OctoPass

OctoPass Key Features

• Scalable architecture optimized for the best performance.
• OctoPass™ supports remote web-based management.
• Highly optimized recovery engines that support all major algorithms.
• OctoPASS Agents (worker) interacts with OctoPASS Server through the common HTTP protocol. OctoPASS Agents and OctoPASS Server could be installed in different LAN segments or even interact through a global WAN.
• Lightweight installation size, ease deployment.
• Special hardware support. We offer special versions for IBM Cell processor (available in Sony PlayStation 3) and GPU Password Recovery Engine for NVIDIA video cards.

Supported algorithms

OctoPASS supports distributed brute force attack for the following algorithms:

• MD4 (ASCII and UNICODE)
• MD5 (ASCII and UNICODE)
• SHA1 (ASCII and UNICODE)
• OneNote (2003, 2007, 2010)
• Access 2007, 20101
• MS Money2
• PDF
• PowerPoint (all versions through 2010)
• Act!
• Quicken
• Quickbooks3
• WinRar4
• VBA
• Word 97 - 20105
• Excel 97 - 20105

Notes:

1. Password protection in the earlier versions of Access (prior to 2007) is weak; all passwords could be recovered instantly without brute force attack.
2. Passwords to old MS Money files could be recovered instantly.
3. It is possible to reset password on a Quickbooks document, so brute force attack is required only if only you need to find the original password.
4. Currently we support the recovery of WinRAR passwords, only if file names in the archive are encrypted.
5. There are five different types of passwords used in Word and Excel:

• Modification passwords, document protection passwords, workbook passwords, and all other passwords - except document access passwords - all these passwords are recoverable instantly, and OctoPASS is not required for handling them.
• Access passwords to the old Office (95 and earlier) documents - these passwords are also recoverable instantly.
• Access passwords to Office 97 - 2003 documents - these passwords are supported by OctoPASS; however, please keep in mind that you can take advantage of the Express Recovery service to recover these passwords quicker.
• Advanced encryption passwords available as an option in Office XP and 2003. By default, Office XP/2003 uses Office 97-compatible password protection mode; however, user can choose the "advanced options" and change the encryption settings. Express Recovery will not handle such documents.
• Office 2007/2010 passwords. These passwords are very hard to crack, so OctoPASS can be extremely useful in breaking such passwords.

OctoPass Architecture

OctoPass consists of the following components:

1. OctoPass Server

OctoPass Server is to be installed on a single computer, which would coordinate the recovery process.
OctoPASS Server carries out three functions:
1) Receives password recovery tasks,
2) Hands out the tasks and coordinates the performance of agents in the network,
3) Allows administering and managing the recovery process.

2. OctoPass Agent

OctoPass Agent is to be installed on all computers connected to the network. OctoPass Agent carries out the password recovery job utilizing the power of the computer it is installed on .
Since OctoPASS Server consumes very little computing power, literally any computer can be used as the server. To utilize the computing power of the server, install OctoPASS Agent on it also.

3. Password Recovery Modules (Engines)

The components that immediately execute the password recovery algorithms.

4. Password Recovery Software

Password Recovery Software - the program that analyzes password-protected document , generates password recovery task and submits it to OctoPASS Server. The password recovery task contains user-selected parameters of the brute force attack (password length, character set, etc.) and DocumentData - the information extracted from the password-protected document, necessary and sufficient for the recovery of the password. In case of hash algorithms (MD4, MD5, SHA1), DocumentData contains the actual hash. With the purchase of the OctoPASS license, you will obtain the full versions of all of our password recovery programs.

OctoPass Server is a CGI application running under on HTTP server. Please note that requests are always sent from agents to server; server never sends requests to agents. The network settings must provide that agents' HTTP requests are not blocked and able to reach server. To add a new computer to an OctoPASS network, simply install OctoPASS Agent on that computer; no other settings or configurations are necessary . OctoPASS Agent can be installed in the completely automatic silent mode; simply run a single application that doesn't require any configurations. This lightens the deployment of OctoPASS on a large number of computers .