Difficulty Level:

Star   Star   Star

First Published 30 June 2018                 Last Updated 24 Aug 2022

This is the second in a series of security challenges.
These are designed to show ways of making Access apps reasonably secure.

The application is an ACCDE file so all VBA code has been removed.
The file has been renamed as a runtime file (ACCDR). It will not run if the file type is changed.

Startup properties have been modified.
There is no access to the navigation pane, ribbon or the rest of the application window
The taskbar has also been removed. It is restored automatically when the application closes

The challenge is intended to be solvable.
Various clues have been provided which are intended to help achieve a solution.

The app is password protected but all the information to obtain that has been provided somewhere on this page . . . if you look and think carefully

A password cracking utility is NOT required . . . and using one will be considered as cheating!


The challenge is to:
a)   unlock the database, obtain the name and contents of the hidden table
b)   open the main form and find out how to enable the 'Click Me' button
c)   work out the meaning of the message displayed

The first part should be relatively straightforward if approached in the correct way.
The rest of this MAY be a little harder to accomplish.

Obtaining the full solution will need a mixture of problem solving skills and knowledge of some of the deeper recesses of databases

You can only run this application FOUR TIMES once you have deduced the correct password.
After 4 attempts it will be disabled, so plan carefully

I hope you enjoy puzzling out this challenge

If you succeed, please follow the supplied instructions to provide feedback by email (or use the feedback form provided below )

Please include the answers to a, b & c together with how you solved the challenge and the approximate time taken. Screenshots may be useful

NOTE: Access databases, including this one, can NEVER be made 100% secure
A capable and determined hacker can break any Access database given time

Both 32-bit & 64-bit versions have been supplied

Click to download the correct version for your computer:
      Hidden Message Challenge (32-bit)     Approx 0.6 MB (zipped)
      Hidden Message Challenge (64-bit)     Approx 0.8 MB (zipped)

UPDATE: 24 Aug 2022
New versions of both zip files have been uploaded. The only change to each file is to update the reference to a hidden web page (as the old page no longer exists)

If you get totally stuck on the password, click this link for some additional hints.

Nil illegitimi carborundum est


Please use the contact form below to let me know whether you found this article interesting/useful or if you have any questions/comments.

Do let me know if you find any bugs in the application.

Please also consider making a donation towards the costs of maintaining this website. Thank you

Colin Riddington                       Mendip Data Systems                       Last Updated 24 Aug 2022

Return to Security Challenges Page

Return to Top