32 applications :-)
 - a program you want to patch (I successfully did it with Pegasus Mail
   and CuteFTP, should work with other programs, too); Win3.x and Win95
   programs work

 -------------------------------------------------------------------------

III. WHAT IS RESOURCE WORKSHOP?

Before starting you may want to know what this tool does. If you already
know it or if you do not want to know just skip this chapter :)

Borland made this useful program and included it in several coding
language packages. But after a few years Borland suddenly stopped the
support.
As the name says, this tool allows us to view, edit and recompile
the resources of a program (sometimes it does not work, just try out).
That means you can view and edit

 Bitmaps
 Icons
 String References
 Dialog Boxes

Sometimes you can use the BRW to remove nagscreens/unnecessary dialog
boxes by just DELETING them with BRW.
Now, I could tell you more about this tool, but that's not the sense
of this tutorial.

 -------------------------------------------------------------------------

IV. THE THING TO DO

First you'll have to find the dialog box that show the password (the
asterisks).
Sometimes that dialog box/reference is not located in the main program
itself, if not check a few dll's around. You can find out which DLLs
a program executes by using the Dependacy Viewer (DEPENDS.ZIP) by Matt
Pietrek.
Sometimes there are more than one dialog box displaying the password.
Here are a few examples:

CuteFTP 2.5/Win95 :
   
   DIALOG 106
   DIALOG 131
   DIALOG 1537
   DIALOG 1543
   DIALOG 1547
   DIALOG 1549
   
Pegasus Mail v3.01b/Win95 :

   DIALOG TCPS 
   (a few more...)

When you finally have located the DIALOG BOX, hit enter (or doubleclick
on the Item) and you'll see a text like this one (example taken from 
WinPMail):

 TCPS DIALOG 59, 29, 253, 203
 STYLE WS_CHILD 
 FONT 8, "MS Sans Serif"
 {
  CONTROL " Your &e-mail address is:", 7001, "STATIC", SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 8, 11, 81, 8
  CONTROL "", 106, "EDIT", ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 7, 20, 186, 12
  CONTROL " Settings for receiving mail ", 7002, "BUTTON", BS_GROUPBOX | WS_CHILD | WS_VISIBLE | WS_GROUP, 7, 37, 186, 54
  CONTROL "POP3 &host", -1, "STATIC", SS_RIGHT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 51, 41, 8
  CONTROL "", 101, "EDIT", ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 57, 49, 129, 12
  CONTROL "&User name", -1, "STATIC", SS_RIGHT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 64, 40, 8
  CONTROL "", 102, "EDIT", ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 57, 62, 75, 12
  CONTROL "&Password", -1, "STATIC", SS_RIGHT | ES_PASSWORD | WS_CHILD | WS_VISIBLE | WS_GROUP, 18, 76, 35, 8
  CONTROL "", 103, "EDIT", ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 57, 75, 75, 12
 [....]
 }

All you have to do now is to remove the dialog box attribute ES_PASSWORD,
just edit it as if it was a text! :)
After this your dialog box properties should look like this:

 [....]
  CONTROL "", 102, "EDIT", ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 57, 62, 75, 12
  CONTROL "&Password", -1, "STATIC", SS_RIGHT | WS_CHILD | WS_VISIBLE | WS_GROUP, 18, 76, 35, 8
  CONTROL "", 103, "EDIT", ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 57, 75, 75, 12
 [....]

You got the point? Just save the whole file (BRW automatically does a
backup, but I think it's always better to keep a manual backup for
yourself) and run the program.
If you did everything right, the dialog box should show you the
clear password without any asterisks.

 -------------------------------------------------------------------------
 
VII. PATCHING THE DIALUP NETWORK

I did this a few months ago just for myself... No other persons have
access to my PC so I don't care whether the program shows the password
or not.
All you need to know is that the dialog box that appears when using
the DialUp Network (you know it...) - I located it after a few minutes in
RASAPI32.DLL .

Erhm, another thing. The dialog box in my version of RASAPI32.DLL
(4.00.1150 German) is DIALOG 1000 ... but if you just want to edit
out the ES_PASSWORD attribute, BRW does not want to recompile the DLL
(Error Message: "Expecting control window style"). So what to do?
I just tried to remove the other unidentified style identifier (in other
words "attribute"): SS_ETCHEDHORZ (appearing in 3 lines).
I did not expect it to work, but it did...

 -------------------------------------------------------------------------

VIII. LAST WORDS

After reading all this you may want to know: Why did I need to know all
this?
The answer is: You don't need to know it. But I'm using the way described
above to remove all lines using asterisks so I do not need to remember
all my passwords - eg. I just can check my CuteFTP settings to find out
the passwords I'm using on my accounts.

I don't know why you need this, but perhaps it's interesting to know
what you can do with BRW... already tried to remove/add a few other
attributes? :-)

 ------------------------------------------------------------------------


(c) by lord caligo - [caligo(at)lords(point)com]
redHow to use our tools

redhomepage red links red anonymity +ORC redstudents' essays redacademy database
redantismut redtools redcocktails redsearch_forms redmail_fravia
redIs reverse engineering illegal?