WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2026 Poal.co

293

A few weeks ago, I picked this device up from the Dayton Hamvention:

https://poal.co/s/Electronics/538229

There's some programming software that goes with it, but the manufacturer keeps it under password protected zip files. I don't know why, but they do:

http://www.gorman-redlich.com/downloads/ http://www.gorman-redlich.com/Downloads/WinEASSetup202b.zip

I was able to contact said manufacturer and was given a password: GrmnDosPass - but that doesn't work. When I asked for assistance, I got a really passive-aggressive email back stating that they tried to call me but why didn't I answer the phone so they can help me. Maybe because I don't take calls without knowing who they are and random call from local area code is auto-spam? Or for half a dozen other reasons, but the place basically refused to deal with me unless they could call me. Thanks, but this isn't 1974.

So now I have a piece of software that's locked, and I've been unable to brute force the password. Are there any pieces of software that are known to work? I have to assume that it's a password similar to what was given, or perhaps the files are simply corrupt.

A few weeks ago, I picked this device up from the Dayton Hamvention: https://poal.co/s/Electronics/538229 There's some programming software that goes with it, but the manufacturer keeps it under password protected zip files. I don't know why, but they do: http://www.gorman-redlich.com/downloads/ http://www.gorman-redlich.com/Downloads/WinEASSetup202b.zip I was able to contact said manufacturer and was given a password: GrmnDosPass - but that doesn't work. When I asked for assistance, I got a really passive-aggressive email back stating that they tried to call me but why didn't I answer the phone so they can help me. Maybe because I don't take calls without knowing who they are and random call from local area code is auto-spam? Or for half a dozen other reasons, but the place basically refused to deal with me unless they could call me. Thanks, but this isn't 1974. So now I have a piece of software that's locked, and I've been unable to brute force the password. Are there any pieces of software that are known to work? I have to assume that it's a password similar to what was given, or perhaps the files are simply corrupt.

(post is archived)

[–] 2 pts (edited )

Found this.

https://geekflare.com/best-zip-password-recovery-tools/

Did some more searching.... Yea dont think I can help yay anymore fren. Now I know why they only give the passwords to customers...

https://www.defensetravel.dod.mil/Docs/EAS_Setup_Guide.pdf

[–] 1 pt

Most of those are just pre-computed stuff, like password lists. I've been going down through everything I can find and nothing's worked. It can't be terribly sophisticated, so I set one of the pay-for-play crackers on it.

I'll look through the list you have and see if there's anything new.

[–] 0 pt

Digging into it, it's an old crypto method, should be easy to crack. I'm fully licensed to operate a device such as this, so no worries there. The link you have to the EAS is for a different system, an access system. This is a broadcast device.

[–] 1 pt

Oh cool. I was just trying to be a bro and deploy some googlefu. Saw DOD shit and was nope gonna dip out. haha

[–] 1 pt

Yeah, it's not as thrilling as it look, tho. That's a (credit) card management portal with special instructions for gubbmint idjits.

[–] 2 pts

It's GrmnWinPass, literally the first thing I tried lol

[–] 2 pts

I would find a cracker that would run complex number sequences and long passwords. You're probably looking at a 20+ character password. If one util doesn't work find another one. You could also try Kali linux.

https://linuxconfig.org/how-to-crack-zip-password-on-kali-linux

[–] 0 pt

I don't think it's a wordlist password. I suspect it's probably a subset of what the guy gave me.

[–] 1 pt

I agree. It's probably something like "NIG666KIK666GOOK111!!@@$"

[–] 1 pt

I'm going to guess it's probably not that one.

[–] 1 pt

Security through obfuscation. Good luck 🤞

[–] 1 pt

Yeah. I think I was getting blown off, we'll see what the pay crackers do.

[–] 1 pt

Well considering their boilerplate password is so short an has no numbers the pay cracker should work. Might even be able to speed it up by taking numbers and special symbols off.

[–] 1 pt

Looks like it uses ZipCrypto, so it can't be more than 12 bytes anyway - if I read the stuff right.

[–] 1 pt

I've always wondered if it would be possible to narrow down the list of potential passwords by computing the entropy of each password, and comparing it to the entropy of an encrypted file.

[–] 0 pt

There's probably always a better way, but I'm a stupid bird and can't say.

[–] 0 pt (edited )

There's probably always a better way, but I'm a stupid bird and can't say.

TWIRL & TWINKLE?

I seriously doubt the "anything they claim to have, what they actually have is ten years ahead of the public" meme.

The u.s. couldn't get a rocket to orbit before musk. Couldn't do proper semiconductor tech at scale (without adding asians as the secret ingredient) without the last 2-4 years of spinning up the hardware-engineering pipeline with the universities.

The best we have is about 9001 backdoors going to the Nth-level deep, like a rube-goldberg machine, sold, with tacit understanding, to five billion consumers, including foreign governments who knew what they were buying.

If theres a better way then building a giant coffin in utah, while jam packing it with parallel compute to the fucking gills like skynets cancerous overgrown mutant prototype, on glorified FPGAs putting out more heat than the sun all just to crack RSA et al, while calling it an "NSA datacenter"--if theres a better, faster way, I doubt we, meaning you, me, or even the NSA or alphabet org, would know about it.

America is braindead, even its institutions.

[–] 1 pt

Can you try:

  • GrmnRdlchPass
  • GrmnRdlchDosPass

I would consider giving Kali a try and run through your standard password cracker. If you have a machine with a bunch of processing power/a ton of cores, you might get lucky and get a result in a day. You can probably start with a prefix of "Grmn" and I would also consider "GrmnRdlch". Good luck!

[–] 0 pt

Those do not work, and I do not have a super-powerful machine but I do have one that can sit and do nothing but look for hashes for as long as necessary. If other results do not present themselves, I will try that. Thank you.

[–] 1 pt

If you need something beefy for hashing, maybe rent a server? You might even be able to use an AWS instance for free, but I don't know much about that.

[–] 1 pt

I could, but I have a machine here that's relatively low power consumption that could be put to use for a year doing password hashes.

[–] 0 pt (edited )

Maybe because I don't take calls without knowing who they are

If for the purposes of getting the password, don't you think this is an acceptable exception to the rule? I get that spam calls are a pain in the arse, though. Alternatively, you could call them - their number is on their website, and ask to speak to someone directly.

[–] 1 pt

Well, yes. However, if I don't know you're calling then don't complain to me when I don't answer your call. I'm not sitting around waiting for people I don't know to call me, especially if I am not expecting your call. Had he sent me an email saying "Hey, are you available for a phone call?" I would have said no, I'm out right now, and I don't have access to the number you're calling as it's a virtual number and i need to find a headset to use it - hold on.

The tone of the email I received was that I was deliberately not answering the phone for some reason.

The main point here is, why did he send me a fake password to start with? Why not just say "Oh, oops, that's the wrong one. Try this instead?" What is a phone call going to do? If you don't want to give me the real password or there's something funny I need to do, having a set of written instructions is going to be better for me because I can't hear shit on a phone.

[–] 1 pt

Then call them via their number - its on the website. That way you can do it on your time. Might have been that password was for one of the other files, and he just gave the wrong one.

[–] 1 pt (edited )

In our email exchange I asked if that was the correct password. No reply.

Another user found it, something I should have tried. He gave me the wrong password for some reason. Oh well....