The table below is based partly on documentation and partly on actual test. Where a filename matches more than one pattern, use the first one that matches. If a password doesn't work, try others from the table and let me know of the error. If you have password information for other Model I/III/4 operating systems, let me know. The values in the TRSDOS 6 column should also work for versions of LS-DOS prior to 6.3.1.
Files LDOS 5.1.0 LDOS 5.3.1 TRSDOS 6 LS-DOS 6.3.1
----- ---------- ---------- -------- ------------
basic/* (unused) basic basic basic
lbasic/* basic (unused) (unused) (unused)
config/sys ccc ccc ccc ccc
*/sys wolves system lsidos system6
*/flt gsltd filter filter filter
*/dvr gsltd driver driver driver
*/dct rrw3 driver utility driver or utility
*/cmd rrw3 utility utility utility
*/hlp (unused) help (unused) help
back door rs0lt0ff rs0lt0ff (nflag$ bit7) (nflag$ bit7)
The password listed as "back door" gives you access to all files regardless of what their real passwords are. It's documented! I confirmed by looking at the source code that TRSDOS/LS-DOS 6 has no such password, but I found that later versions of it have another, undocumented back door: if you turn on bit 7 of NFLAG$, all file password checking is disabled. The command MEMORY (A="N", B=128) will do this. This back door can be found in TRSDOS 6.2 and LS-DOS 6.3.1, but not in TRSDOS 6.1.2.
Model I TRSDOS 2.3 also has a back door password; the originally intended password is unknown, but the string "ubett" hashes to the correct value and can be used. The strings "f3gum", "nv36", and many others also work. VTOS 3.0 also has such a back door; the password "hadu" can be used.
The password "password" is a standard default in the TRS-80 world. If you're insistently prompted for a password in a situation where you don't think a password should be needed, try "password".
Another way to reconstruct TRS-80 passwords is through exhaustive search. This is quite fast because TRS-80 operating systems hash their passwords down to 16-bit values, so you need only find some password that hashes to the same value, not the exact original password. Here is a C program to do that.
/* trspwhash
* Usage: trspwhash password // Hash a password
* trspwhash -u 0xhash // Unhash a password to letters
* trspwhash -n 0xhash // Unhash a password to letters and digits
*/
#include <stdio.h>
unsigned int
pwhash(unsigned char pw[8])
{
unsigned char *p = &pw[7];
unsigned int count = 8;
unsigned int hl, t1, t2;
hl = 0xffff;
do {
t1 = hl & 0x07;
t2 = hl & 0xff;
hl = (t1 << 13) ^ (t1 << 9) ^ (t1 << 2) ^
(t2 << 8) ^ (t2 << 4) ^ (t2 >> 3) ^
(hl >> 8) ^ (*p-- << 8);
} while (--count);
return hl;
}
void
usage()
{
fprintf(stderr, "usage: trspwhash [-u | -n] arg\n");
exit(1);
}
int
main(int argc, char **argv)
{
unsigned int goal;
unsigned char pw[16];
int i;
if (argc == 2) {
strncpy(pw, argv[1], 8);
pw[8] = '\0';
strcat(pw, " ");
for (i = 0; i < 8; i++) {
if (islower(pw[i])) pw[i] = toupper(pw[i]);
}
printf("%04x\n", pwhash(pw));
} else if (argc == 3 && strcmp(argv[1], "-u") == 0) {
goal = strtoul(argv[2], (void*)0, 0);
strcpy(pw, " ");
for (;;) {
if (pwhash(pw) == goal) printf("%s\n", pw);
i = 0;
for (;;) {
switch (pw[i]) {
case ' ':
pw[i] = 'A';
break;
case 'Z':
pw[i] = 'A';
i++;
if (i == 8) exit(0);
continue;
default:
pw[i]++;
break;
}
break;
}
}
} else if (argc == 3 && strcmp(argv[1], "-n") == 0) {
goal = strtoul(argv[2], (void*)0, 0);
strcpy(pw, " ");
for (;;) {
if (pwhash(pw) == goal) printf("%s\n", pw);
i = 0;
for (;;) {
switch (pw[i]) {
case ' ':
pw[i] = 'A';
break;
case 'Z':
pw[i] = '0';
break;
case '9':
pw[i] = 'A';
i++;
if (i == 8) exit(0);
continue;
default:
pw[i]++;
break;
}
break;
}
}
} else {
usage();
}
return 0;
}