Access
Ross-spencer (Talk | contribs) m (→Password Tools) |
Ljcool2006 (Talk | contribs) m |
||
Line 134: | Line 134: | ||
== Password Tools == | == Password Tools == | ||
− | * [https:// | + | * [https://github.com/Planet-Source-Code/hamza-chohan-access-database-password-viewer__1-73390 Planet Source Code (via GitHub) - Access Database Password Viewer] |
− | * [https:// | + | * [https://github.com/Planet-Source-Code/rashid-w-haddadin-maxsoft-access-password-recovery__1-72736 Planet Source Code (via GitHub) - Maxsoft Access Password Recovery] |
== References == | == References == |
Revision as of 23:32, 24 August 2021
Access released by Microsoft also known as Jet DB is a standalone database that forms part of the Microsoft Office Suite of productivity tools. It was first released in 1992.
Access databases are composed of multiple page types. The length of these pages depends on the version of the Jet Database employed by the specific version of Microsoft Access. The first page of Access 95/97 and Access 2000/2003 databases is always a Database Definition Page.
Microsoft Access 95/97 - Jet 3 Database
Microsoft Access 95/97 utilizes the Jet3 database engine. The page size of the Jet3 database engine is 2048 bytes.
Microsoft Access 2000/2002 - Jet 4 Database
Microsoft Access 2000/2003 utilizes the Jet 4 database engine. The page size of the Jet4 database engine is 4096 bytes.
Microsoft Access 2007 - Jet ACE Database
Microsoft Access 2007+ utilizes the Jet ACE (Access database engine).[1]
Additional Formats
Microsoft Access has additional formats and extensions.[2] One being the MDE format which is a "special extension of the standard Microsoft Access MDB format, and is used to distribute an application."[3] An MDE is a compiled read-only format used to distribute databases which cannot be edited. MDE format was replaced with the ACCDE format with Access 2007.
Another being the Snapshot report (SNP) format.
Internal structure of the format
The Jet DB version can be found in the file header by reading the 4 byte little-endian integer at offset 0x13. Jet3 databases have a value of 0. Jet 4 databases have a value of 1.
The version and build number of Microsoft Access used to create the file is stored in the format. These two values are stored within a LVAL Data Page and deeper into that structure a LvProp column - part of the MSysObjects table. It is possible to extract this information from here alone, the complete MSysObject table definition is always the second page of the database (zero-based index).
The block of data at offset 0x18 running for 126 bytes (Jet 3) and 128+ bytes (Jet 4) represents RC4 encrypted data. It is thought this uses the key: 0x6b39dac7.
Database Password
Note: The information under this section should only be used by owners and custodians of databases where the password has been misplaced or lost and not for any illegal or illegitimate premises.
Among other techniques Jet Databases employ a simple database password. The password field is 0x42 bytes into the file. Jet 3 database password fields are 20 bytes in length, Jet 4 are 40 bytes in length.
Jet 3 Password
XOR-ing the byte string running from 0x42 to 0x56 in a non-password protected database with that of a password protected database will reveal the password in plain text.
Studying the Maxsoft tool under Password Tools will help users to understand how Access databases are protected.
Jet 4 Password
The Jet 4 password can be revealed similarly by XOR-ing the byte string running from 0x42 to 0x68. If after the XOR operation if you haven't an ASCII character, that is, you have a value greater than 0xFF you need to XOR that value again with a further key value (byte) at offset 0x54.
Studying the Maxsoft tool under Password Tools will help users to understand how Access databases are protected.
Jet DB and Access Build Numbers
The following table shows that the version of the Jet Database format remained fairly consistent between versions of Access:
Client Application Jet Engine Used Recommended Jet DB Format ------------------------- --------------- ------------------------- Access 2.0 Jet 2.0 Jet 2.0 Access 95 Jet 3.0 Jet 3.0 Access 97 Jet 3.5 Jet 3.0 Access 2000 Jet 4.0 Jet 4.0 Access 2002 Jet 4.0 Jet 4.0 Access 2007 ACE 12 Access 2010 ACE 14 Access 2013 ACE 15 Access 2016 ACE 16
The controller used to read and write the format by Access versions did change. The version of Access and its build number can help us to understand the version of the DLL used to interact with the format. The version and build number is embedded in the MDB objects (as described as part of its internal structure above) so can be easily extracted. Build numbers and DLL versions are described below (KB Article 248710 and KB Article 255275 and KB Article 291331):
Version File Version Patches -------------- ------------ ------- Access 95 7.0 Unknown Access 97 8.0.3512 n/a Access 97 SR-1 8.0.4122 n/a Access 97 SR-2 8.0.5903 SR-1 Access 2000 9.0.2720 Access 2000 9.0.3821 SR-1 Access 2000 9.0.4402 SR-1 Access 2000 9.0.6926 SP-3 Access 2002 10.0.2627.1 Access 2002 10.0.3409.0 SP-1 Access 2002 10.0.4302.0 SP-2 Access 2002 10.0.6501.0 SP-3
Access Version linked with MSJet35.dll (KB Article 248710):
Version DLL Version ------- ----------- Access 97 3.50.3428.0 Access 97 SR-1 3.50.3907.5 Access 97 SR-2 and Jet35Upd.exe (3rd rel) 3.51.2026.0
The following table from KB Article 178880 describes backward compatibility between Jet DB engines and MDB version:
---------------------------------------------- Jet Version 1.0 1.1 2.0 2.5 3.0 3.5 ---------------------------------------------- MDB Version ----------- 1.0 Y Y Y Y Y Y 1.1 N Y Y Y Y Y 2.0 N N Y Y Y Y 3.0 N N N N Y Y
Note: See the KB Article for information on all DLL updates.
Specifications
A formal specification from Microsoft has not been made available. The following links are attempts by third parties to reverse engineer and document the format:
Sample Files
General Tools
- Brian Bruns GutHub.com mdbtools
- MDBValidator: Tool to read and output the statistics of a Microsoft Access Database
Password Tools
- Planet Source Code (via GitHub) - Access Database Password Viewer
- Planet Source Code (via GitHub) - Maxsoft Access Password Recovery
References
- Wikipedia:Microsoft_Access
- Reverse engineered documentation used by mdbtools on GitHub
- Database definition and encryption key documentation
- EverythingAccess.com Jet MDB Security - Under The Hood
- ↑ https://en.wikipedia.org/wiki/Microsoft_Jet_Database_Engine
- ↑ https://en.wikipedia.org/wiki/Microsoft_Access#File_extensions
- ↑ https://www.loc.gov/preservation/digital/formats/fdd/fdd000462.shtml#notes
See Also
- Wikipedia:Microsoft_Jet_Database_Engine
- Developer resource discussing DLL versions and sample code to retrieve Access version
- Site collating version and build numbers from XP through to 2010
- Wikibooks Jet Database/Manipulation tools
- WebCheatSheet.com Microsoft Access Specifications and Limitations
- PC Welt Germany discussing vulnerabilities in Microsoft Money 99 which is built on Jet DB 3.0
- MDB Password View Tutorial
- PRONOM Google Group Discussion about the distinction between Access versions in the PRONOM registry
- ODBC Setup for Access and SQL Server
- Microsoft Access: The Database Software That Won’t Die