Info
Content

WORD.FMT

PSIONICS FILE - WORD.FMT
========================
Format of Word files
Last modified 1996-01-18
========================

Word files can be encrypted with a password. Encryption affects only the
header and data record type 8 (see below).

A word file begins with a header of the following form (U indicates values
for unencrypted files, and E values for encrypted files):
  Offset  0 (cstr): "PSIONWPDATAFILE"
  Offset 16 (word): format version number (U: 1, E: 256)
  Offset 18 (word): encryption algorithm version (U: 0, E: 1)
  Offset 20 to  28: encryption key check value (all $EA if unencrypted)
  Offset 29 to  35: copy of offset 20 to 26
  Offset 36 (word): U: $EAEA, E: 0
  Offset 38 (word): unused

The rest of the file consists of records. All records have the form:
  Offset  0 (word): record type
  Offset  2 (word): size of data portion (L)
  Offset  4 to L+3: data portion

Word files have record types 1 to 9; the word processor application creates
them in numerical order of type. Exactly one record of each type is used,
except that there may be more than one record of types 6 and 7.

All distances and font sizes are in units of 0.05 points (i.e. a value of
1440 represents one inch). All font names are represented by standard code
numbers:
    -1 = Inherited (where permitted)
     0 = Courier              17 = Emperor              40 = Greek
     1 = Pica                 18 = Madeleine            41 = Kana
     2 = Elite                19 = Zapf Humanist        42 = Hebrew
     3 = Prestige             20 = Classic              44 = Russian
     4 = Letter Gothic        24 = Times Roman          48 = Narrator
     5 = Gothic               25 = Century              49 = Emphasis
     6 = Cubic                26 = Palatino             50 = Zapf Chancery
     7 = Lineprinter          27 = Souvenir             52 = Old English
     8 = Helvetica            28 = Garamond             55 = Cooper Black
     9 = Avant Garde          29 = Caledonia            56 = Symbol
    10 = Spartan              30 = Bodoni               57 = Line Draw
    11 = Metro                31 = University           58 = Math 7
    12 = Presentation         32 = Script               59 = Math 8
    13 = APL                  33 = Script PS            60 = Dingbats
    14 = OCR A                36 = Commercial Script    61 = EAN
    15 = OCR B                37 = Park Avenue          62 = PC Line
    16 = Standard Roman       38 = Coronet

Record type 1 holds information about the file. It is always 10 bytes:
  Offset  0 (word): cursor position within text record (type 8)
  Offset  2 (byte): each set bit indicates a character type should be shown
                    as symbols:
    Bit 0: tabs
    Bit 1: spaces
    Bit 2: carriage returns
    Bit 3: soft hyphens
    Bit 4: forced line breaks
  Offset  3 (byte): (Series 3a only)
    Bits 0 to 1: status window: 0=none, 1=narrow, 2=wide
    Bits 4 to 5: zoom state: 0=smallest, ... 3=largest
  Offset  4 (byte): 0=style bar off, 1=style bar on
  Offset  5 (byte): 0=file type is paragraph, 1=file type is line
  Offset  6 (byte): outlining level
  Offset  7 (byte): unused
  Offset  8 (word): unused

Record type 2 holds information about printer set-up. It is
always 58 bytes:
  Offset  0 (word): page width
  Offset  2 (word): page height
    (Note: the above fields assume that the paper orientation is "portrait")
  Offset  4 (word): left margin
  Offset  6 (word): top margin
  Offset  8 (word): width of printing area
  Offset 10 (word): height of printing area
    (Note: these four fields have only been checked for portrait)
  Offset 12 (word): header offset (bottom of header to top of text)
  Offset 14 (word): footer offset (bottom of footer to bottom of text)
  Offset 16 (word): paper orientation: 0=portrait, 1=landscape
  Offset 18 (word): unknown
  Offset 20 (word): first page to print (1=first page)
  Offset 22 (word): last page to print ($FFFF=end of file)
  Offset 24 (word): header font code number
  Offset 26 (byte): header style
    Bit 0: underline
    Bit 1: bold
    Bit 2: italic
    Bit 3: superscript
    Bit 4: subscript
  Offset 27 (byte): unused
  Offset 28 (word): header font size
  Offset 30 (byte): header alignment:
    0 = left
    1 = right
    2 = centered
    3 = justified
    4 = two column
    5 = three column
  Offset 31 (byte): header on first page: 0=no, 1=yes
  Offset 32 to  39: as 24 to 31, but apply to footer, not header
  Offset 40 (word): page number of first page minus 1
  Offset 42 (word): number of pages
  Offset 44 (word): page number style: 0="1,2,3", 1="I,II,III", 2="i,ii,iii"
  Offset 46 (word): base font code number
  Offset 48 (byte): base style (as offset 26)
  Offset 49 (byte): unused
  Offset 50 (word): base font size
  Offset 52 (byte): paper size code:
    0 = A4        (11906 x 16838)
    1 = Custom
    2 = Executive (10440 x 15120)
    3 = Legal     (12240 x 20160)
    4 = Letter    (12240 x 15840)
    5 = Monarch   ( 5580 x 10800)
    6 = DL        ( 6236 x 12472)
  Offset 53 (byte): widows/orphans allowed: 0=no, 1=yes
  Offset 54 (long): unused
The base font code, style, and font size are unused by Word (and should be set
to code 0, style 0, size 240). Other applications using this record layout may
use them and provide means to set them.

Record type 3 holds information about the printer driver:
  Offset  0 (byte): printer driver model number
  Offset  1 (cstr): printer driver library
A printer driver library can support several similar printers; the model number
specifies which is selected.

Record types 4 and 5 hold cstrs giving the header and footer text respectively.

Record types 6 and 7 have a similar layout. Record type 6 describes a style
and uses all 80 bytes. Record type 7 describes an emphasis and uses only the
first 28 bytes.
  Offset  0 to   1: short code, as uppercase letters
  Offset  2 (cstr): full name
  Offset 18 (byte):
    Bit 0: 0=style, 1=emphasis
    Bit 1: set if style or emphasis undeletable
    Bit 2: set for default style or emphasis
  Offset 19 (byte): unused
  Offset 20 (word): font code number (can be inherited)
  Offset 22 (byte): style (bits inherited must be clear in this byte)
    Bit 0: underline
    Bit 1: bold
    Bit 2: italic
    Bit 3: superscript (available in emphasis only)
    Bit 4: subscript   (available in emphasis only)
  Offset 23 (byte): unused
  Offset 24 (word): font size
  Offset 26 (byte):
    Bit 0: inherit underline setting
    Bit 1: inherit bold setting
    Bit 2: inherit italic setting
    Bit 3: inherit superscript setting (available in emphasis only)
    Bit 4: inherit subscript setting   (available in emphasis only)
  Offset 27 (byte): unused
  Offset 28 (word): left indent
  Offset 30 (word): right indent
  Offset 32 (word): first line indent
  Offset 34 (word): alignment: 0=left, 1=right, 2=centred, 3=justified
  Offset 36 (word): line spacing
  Offset 38 (word): space above paragraph
  Offset 40 (word): space below paragraph
  Offset 42 (byte): spacing controls:
    Bit 0: set to keep with next
    Bit 1: set to keep together
    Bit 2: set to start new page
  Offset 43 (byte): unused
  Offset 44 (word): Outline level (1 to 9)
  Offset 46 (word): number of tab stops set
  Offset 48 (word): position of first tab stop
  Offset 50 (word): type of first tab stop: 0=left, 1=right, 2=centred
  Offset 52 to  55: as offsets 48 to 51 for second tab stop
  Offset 56 to  79: as offsets 48 to 51 for third to eighth tab stops

Record type 8 holds the actual text. The following bytes have special
meanings:
   0 = paragraph separator
   7 = unbreakable hyphen
  14 = soft hyphen (displayed only if used to break line)
  15 = unbreakable space
The record is modified in encrypted files.

Record type 9 consists of a sequence of blocks giving the style and emphasis
for the text; each block covers some number of consecutive bytes, and the
blocks between them cover the entire text. No block crosses a paragraph
boundary, but the last block of the paragraph includes the zero byte separating
it from the next paragraph. Each block is 6 bytes:
  Offset  0 (word): number of bytes covered
  Offset  2 to   3: shortcode of style applied
  Offset  4 to   5: shortcode of emphasis applied
The last block should cover an extra byte (an imaginary extra zero separator),
so that the sum of the bytes covered is one more than the size of the type 8
record.


Encryption
----------

Word files can be encrypted with a password. If so, this fact is indicated
in the header (see above), and the type 8 record is modified.

The password is used to generate two 9 byte sequences, called the key value
and the key check value; there is no obvious relationship between the two
sequences. The key check value is written into the header, while the key
value is used for the actual encryption. The key value is generated with the
system call GenMaskInit; there is no documentation of the algorithm used to
generate the check value.

[Note: different passwords may generate the same key value but different key
check values, or vice versa (passwords "AA" and "AAA" are an example of the
latter). This can confuse Word badly.]

Encryption is carried out using the system call GenMaskEncrypt. For
convenience, the description is repeated here with an example.

The first 7 bytes of the key value are appended to all 9 to generate a 16
byte sequence. This is then repeated to generate a sequence of the same size
as the type 8 record, and placed in 1-to-1 correspondence with it. In other
words, for byte N of the type 8 record, the corresponding key byte is given
by byte N AND $F of the 16 byte sequence, counting from 0 (or, in C notation,
byte N % 16 % 9 of the 9 byte sequence). The key byte is then added to the
plain text byte, modulo $100, to get the encrypted byte.

For example, suppose that the text is a single paragraph containing:
    Jackdaws love my 21 big sphinxes of quartz.
and the key value is:
    $91 $20 $E3 $92 $42 $F9 $5C $57 $A9
(which corresponds to the password "AA") then the encrypted type 8 record
is determined as follows:

    Text: J  a  c  k  d  a  w  s     l  o  v  e     m  y
          4A 61 63 6B 64 61 77 73 20 6C 6F 76 65 20 6D 79
    Key:  91 20 E3 92 42 F9 5C 57 A9 91 20 E3 92 42 F9 5C
    Encr: DB 81 46 FD A6 5A D3 CA C9 FD 8F 59 F7 62 66 D5

    Text:    2  1     b  i  g     s  p  h  i  n  x  e  s
          20 32 31 20 62 69 67 20 73 70 68 69 6E 78 65 73
    Key:  91 20 E3 92 42 F9 5C 57 A9 91 20 E3 92 42 F9 5C
    Encr: B1 52 14 B2 A4 62 C3 77 1C 01 88 4C 00 BA 5E CF

    Text:    o  f     q  u  a  r  t  z  .
          20 6F 66 20 71 75 61 72 74 7A 2E
    Key:  91 20 E3 92 42 F9 5C 57 A9 91 20
    Encr: B1 8F 49 B2 B3 6E BD C9 1D 0B 4E

Of course, standard Kerchoffs techniques can be used to break the encryption.
No Comments
Back to top