
   --------------------------------------------------------------------------
   |                                                                        |
   |                                                                        |
   |                                                                        |
   |                                                                        |
   |                                                                        |
   |                             USER'S  MANUAL                             |
   |                                                                        |
   |                                                                        |
   |                                                                        |
   |                    *********************************                   |
   |                    *                               *                   |
   |                    *   "NAVYPASS" :  U. S. NAVY    *                   |
   |                    *                               *                   |
   |                    *    ADP PASSWORD PROTECTION    *                   |
   |                    *                               *                   |
   |                    *     SOFTWARE     PACKAGE      *                   |
   |                    *                               *                   |
   |                    *********************************                   |
   |                       Version 1.1    (c) May 1990                      |
   |                                                                        |
   |                        Ref: OPNAVINST 5510.1 series                    |
   |                                                                        |
   |                                                                        |
   |                                                                        |
   |                                                                        |
   |                                                                        |
   |                       Designed by:                                     |
   |                                                                        |
   |                           Dale E. Wilson, LT, USN                      |
   |                           Attack Squadron 128                          |
   |                           NAS Whidbey Island, WA                       |
   |                                            98278                       |
   |                                                                        |
   |                                                                        |
   |                                                                        |
   |                                                                        |
   |        This software package is a Federal Domain Program intended      |
   |    for use by DoD personnel for official purposes. It may be copied,   |
   |    distributed, and otherwise used without any further permission      |
   |    in all offices of the U. S. Government and Armed Forces provided    |
   |    that the following conditions are met:                              |
   |                                                                        |
   |                                                                        |
   |      - NAVYPASS.EXE may only be distributed in its original,           |
   |    unmodified state.  Any modified versions may NOT be distributed.    |
   |                                                                        |
   |      - NAVYPASS.EXE may NOT be distributed, in whole or part, as       |
   |    part of any commercial product without the expressed written        |
   |    permission of the author.                                           |
   |                                                                        |
   |                                                                        |
   |        The use or distribution of this software package for profit     |
   |    or by private persons or industry without written consent of the    |
   |    author is strictly prohibited.  The author reserves all             |
   |    commercial rights.                                                  |
   |                                                                        |
   |                                                                        |
   |------------------------------------------------------------------------|

 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN





                      T A B L E   OF  C O N T E N T S
      __________________________________________________________________





      SECTION                                                       PAGE

                          I N T R O D U C T I O N


      1.1  Product Overview ........................................ 1-1
      1.2  Software Contents ....................................... 1-2
      1.3  Specifications .......................................... 1-3
      1.4  Computer and DOS Requirements ........................... 1-3 

                          I N S T A L L A T I O N


      2.1  Hard Drive Installation  ................................ 2-1

                    S O F T W A R E   S P E C I F I C S


      3.0  NAVYPASS MAIN MENU ...................................... 3-1
      3.1    Password Entry ........................................ 3-2
      3.2    Quick Information ..................................... 3-2
      3.3    Set Configuration ..................................... 3-3
      3.4    Reference Manual ...................................... 3-4


      4.0  NAVYPASS TIPS & TECHNIQUES .............................. 4-1
      4.1    Using "Blankall.Com" .................................. 4-2
      4.2    Using "No-Reset.Com" .................................. 4-2


      5.0  APPENDIX
           A. Technical Information ................................ A-1
           B. Code Logic ........................................... A-1
           C. Author's Rights ...................................... A-1
           D. Acknowledgments ...................................... A-2
           E. A Final Note ......................................... A-2









                                    ii
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       ________________________
      |                        |
      | 1.1   Product Overview |
      |________________________|

           The NAVYPASS Software Package was designed to assist commands
      in promoting ADP Security in their work environment. The program is
      actually very simple, but at the same time very powerful. Loaded as
      the very first program in the "autoexec.bat" file, it allows normal
      "autoexec" execution ONLY when the user has provided the correct
      password to the program. NAVYPASS is NOT a ram-resident (TSR) program,
      but rather a single small module loaded and ran only once during
      computer startup ("booting" process). Since it can be executed at any
      time, it's convenient to run it prior to leaving the computer
      unattended for any period in order to keep unauthorized users from
      accessing the system.

          Written in Turbo C version 2.0, NAVYPASS is lighting-fast and
      exceptionally easy to use. A clear, simple menu format drives all 
      functions. The intent of this program is to enhance ADP security 
      without burdening valid users from performing their work.

      HOW NAVYPASS WORKS:

          ** NOTE ** Both original passwords were set to the program name
      itself, "NAVYPASS", when the program was distributed Navy-wide.

      NAVYPASS actually has two passwords: a "User Access" password
      and a "Main System" password. The purpose of this second password is
      to allow the ADP Security Officer, or more commonly, the System
      Operator (hereafter referred to as the "SysOp") to set: i) the normal 
      "user" password ii) the command name at the top of the opening screen, 
      iii) his/her own name at the top of the screen. These items, as well as
      the Main System password, can be changed at any time, but ONLY through
      the SysOp via the Main System password. As the opening screen comes up, 
      the user will simply press the first selection, "Password Entry", and 
      enter the correct password. If successful, the autoexec.bat continues 
      to execute normally. However,if the user can't enter the correct
      password in two attempts.... the system locks up and MUST be rebooted.  

           NAVYPASS contains sophisticated algorithms that forestall "hackers"
      from breaking into the program and attempting to change the passwords on 
      their own. All passwords and screen titles are kept in a separate file
      named "password.dat". The file is completely encrypted such that common
      utilities like Norton Commander and PC Tools won't help the hacker to  
      learn the passwords... all he/she will see is binary garbage! The usual
      hacker tricks like hitting "Control-C" or "Control-Break" to bypass a
      executing program is automatomally recognized by NAVYPASS as an illegal
      entry attempt, resulting in an automatic system lockup (referred to as
      "going to byte heaven"). Although no system is completely safe from a
      knowledgeable and determined professional, NAVYPASS should easily meet 
      the needs of the normal Federal/Dept of Defense office environment.

                                      1-1
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       ________________________
      |                        |
      | 1.2  Software Contents |
      |________________________|





         A.    NAVYPASS.EXE       Executive program used to control all
                                  primary functions in this software
                                  package. Menu driven format.

         B.    PASSWORD.DAT       Encrypted binary data file containing
                                  the passwords. Also  holds the command    
                                  name and ADP Officer's name for the title
                                  window on the opening screen.

         C.    MANUAL.EXE         Allows the user to read the Users'
                                  Manual directly from the computer
                                  monitor. ( Uses  MANUAL )

         D.    MANUAL             The file containing this Users' Manual.
                                  A printout can be made and retained
                                  for future reference. To print the manual,
                                  insert disk into drive A, ensure your
                                  printer is on, and at the DOS prompt,
                                  type:  COPY MANUAL PRN

                                  example:

                                  A:\>  COPY MANUAL PRN

                                  Note:  Ensure the print head is positioned
                                  at the top of a new page. The file will
                                  automatomally advance a new page as needed.

         E.    BLANKALL.COM       Useful utility to "blank" the screen if the  
                                  computer has been inactive for a specified
                                  number of minutes. Saves the monitor from 
                                  "screen burn" during periods of inactivity.

         F.    NO-RESET.COM       Tiny assembly program that deactivates the
                                  "CTRL-ALT-DEL" and "CTRL-ALT-INS" keyboard
                                  sequences to further enhance security on
                                  Zenith Z-248 machines.







                                    1-2
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       ________________________
      |                        |
      | 1.3   Specifications   |
      |________________________|




            - Written in Turbo C version 2.0 (Borland, Inc), with assembly
              language sub-routines controlling BIOS interrupts.

            - Designed for use on the Zenith Z-248 microcomputer system
              equipped with EGA monitors, the standard throughout the
              Department of Defense.

            - A stand-alone program that requires no additional software
              other than the Disk Operating System (DOS).

            - Exceptionally user-friendly. Completely menu-driven. Clear,
              distinct prompts make every function intuitively obvious.

            - Professional encryption algorithms provide sophisticated 
              password protection. Automatomally detects attempts to bypass
              the program, resulting in immediate system lockup.



       ______________________________
      |                              |
      | 1.4   COMPUTER REQUIREMENTS  |
      |______________________________|


           The NAVYPASS software package is fully compatible with the
      IBM PC-XT, AT, and PS/2 machines and on all clones claiming
      compatibility. The 8088, 80286 or 80386 Central Processing Unit (CPU)
      is required to ensure proper execution of this software.  The CGA, EGA
      or VGA color video driver is required to ensure full video compatibil-
      ity. All Zenith 150 and 248 model computers are fully compatible.
      Early Z-248 computers equipped with EGA monochrome monitors may also
      be used.

           Obviously, a hard drive is necessary to effectively utilize this 
      program. This software package has been thoroughly tested on machines
      with an internal clock rate of 4.77, 8.0 and 12.5 MHz. Additionally, it
      has been tested on machines very similar to the Unisys machines on the 
      Federal Desktop III contract (16MHz and 20MHz 32-bit 80386 VGA systems).
      This program has performed well under DOS versions 3.1 through 4.01.





                                     1-3
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       ________________________________
      |                                |
      | 2.1  INSTALLATION              |
      |________________________________|


          Installing NAVYPASS is extremely simple... just use the install
      program! Since this MUST be done from the "A" drive, first insure that
      the following files are on the floppy disk that will be used for the
      installation process:

      NPINSTAL.EXE    NAVYPASS.EXE  PASSWORD.DAT  MANUAL.EXE
      MANUAL          BLANKALL.COM  NO-RESET.COM

          Now just insert this disk into drive "A" and enter "NPINSTAL.EXE" at
      the prompt. For example:

                              A:\> NPINSTAL.EXE

      The installation program will correctly install the program on hard
      drive "C" (the normal "bootup" drive on most computers equipped with 
      hard drives, such as Zenith 248 systems) on the root directory.

               Now all that needs to be done is to edit (change) your 
      "autoexec.bat" file such that the NAVYPASS program is the FIRST program
      to run during the bootup process. This is easy to do (using common
      utilities such as Norton Commander, PC Tools, XTREE, etc) but if you
      have any doubts, have your local 'computer guru' do it for you. The
      only two files that are ESSENTIAL for this program to run correctly are
      NAVYPASS.EXE and PASSWORD.DAT. The others simply enhance the program
      and are fully explained in the following sections.





















                                     2-1

 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       __________________________
      |                          |
      | 3.0  NAVYPASS MAIN MENU  |
      |__________________________|


           After the mandatory warning introduction, the program Main Menu 
      will come up on screen, looking like this:

                         
                        ͻ 
                                                
                           PASSWORD ENTRY       
                                                
                           QUICK INFORMATION    
                                                
                           SET CONFIGURATION    
                                                
                           REFERENCE MANUAL     
                                                
                        ͼ
                                                  

           Any of the functions can be executed by moving the selection
      bar to the item desired and pressing <RTN>, or merely pressing the first 
      letter of the item (P,Q,S, or R) will also initiate the function. By 
      default, the selection bar will be preposition on the "PASSWORD ENTRY" 
      function, since that it what will be used most often.
 
           These four items are fairly self-explanatory: 'PASSWORD ENTRY"
      is the primary function, used to enter the correct password for users
      to obtain access to the system; 'QUICK INFORMATION' is a one-page brief
      on the purpose and requirements of the program; 'SET CONFIGURATION' 
      brings up a second menu that allows the SysOp to change passwords, put
      the command's name on the opening screen, etc; 'REFERENCE MANUAL' allows
      this very manual to be read right on the screen.                    
      
                               ** CAUTION!! **

           KEEP IN MIND that once the 'PASSWORD ENTRY' selection is made, 
      there is no going back; you are COMMITTED to entering the password!! If
      you mistakenly got into this function, you'd better have the correct
      password... or prepare to reboot!. The ORIGINAL password (both user
      entry and main system password) when this program was distributed was
      simply the program name itself, "NAVYPASS". You should absolutely MAKE 
      A BACKUP COPY OF THE ORIGINAL 'PASSWORD.DAT" FILE in case you either 
      forget the password that is set by your activity, or some frustrated
      hacker corrupts your 'PASSWORD.DAT' file!! If catastrophe occurs and 
      everything is lost, see "A Final Note" at the end of this manual.




                                   3-1
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       ______________________
      |                      |
      | 3.1  PASSWORD ENTRY  |
      |______________________|


           This selection (which obviously will be used the most often) will
       pop up a window and prompt the user for the password. ENTER CAREFULLY,
       because this entry routine is UNFORGIVING; there is no "backspacing"
       if you make a mistake during entry. You can enter either upper or lower
       case letters, but numbers are illegal (you'll hear a beep if ANYTHING
       except alphabetic characters are entered). Naturally, the password
       being entered is not echoed to the screen. The length of the password
       is the length of the black entry prompt (that's the only hint you'll
       get!) and there's no pressing <RTN> after the last letter; success
       (or failure) is immediately recorded upon entering the last character. 
       
           A successful entry will be rewarded with a message to press any 
       key to continue. A bad entry will be given only ONE more chance, so 
       re-enter slow and CAREFULLY!! A second failure results in the computer 
       system tripping off to "Byte Heaven"!




       _________________________
      |                         |
      | 3.2  QUICK INFORMATION  |
      |_________________________|


             This is just a one-page quick and dirty info on what NAVYPASS
      expects, and that you have just TWO chances to successfully enter the
      correct password.  

















                         

                                 3-2
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       _________________________
      |                         |
      | 3.3  SET CONFIGURATION  |
      |_________________________|

           This function allows the SysOp to set his own passwords, (both the
      normal 'user entry' password or the Main System password). In addition, 
      the SysOp can insert the Command's name and his/her own name on the 
      opening screen. Changing these items requires the entry of a "Main
      System" password, which is DIFFERENT from the user entry password   
      (the reason for this should be obvious; if a "normal user" also has 
      the ability to change the "normal user" password, this negates the 
      intent of having a password security program to begin with). Selecting 
      the "SET CONFIGURATION" function from the Main Menu pops up a second 
      menu which looks like the following:


                            
                           ͻ  
                                                   
                            Main System Password  
                                                  
                            User Access Password  
                                                  
                            Command Title Heading  
                                                  
                            ADPSO Name Change      
                                                  
                            Return to Main Menu    
                                                         
                           ͼ  
                                                    

           In the same manner as the Main Menu, moving the selection bar with
      the cursor keys and pressing <RTN>, or hitting the first letter of any 
      item executes that function. Whichever function you choose, you will be
      prompted for the Main System password to continue. As before, this 
      entry routine is brutally strict, with the same penalty for failure!
      Aside from the 'Return to Main Menu' option, all of these routines are 
      similar in function, differing only in that the passwords are limited to 
      alphabetic letters, up to 20 characters max, no blank spaces. The Title 
      Heading or ADPSO Name Change can be up to 30 characters max, blanks and
      numbers may be used. Once you enter a new password/heading/name, you will
      be prompted to confirm the entry before it is saved to disk. If you 
      change your mind, answer 'no' to the confirmation, and you will be 
      returned to the above menu. 







                                    3-3
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       _________________________
      |                         |
      | 3.4  REFERENCE MANUAL   |
      |_________________________|


           Selecting this option from the Main Menu will allow the user to  
      read this very manual right from the screen using an EXTREMELY fast
      document display program. Use the arrow keys and/or the PGUP/PGDN keys
      to scroll through this manual. This manual can also printed out and 
      retained for future reference. Before printing, ensure the print head
      is at the top of a new page. A complete printout can be performed using 
      the COPY command. For example, if you have the manual file on a floppy 
      disk, insert it into drive A, ensure the printer is ready, and at the 
      "A" prompt, type in the command. It will look like the following:

                           A:\> COPY MANUAL PRN
   
       Then press <RTN>. Pages are automatomally advanced as needed.                           

































     
                                   3-4
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       __________________________________
      |                                  |
      | 4.1  NAVYPASS TIPS & TECHNIQUES  |
      |__________________________________|


           The following tips are provided in order for users to obtain the
      most from NAVYPASS. Always remember that a knowledgeable and determined
      professional will be able to bypass most any security methods that     
      use software only. Therefore, NAVYPASS should be used in conjunction
      with prudent physical security measures. 

           * All computer systems should be behind locked doors during off-
             duty hours.

           * NEVER leave a computer unattended while it is running. It takes  
             mere seconds for files to be copied or compromised, or for some
             lowlife maggot to infect your system with a virus.           

           * DO NOT use the same passwords for both "User Access" and "Main
             System". Only the ADP Security Officer (or SysOp) should have the
             Main System password, since it allows one to change the normal 
             "User Access" password, as well as the title headings.

           * If you must leave the area for a brief period, run NAVYPASS right
             before you go. If, upon return, you see that your computer has 
             gone to "Byte Heaven", you'll know someone tried to access your 
             system while you were away.

           * ALWAYS HAVE A BACKUP OF YOUR "PASSWORD.DAT" FILE!! Although this
             file can not be read using utility programs to obtain the 
             password, the frustrated hacker can maliciously corrupt the file
             such that it will not perform correctly. 

           * Consider frequently running an anti-virus scanning program on all
             systems, such as McAfee Associates "SCAN.EXE", available from 
             most BBS's nationwide. 

           * Adhere rigidly to your command's ADP Security Program. Ensure 
             users obtain proper training concerning effective security  
             methodology. Conduct periodic spot audits to ensure compliance.

           * If you experience any problems running NAVYPASS that can't be 
             resolved despite your best efforts, see "A Final Note" at the end 
             of this manual. 








                                   4-1
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN



      
       ______________________________
      |                              |
      | 4.2  USING "BLANKALL.COM"    |
      |______________________________|



           This small program is a gem: it completely "blanks" the screen if
      the keyboard has not been used for a set period of time. The default 
      time period is 2.5 minutes, but can be set to any time between 1 and 9
      minutes. For example, "BLANKALL 5" blanks the screen after 5 minutes
      of keyboard inactivity. This is extremely useful in preventing "screen
      burn", which occurs when the same screen display is constantly running
      for hours at a time, day after day. (Monochrome screens are particularly
      susceptible to this, but all screens can suffer from it). Place this 
      program in your autoexec file (after NAVYPASS, of course!) and save your
      monitor's screen while extending it's life. It is a TSR, but only takes 
      720 bytes of RAM.... peanuts! After the screen goes blank, pressing any
      key immediately restores the screen as it was before.  



       _______________________________
      |                               |
      | 4.3  USING "NO-RESET.COM"     |                            
      |_______________________________|

           
           This tiny assembly program enhances ADP security by disabling both
      the "CTRL-ALT-DEL" and "CTRL-ALT-INS" key sequences, preventing system
      from "warm booting" and, more importantly, preventing hackers from 
      entering the setup configuration (this is also how many password schemes
      are bypassed). For Zenith Z-248 systems, using this program correctly 
      can virtually make your system IRONCLAD TIGHT! Place it in the autoexec
      file (again, AFTER NAVYPASS) to invoke it during normal bootup.

           Employing all these programs correctly, a typical "autoexec.bat"
      file might look like the following:

                             NAVYPASS
                             path = c:\; c:\wordstar; c:\123; c:\dbase;
                             prompt= $p$g
                             NO-RESET
                             BLANKALL 5
                             ..
                             ...
                             ....(rest of file)

                     


                                   4-2
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN


       _____________________________________
      |                                     |
      | Appendix A: TECHNICAL INFORMATION   |
      |_____________________________________|


           NAVYPASS took several months to develop and debug, ensuring
      complete compatibility with the IBM PC standard. It was primarily
      intended to be implemented on Zenith Z-248 machines, which is the 
      standard throughout the Federal Government and Department of Defense 
      regarding stand-alone desktop computers. It has been rigorously tested
      on numerous true IBM AT clones (Intel 80286)and also 32-bit 80386 
      machines configured like the Unisys system on the Federal Desktop III
      contract.


       ______________
      |              |
      | Code Logic   |
      |______________|
       

           NAVYPASS completely controls all keyboard input. If a menu is 
      displayed, only the highlighted option letters or the <RTN> keys are 
      valid entries; everything else is just ignored. During password entry,
      ONLY alphabetic characters are allowed; any other keystroke (including
      spacebar, backspace, <ESC>, or arrow keys) result in a error beep.
      This is performed by scanning the keyboard input, translating it to an
      uppercase letter, and checking if the result is an ASCII code between
      65 and 91 (A-Z). Every byte of the string array is tested this way.

           For obvious reasons, I will not discuss the encryption and "Byte
      Heaven" algorithms here, but serious programmers who desire to see the
      source code can contact me for a copy. I won't give you the exact code 
      for NAVYPASS, but I will provide you with a early version that behaves 
      in much the same way.

       ____________________
      |                    |
      |  Author's Rights   |
      |____________________|
 
           NAVYPASS is a Federal Domain program. All offices of the U.S. 
      Federal Government may freely use it without further permission. How-
      ever, it is ILLEGAL to use it in a commercial or private sector 
      environment without my expressed written permission. To do so is a 
      violation of Copyright Laws and extremely bad karma. If you call me up
      and ask, I might just give you permission without charge! 





                                     A-1
 




      NAVYPASS  Users' Manual                   by D. E. Wilson, LT, USN



       ____________________
      |                    |
      | ACKNOWLEDGMENTS:   |
      |____________________|


           "Turbo C" is a product of Borland, International.

           "Norton Commander" is a product of Peter Norton Computing, Inc.
           
           "PC Tools" is a product of Central Point Software, Inc. 
           
           "XTREE" is a product of the XTREE Company.

           "Zenith Z-248" is a product of Zenith Data Systems.





      *********************
      *  A FINAL NOTE...  *
      *********************

	   If you experience ANY difficulty in running NAVYPASS that can't
      be cured by reading this manual file, feel free to call or write me 
      at any time. My address on the cover sheet of this manual is good 
      until Dec 1991. As I am a maintenance "groundpounder", the following 
      phone numbers will eventually find me:

                       AV 820-2995  (Quality Assurance)
                       AV 820-6361  (Maintenance Officer)
          
                       Commercial numbers: (206) 257-2995
                                           (206) 257-6361 

















                                   A-2
