Category: «Cryptography», «Elcomsoft News»
Tally ERP 9 is a “new-age business management software for new-age businesses” that is “tailor-made to delight”. With more than two million users, Tally is one of the most popular tools of its kind in India. The product includes the company’s implementation of secure storage named Tally Vault. How secure is Tally Vault, and what does one need to break in? In this article, we’ve provided some insights on how ElcomSoft researchers work when adding support for a new file format.
Support for Tally Vault is available since Elcomsoft Distributed Password Recovery 4.20.
Jan 19, 2016 The user-friendly features make it easy to learn software. It has the feature of password protection which makes it secure and safe to use. But have you ever thought how to crack Tally password if you loss it. Many times we forget the user ID or the password of the Tally. In this Article we are discussing how to recover the password of tally. Recovery of TallyVault Password will depends on the length and complexity of the Password. (90% Recovery Ratio) Other Services: Complete support on Tally (Any version) Recovery of TallyData from Corrupt Data. Creation of New Vat Class in Tally 7.2 / Tally 9 / Tally.ERP 9. Migration of Data from Tally 4.5 or lower to Tally 7.2 or Higher. Change Tally.NET Password As per the best practices available, it is recommended that the password should be changed frequently in order to avoid unauthorised access to business information. Tally.ERP 9 prompts the user to change the password on attempting to open any of the following screens.
Breaking Tally Vault
Tally Vault can be protected with a password. The password can be configured at the time one adds a new company; it is also possible to assign a password at a later time.
Once the password is set, ERP 9 creates a new protected vault. The old one (if any) can be deleted. If both encrypted and unencrypted versions of the company profile exist, one can select the right profile.
The new versions of Tally ERP 9 store the data in the following folder:
c:UsersPublicTally.ERP9Data(1nnnn)
If a password is specified for Tally Vault, the product encrypts all files with the .900 extensions that are over 512 bytes in size. However, the majority of the data is stored in a single file named Company.900. This file also stores information about the users if the “Use security control” option is enabled.
Unencrypted data is represented in the following way:
Once encrypted, the data looks as follows:
The file is comprised of 512-byte blocks. Each block starts with a 4-byte (32-bit) CRC checksum. When verifying the block, the tool calculates a CRC of the rest of the data (512 bytes less the 4-byte CRC) and compares the result with the checksum.
Now to the encryption. Tally uses an encryption algorithm derived from DES with a 64-bit encryption key. The DES algorithm used to be an industry standard originally introduced in 1977; in 2001, DES was superseded by AES, which is still used today. The 64-bit encryption key is derived straight from the user’s password (the concept of separate Media Encryption and Key Encryption keys is never heard of). Moreover, a slight modification of the user’s password leads to a similarly slight modification of the encryption key, which suggests a horribly weak implementation of key derivation. Considering that cryptographically strong hash functions (e.g. SHA-512) exist for a very long time, this result is truly amazing (as in “amazingly bad”). The encryption deals with 8-byte blocks.
Verifying the password is implemented by calculating the encryption key, decrypting the encrypted page and calculating the CRC of the decrypted data. The CRC is then compared with the check sum stored at the beginning of the page. Theoretically, decrypting the page and verifying the password would require decrypting some 64 blocks of 8 bytes each.
Reality is different. Each page includes a few bytes of fixed metadata. For example, immediately following the CRC there are four bytes containing the fixed value of 0x00000001. This is what’s considered a “known plain text”. As a result, the attacker does not have to decrypt the entire 512-byte page or calculate its checksum. Instead, decrypting the 4 bytes and comparing them with a known value of 0x00000001 is enough to try a password. Of course, collisions are unavoidable; for this reason, once the fixed four bytes are successfully decrypted, the attacker must verify the rest of the content by following the original algorithm (e.g. decrypting the entire page and calculating its CRC).
This value is not the only fixed metadata stored in encrypted pages. The offset 12 apparently stores the page number (unless it’s the last page), so even if Tally fixes this issue, other possibilities for fast attacks would remain.
So how does the speed of the known plaintext attack compare to the speed of the more straightforward attack that requires decrypting the whole page?
| Whole page decryption, passwords per second | Known plain text attack as used in EDPR, passwords per second | |
| Intel Core i7 6700 | 170 000 | 5 400 000 |
| Intel Core i7 9700K | 345 000 | 11 400 000 |
Conclusion
The “tailor-made to delight” software for “new-age businesses” delivers the worst implementation of data protection we’ve seen in the last 20 years. It’s so bad we don’t know where to start from; there is no single aspect that’s done right. The encryption key is directly derived from the user’s password instead of using separate media encryption and key encryption keys. The homegrown algorithm deriving the encryption key from the user’s password is weak beyond imaginable; we couldn’t write as bad a hash function even if we tried. The DES-like encryption algorithm is outdated, while the 64-bit encryption key is way too short considering the outdated encryption algorithm. The known plain text metadata embedded in every encrypted page is icing on the cake. We just hope that new-age businesses will remain delighted if their encrypted data falls into the wrong hands.
Access Database Password Recovery Tool
Advanced Access Database Password Recovery Tool to Recover Access Password.Main features:- Easy & User Friendly Interface- Quickly recover access database password- Supports all versions of Access Database (2003,2002, 2000)- Runs in Windows XP/2000/Vista- File Size - 348 KB- Safe to Install
- Publisher: SysTools Software
- Home page:www.accesspasswordrecoverytool.com
- Last updated: October 31st, 2011
Windows Password Recovery Tool
Windows Password Recovery Tool is an easy-to-use tool designed for resetting Windows local account or domain passwords on any Windows system. If you have forgotten your password, or are locked out, or you do not have access to the password of the system, you can easily get back in with it in few seconds.
- Publisher: PasswordSeeker
- Home page:www.windowspasswordsrecovery.com
- Last updated: January 12th, 2011
Free Access Password Recovery Tool
Free Access Password Recovery Tool is a free software which can recover your lost password for Microsoft Access database. It has a simple, clean interface that made it very easy to use, open .mdb database by using the 'Open files' button, all passwords are recovered instantly.
- Publisher: NeoAmber
- Last updated: June 3rd, 2009
Atomic VBA Password Recovery
Recover forgotten VBA passwords in Microsoft Office 95-2013 documents instantly and automatically. Atomic VBA Password Recovery makes the recovery of a lost VBA password a blink of an eye.
- Publisher: apasscracker
- Home page:apasscracker.com
- Last updated: May 9th, 2015
iSunshare ZIP Password Genius
ZIP password management; ZIP password recovery tool; password recovery software for ZIP file; reset lost or forgotten passwords; Retrieve the forgotten password for zip; professional zip password recovery software; unlock passwords;
- Publisher: iSunshare
- Home page:www.isunshare.com
- Last updated: August 26th, 2014
iSumsoft Office Password Refixer
Tally Vault Password Recovery Software
iSumsoft Office Password Refixer is an advanced Office password recovery tool, which can recover Microsoft Word/Excel/PowerPoint/Access/Outlook forgotten password. It supports password recovery for Office 2013/2010/2007/2003 document in all formats.
- Publisher: iSumsoft
- Home page:www.isumsoft.com
- Last updated: March 3rd, 2015
Outlook Express Accounts Password Recovery
Outlook Express Accounts Password Recovery is a tool for recovering forgotten or lost passwords to Outlook Express POP3, IMAP, NNTP accounts. The program recovers and visualizes the settings of Identity, mail and news accounts of Outlook Express.
- Publisher: ASAP-TOOLS.COM
- Home page:www.asap-tools.com
- Last updated: October 14th, 2009
Weeny Free Password Recovery
This free WeenySoft’s “password recovery” utility does not provide such a broad functionality as its generic name might lead you to think. Weeny Free Password Recovery can only show you what is behind those passwords that are usually shown as asterisks, and only in a specific group of applications – namely, those developed by Microsoft, together with some e-mail and FTP clients.
- Publisher: WeenySoft.com
- Home page:www.weenysoft.com
- Last updated: March 21st, 2012
Windows Password Recovery Tool Professional
Windows Password Recovery Tool Professional allows you to reset forgotten Windows login password for local account and Microsoft Account. The app offers you two options to create a bootable CD/DVD or a USB flash drive: Quick Recovery mode with default iOS image file, and Advanced Recovery Wizard with new iOS image file.
- Publisher: Tenorshare Co.,Ltd.
- Home page:www.tenorshare.com
- Last updated: May 27th, 2020
Windows Password Recovery Tool Ultimate
This program lets you create a bootable device (CD, DVD or USB) with which you can reset your Windows password. The shareware version has some limitations, such as the possibility if using only CD/ DVD disks, and not a USB drive to create your bootable device. Its cost can vary according to the amount of computers in which you intend to use it.
- Publisher: PasswordSeeker
- Home page:www.windowspasswordsrecovery.com
- Last updated: October 30th, 2018
Windows Password Recovery Tool Standard
Windows Password Recovery Tool Standard is intended for recovery of user or administrator passwords on local Windows accounts. The program is very easy to use thanks to its wizard-like user interface. In this regard, the tool creates a boot disk that starts the system and provides access to local accounts.
- Publisher: PassFab Co.,Ltd
- Home page:www.windowspasswordsrecovery.com
- Last updated: March 19th, 2021
RAR Password Recovery
In case that you forgot the password for your RAR files, what should you do? Well, take it easy, AnyPasskey RAR Password Recovery could help you reset or remove RAR password for your convenient enjoyment.
- Publisher: Intelore
- Home page:www.in-mediakg.de
- Last updated: July 27th, 2012
Windows Password Recovery Tool Enterprise
Windows Password Recovery Tool Enterprise is a utility that allows you to recover lost Windows login passwords for your local account and Microsoft account. You can reset, remove or change domain administrator (Active Directory) and other user password or create a new domain admin account if someone hacked your previous one.
- Publisher: Tenorshare Co.,Ltd.
- Home page:www.windowspasswordsrecovery.com
- Last updated: February 27th, 2016
Perfect Data Solutions Excel Password Recovery
Excel Password Recovery is capable of digging out that elusive password that you have forgotten or lost and that happens to be the only means to open one of your dear Excel spreadsheets. In a split second and without requiring any special skills on your side, this program will provide you with the exact combination of characters that you need to crack your Excel files open.
- Publisher: Perfect Password Recovery
- Home page:www.perfectpasswordrecovery.com
- Last updated: September 2nd, 2011
MSN Password Recovery
MSN Password Recovery is the best Messenger password recovery tool that instantly recovers and decrypts the forgotten or lost passwords for MSN Messenger, Windows Live Messenger and Windows Messenger accounts.
- Publisher: SmartKey
- Home page:www.recoverlostpassword.com
- Last updated: December 31st, 2008
Proactive System Password Recovery
Proactive System Password Recovery is a tool that proves to be useful whenever you forget various passwords. It is a program that includes a lot of advanced features and beginners might find it difficult to use. The application is able to recover the logon password for various Windows versions, but you need to be logged on.
- Publisher: ElcomSoft Co. Ltd.
- Home page:www.elcomsoft.com
- Last updated: May 26th, 2020
Access Password Recovery
With this tool you can recover your database password, user-level security records (logins and passwords), user and group IDs as well as user/group structure.arrow Using this tool you can open any protected MS Access database and recreate lost Workgroup information file.It is a very powerful tool for sysadmins, security officers and users who have problems with MS Access security.
- Publisher: Thegrideon Software
- Home page:www.thegrideon.com
- Last updated: January 23rd, 2012
Windows Password Recovery Professional
Windows Password Recovery Professional can help you reset forgotten Windows administrator password and user password on Win 7/Vista/XP and Win Server 2008/20003, etc. With it, you can easily bypass and unlock Windows passwords in a matter of minutes.
- Publisher: Rekeysoft
- Home page:www.anypasswordrecovery.com
- Last updated: September 22nd, 2011