Monday, January 18, 2010

Chomp your PHP for good health.

We had some weird problems in testing one of our applications today. It turned out to be a newline after a ?> tag in a core config php file, so anything being outputted was preceded by a newline. Normally this isn't much of a problem--web browsers don't care that much about whitespace. Pickier clients, however, got thrown off and would complain about data being corrupt.

Friday, January 8, 2010

Where Tritek Case Management Stores Passwords and Login Information

In order to move Tritek users over to MerusCase, the superior case management system, one of my projects has been to reverse engineer and write a migration system for Tritek.

If you have lost your password or simply would like to hack into Tritek or impersonate someone else, it is easy to find the passwords and logins in plain text in the DATA/ folder that Tritek uses.

First, if you don't know where to find where Tritek is storing its data tables, open up the executable SETUP1.exe in the XMGMT/ folder. Alternatively, open up DATA/parms.dbf with a DBF (dBASE) viewer (For example DBFView or DBFViewer 2000) -- there is a 'data' column that specifies a file path to your data.

Now, open up DATA/logins.dbf with your dbf viewer and there are columns for name, password, login dates, and so on. They are all stored in plain text so you won't have to do any password hashing or such.

Word 2007: How to enable editing on a read-only protected template

1. Rename word .docx file to .zip.  Unzip with your favorite zip program.
2. Open file (archive)/word/settings.xml in text editor.
3. Change property w:enforcement from "1" to "0" within node that reads something like this:

<w:documentProtection w:edit="forms" w:enforcement="0" w:cryptProviderType="rsaFull" w:cryptAlgorithmClass="hash" w:cryptAlgorithmType="typeAny" w:cryptAlgorithmSid="4" w:cryptSpinCount="100000" w:hash="KyPJG/+vxA4Let1njKgfCpSvJNc=" w:salt="dDf7X+CaLHLXe/H/1zZMqQ=="/>

4. Save and close file.
5. Rezip into another archive and rename file with .docx extension.

Viola!