Advanced Intuit Password Recovery, or simply AINPR, is a program to recover passwords to files created in Intuit Quicken (*.qdt, *.qdb, *.qdf), Quicken Lawyer (Portfolios, *.pfl and *.bfl) and QuickBooks (*.qba, *.qbw). Multilingual passwords are supported. Quicken versions 4 through 2005 and QuickBooks versions 3 through 2005 are supported. Note: for Quicken 2002 and QuickBooks 2003/2004/2005, only short passwords can be recovered, but passwords containing 4 or more characters can be instantly removed. For Quicken 2003/2004/2005, only brute-force and dictionary attacks are available.
Requirements :
· Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP or Windows Server 2003
· about four megabytes of free space on hard disk
Simply select the file you want to recover the password for: press the Open document... button and browse for it. If the given file is corrupted, or used by another application, or passwords are empty – appropriate error message will be displayed. Otherwise, the program automatically recognizes the file type and works accordingly.
For QuickBooks files (*.qba or *.qbw) created in versions of QuickBooks up to 2002 (incl.), password recovery is instant, but for some very large files the program may work a few seconds until the password(s) will be shown. If you have a slow CPU (like Pentium 200) and less than 32 megabytes of memory, the process may take up to a few munites.
Please note that starting from version 6/98, QuickBooks can have multiple 'accounts', i.e. pairs of user name and password. AINPR recovers all of them, but may show the 'phantom' accounts as well – the ones which don't actually exist (i.e. have been already deleted). Just ignore them. All you actually need is a password of 'Admin' user, which is being recovered in any case.
In QuickBooks 2003/2004/2005, protection is much stronger – the passwords are not stored in the data file anymore. First, AINPR tries (using the brute-force approach) to find the short passwords (not longer than 3 characters; containg latin letters, digits and punctuation marks only) – it usually takes a few seconds. Then, for all users that have the rights to open the file, the program shows password information: either the password itself (if it is short), or if the given user has an empty password, or If the given Quicken file has the transaction password set, AINPR will show it as well (it is being encrypted the same way as the file password).
Note: for Quicken 2002 and 2003/2004/2004, the password encryption (and so program functionality) is different – please read next chapters for details.
Please also note that the program has been tested on all US versions of Quicken, German versions 2002 and through 2005, and some Canadian, Australian, New Zealand and Spanish versions. Support for other (non-US) versions is not guaranteed.
In Quicken 2002 (US and Canadian), protection has been seriously improved, and in most cases, password cannot be recovered at all in a reasonable time. For such files, however, AINPR allows to remove the password from the file, so Quicken will open resulting file without any problems.
Transaction password in Quicken 2002, however, is encrypted the same way as in older versions, so AINPR will recover it regardless the existance of file password.
For German, Australian and NewZealand versions of Quicken 2002/2003/2004/2005, protection is similar to one used in Quicken 2001 (US), so password can be still recovered instantly.
In Quicken 2003, 2004 and 2005 (US), protection is even stronger. Most of file's content is encrypted, and in order to decrypt it, valid password is supplied. The password itself is not stored in the Quicken file, even encrypted – instead, only password's hash is available. So in order to get access to the file, the original password must be recovered.
When AINPR opens password-protected file created in Quicken 2003/2004/2005, if offers to run brute-force and dictionary attacks on it – these are the only methods that could help to recover such strong passwords.
Dictionary attack is the most effective one. With itBrute-force attack, you may try every word in a dictionary or multiple-dictionaries until your password is found. This method is popular because it is well known that many people use common words as passwords. Dictionaries with hundreds of thousands of words, as well as specialist, technical and foreign language dictionaries are available, as are lists of thousands of words that are often used as passwords such as 'qwerty', 'abcdef' etc. Simply select the desired dictionary file (use the […] button to browse for it); also, you can select a Smart mutations option– it may really help if you're not sure about the register the password has been typed in. For example, if the next word in the dictionary is 'PASSword', AINPR will try the following commonly-used modifications:
PASSword (as is)
passWORD (reversed)
password (all lower case)
PASSWORD (all upper case)
Password (first uppercase, rest lowercase)
pASSWORD (first lower case, rest uppercase)
PaSSWoRD (elite: vowels in lc, others in uc)
pAsswOrd (noelite)
PaSsWoRd (alt/1)
pAsSwOrD (alt/2)
In a brute force attack, the program tries to guess your password by trying every single combination of characters until your password is found. For example, the program might follow a sequence like this:
'aaaaaaaa'
'aaaaaaab'
'aaaaaaac' ...
until the password is found. Obviously, this method will take time, for an eight character lowercase alpha password there are 200 Billion combinations to be checked. But with modern computers this sort of attack doesn't take as long as you might think. The brute force attack is the slowest method of password attack, but can often be successful on short and simple passwords.
For brute-force attack, you have to select the character set (i.e. what symbols have been used in the password); you can choose from capital letters, small letters, digits, space and special symbols such punctuation marks. Besides, you should set the desired password length (minimum and maximum). If Autoincrement if failed option is selected, but the password will not be found in specified range, the program will automatically adjust the maximum length and continue the attack.
The status of brute-force attack is being saved automatically, so when/if you will restart the program or just the attack, recovery will be resumed from the point you stopped it on.
As already noted, Quicken 2003/2004/2005 uses really strong encryption. Always start Quicken 2003/2004/2005 password recovery with dictionary attack, trying different dictionaries and wordlists; and if it fails, try the brute-force attack (if both attacks are selected in the program, the program will run the dictionary attack first, and will continue with a brute-force one if the password will not be found on the first stage.
Recovery speed is not very fast – on Pentium 4 at 2.4 GHz, AINPR tries only about 1000 passwords per second. This is quite enough for dictionary attack even if very large wordlist is being used, but brute-force recovery time dramatically increases with the password length. The practical limit of brute-force attack is only 4-5 characters; but 6-character or longer passwords cannot be recovered with this attack in a reasonable time.
Home page URL : http://www.elcomsoft.com/ainpr.html
Requirements :
· Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP or Windows Server 2003
· about four megabytes of free space on hard disk
Simply select the file you want to recover the password for: press the Open document... button and browse for it. If the given file is corrupted, or used by another application, or passwords are empty – appropriate error message will be displayed. Otherwise, the program automatically recognizes the file type and works accordingly.
For QuickBooks files (*.qba or *.qbw) created in versions of QuickBooks up to 2002 (incl.), password recovery is instant, but for some very large files the program may work a few seconds until the password(s) will be shown. If you have a slow CPU (like Pentium 200) and less than 32 megabytes of memory, the process may take up to a few munites.
Please note that starting from version 6/98, QuickBooks can have multiple 'accounts', i.e. pairs of user name and password. AINPR recovers all of them, but may show the 'phantom' accounts as well – the ones which don't actually exist (i.e. have been already deleted). Just ignore them. All you actually need is a password of 'Admin' user, which is being recovered in any case.
In QuickBooks 2003/2004/2005, protection is much stronger – the passwords are not stored in the data file anymore. First, AINPR tries (using the brute-force approach) to find the short passwords (not longer than 3 characters; containg latin letters, digits and punctuation marks only) – it usually takes a few seconds. Then, for all users that have the rights to open the file, the program shows password information: either the password itself (if it is short), or
Note: for Quicken 2002 and 2003/2004/2004, the password encryption (and so program functionality) is different – please read next chapters for details.
Please also note that the program has been tested on all US versions of Quicken, German versions 2002 and through 2005, and some Canadian, Australian, New Zealand and Spanish versions. Support for other (non-US) versions is not guaranteed.
In Quicken 2002 (US and Canadian), protection has been seriously improved, and in most cases, password cannot be recovered at all in a reasonable time. For such files, however, AINPR allows to remove the password from the file, so Quicken will open resulting file without any problems.
Transaction password in Quicken 2002, however, is encrypted the same way as in older versions, so AINPR will recover it regardless the existance of file password.
For German, Australian and NewZealand versions of Quicken 2002/2003/2004/2005, protection is similar to one used in Quicken 2001 (US), so password can be still recovered instantly.
In Quicken 2003, 2004 and 2005 (US), protection is even stronger. Most of file's content is encrypted, and in order to decrypt it, valid password is supplied. The password itself is not stored in the Quicken file, even encrypted – instead, only password's hash is available. So in order to get access to the file, the original password must be recovered.
When AINPR opens password-protected file created in Quicken 2003/2004/2005, if offers to run brute-force and dictionary attacks on it – these are the only methods that could help to recover such strong passwords.
Dictionary attack is the most effective one. With itBrute-force attack, you may try every word in a dictionary or multiple-dictionaries until your password is found. This method is popular because it is well known that many people use common words as passwords. Dictionaries with hundreds of thousands of words, as well as specialist, technical and foreign language dictionaries are available, as are lists of thousands of words that are often used as passwords such as 'qwerty', 'abcdef' etc. Simply select the desired dictionary file (use the […] button to browse for it); also, you can select a Smart mutations option– it may really help if you're not sure about the register the password has been typed in. For example, if the next word in the dictionary is 'PASSword', AINPR will try the following commonly-used modifications:
PASSword (as is)
passWORD (reversed)
password (all lower case)
PASSWORD (all upper case)
Password (first uppercase, rest lowercase)
pASSWORD (first lower case, rest uppercase)
PaSSWoRD (elite: vowels in lc, others in uc)
pAsswOrd (noelite)
PaSsWoRd (alt/1)
pAsSwOrD (alt/2)
In a brute force attack, the program tries to guess your password by trying every single combination of characters until your password is found. For example, the program might follow a sequence like this:
'aaaaaaaa'
'aaaaaaab'
'aaaaaaac' ...
until the password is found. Obviously, this method will take time, for an eight character lowercase alpha password there are 200 Billion combinations to be checked. But with modern computers this sort of attack doesn't take as long as you might think. The brute force attack is the slowest method of password attack, but can often be successful on short and simple passwords.
For brute-force attack, you have to select the character set (i.e. what symbols have been used in the password); you can choose from capital letters, small letters, digits, space and special symbols such punctuation marks. Besides, you should set the desired password length (minimum and maximum). If Autoincrement if failed option is selected, but the password will not be found in specified range, the program will automatically adjust the maximum length and continue the attack.
The status of brute-force attack is being saved automatically, so when/if you will restart the program or just the attack, recovery will be resumed from the point you stopped it on.
As already noted, Quicken 2003/2004/2005 uses really strong encryption. Always start Quicken 2003/2004/2005 password recovery with dictionary attack, trying different dictionaries and wordlists; and if it fails, try the brute-force attack (if both attacks are selected in the program, the program will run the dictionary attack first, and will continue with a brute-force one if the password will not be found on the first stage.
Recovery speed is not very fast – on Pentium 4 at 2.4 GHz, AINPR tries only about 1000 passwords per second. This is quite enough for dictionary attack even if very large wordlist is being used, but brute-force recovery time dramatically increases with the password length. The practical limit of brute-force attack is only 4-5 characters; but 6-character or longer passwords cannot be recovered with this attack in a reasonable time.
Home page URL : http://www.elcomsoft.com/ainpr.html
Advanced Intuit Password Recovery, or simply AINPR, is a program to recover passwords to files created in Intuit Quicken (.qdt,.qdb,.qdf), Quicken Lawyer (Portfolios,.pfl and.bfl) and QuickBooks (.qba,.qbw). Multilingual passwords are supported. Quicken versions 4 through 2005 and QuickBooks versions 3 through 2005 are supported. Note: for Quicken 2002 and QuickBooks 2003/2004/2005.
The Advanced Intuit Password Recovery tool, developed by Elcomsoft, was designed to allow businesses to continue to use their valuable data when documents' passwords are lost accidentally or intentionally. From the accountant's standpoint, this tool is invaluable to quickly disclose what version of QuickBooks is being used. In addition, it can be used to eliminate wasted time trying to find the password and/or contact the client to obtain the password. It is also a useful tool when the client forgets, or the bookkeeper leaves without disclosing, the passwords on the QuickBooks files.
- Advanced Inuit Password Recovery is a software tool which enables you to instantly recover and reset passkeys from files such as QDF, QDB, DB, PFL, QBW and QBA. The installation process does not.
- A program to recover passwords for Quicken, Quicken Lawyer and QuickBooks files. Guaranteed instant recovery for multiple products. Supports multiple Intuit products. Instantly unlocks password-protected documents by recovering or resetting passwords. Recovers Quicken transaction passwords. Supports.
The tool works with Quicken versions 4 through 2005 and QuickBooks versions 4 through 2005 and limited support for Quicken 2003. Note: for Quicken 2002 and higher QuickBooks 2004 and higher, only short passwords can be recovered, but passwords containing 4 or more characters can only be removed.
Be aware that the assumption used throughout this document is that the individual using the tool to disclose or remove the password is authorized to access the data contained in the file.
The tool is a downloadable product that can be obtained by clicking on the following links:
For the free trial version that will disclose the version but not the password visit our web store.
For the fully functioning version of the tool go to our web store.
Once you add the product to the cart, view the cart, and proceed to the checkout, an e-mail with the link to download the product will be received.
- Download the zip file to your local drive noting where it has been saved.
- Unzip the file and pay attention to where the file is located. WinZip or StuffIt Expander is required to unzip the zip file. Both programs are available for free in Mac and PC formats. PC Users: To download a free evaluation version of WinZip 8.1, go to: http://www.winzip.com/ddchomea.htm Mac Users: To download a free version of StuffIt Expander, go to: http://www.stuffit.com/expander/index.html
- When you unzip the software it will automatically install.
- If you purchase the fully functioning version, a key code to 'unlock' the software will be e-mailed to you within 24 hours. To enter the code, simply click on key and you will be prompted to cut and paste the key code number.
Step 1 – Restore the back up, if necessary
If the client has sent a back up file, restore the file using the most current version of QuickBooks. When prompted that the file needs to be converted, or when the password is requested, cancel out of the operation. Usually a message will appear that states that the data has been restored but cannot be opened without the password.
Step 2 – Use the tool
- Open the program by choosing Start > Programs > Advanced Intuit Password Recovery > Advanced Intuit Password Recovery.
- Click on the icon on the upper right corner that looks like a file folder being opened.
- A pop up box will appear. Find the appropriate file.
Intuit Password Help
- Click on Open.
- The software will then attempt to recover the passwords. For QuickBooks version 4-2002 the user name and password will be listed in the pop up box that can be pasted to the clip board. With version 2003, as in our screen shot example, the passwords are 4 or more characters so they will not be displayed, but they can be removed.
- Note that the main screen of the tool shows the version of QuickBooks that was last used for this file. This is important so the correct version can be used by the accountant if the file is to be returned to the client.
- To remove the password for version 2003 and higher, click on the appropriate user and the remove password button at the bottom will no longer be grey. Click on it and the password for that user will be removed.