编程语言 程序设计交流站


Join the forum, it's quick and easy

编程语言 程序设计交流站
编程语言 程序设计交流站
Would you like to react to this message? Create an account in a few clicks or log in to continue.
编程语言 程序设计交流站

欢迎关顾本站,在这里你可以畅所欲言,提出你要解决的问题,各路高手会给你一个圆满的答复,另外有各种源代码、源程序等供你下载。vb vc c++ c# delphi 易语言 Java PASCAL VFP JS VBS Pascal SQL...>


您没有登录。 请登录注册

破解Windows屏幕保护密码

向下  留言 [第1页/共1页]

1破解Windows屏幕保护密码 Empty 破解Windows屏幕保护密码 2012-07-18, 6:49 pm

Admin

Admin
Admin

大家都知道,屏幕保护密码最多为16个字符。微软内置了16字节的密钥:48 EE 76 1D 67 69 A1 1B 7A 8C 47 F8 54 95 97 5F。Windows便用上述密钥加密你输入的密码。其加密过程为:首先将你输入的密码字符逐位转换为其16进制的ASCⅡ码值(小写字母先转为大写字母),再依次与对应密钥逐位进行异或运算,把所得16进制值的每一位当作字符,转换为其16进制ASCII码,并在其尾加上00作为结束标志,存入注册表HKEY_CURRENT_USER\Control Panel\desktop下的二进制键ScreenSave_Data中。
   懂得其加密原理后,便不难编程破解我的屏幕保护密码(即上网密码)了。本人用VB6.0编制了一读取注册表中ScrrenSave_Data值的函数GetBinaryValue(Entry As String),读出其值为31 43 41 33 33 43 35 35 33 34 32 31 00,去掉其结束标志00,把余下字节转换为对应的ASCII字符,并把每两个字符组成一16进制数:1C A3 3C 55 34 21,显然,密码为6位,将其与前6字节密钥逐一异或后便得出密码的ASCII码(16进制值):54 4D 4A 48 53 48,对应的密码明文为TMJHSH,破解成功!用它拔号一试,呵,立刻传来Modem欢快的叫声。
   附VB源程序:(程序中使用了窗体Form1,文本框Text1,命令按钮Command1)
   1、窗体代码:
   Option Explicit
   Dim Cryptograph As String
   Dim i As Integer
   Dim j As Integer
   Dim k As Integer
   Dim CryptographStr(32) As Integer
   Dim PWstr As String
   Dim PassWord As String
   Private Sub Command1_Click()
   PWstr = “"
   PassWord = “"
   Text1.Text =“"
   Cryptograph = GetBinaryValue(“ScreenSave_Data")
   k = Len(Cryptograph)
   For j = 1 To k - 1
   For i = 32 To 126
   If Mid(Cryptograph, j, 1) = Chr(i) Then
   CryptographStr(j) = i
   End If
   Next i
   Next j
   i = (k - 1) / 2 '密码位数为(h-1)/2,根据位数选择解密过程。
   Select Case i
   Case 16
   GoTo 16
   Case 15
   GoTo 15
   Case 14
   GoTo 14
   Case 13
   GoTo 13
   Case 12
   GoTo 12
   Case 11
   GoTo 11
   Case 10
   GoTo 10
   Case 9
   GoTo 9
   Case 8
   GoTo 8
   Case 7
   GoTo 7
   Case 6
   GoTo 6
   Case 5
   GoTo 5
   Case 4
   GoTo 4
   Case 3
   GoTo 3
   Case 2
   GoTo 2
   Case 1
   GoTo 1
   Case Else
   End
   End Select
   16: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(31)) & Chr(CryptographStr(32))) Xor &H5F)
   15: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(29)) & Chr(CryptographStr(30))) Xor &H97)
   14: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(27)) & Chr(CryptographStr(28))) Xor &H95)
   13: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(25)) & Chr(CryptographStr(26))) Xor &H54)
   12: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(23)) & Chr(CryptographStr(24))) Xor &HF8)
   11: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(21)) & Chr(CryptographStr(22))) Xor &H47)
   10: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(19)) & Chr(CryptographStr(20))) Xor &H8C)
   9: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(17)) & Chr(CryptographStr(18))) Xor &H7A)
   8: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(15)) & Chr(CryptographStr(16))) Xor &H1B)
   7: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(13)) & Chr(CryptographStr(14))) Xor &HA1)
   6: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(11)) & Chr(CryptographStr(12))) Xor &H69)
   5: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(9)) & Chr(CryptographStr(10))) Xor &H67)
   4: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(7)) & Chr(CryptographStr(8))) Xor &H1D)
   3: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(5)) & Chr(CryptographStr(6))) Xor &H76)
   2: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(3)) & Chr(CryptographStr(4))) Xor &HEE)
   1: PWstr = PWstr & Chr((“&H" & Chr(CryptographStr(1)) & Chr(CryptographStr(2))) Xor &H48)
   For i = i To 1 Step -1 '所得PWstr的值为密码的倒序列,将其倒置便得出密码。
   PassWord = PassWord & Mid(PWstr, i, 1)
   Next i
   Text1.Text = PassWord '在文本框内显示密码。
   End Sub
   2、模块代码:
   Option Explicit
   Const ERROR_SUCCESS = 0&
   Const ERROR_BADDB = 1009&
   Const ERROR_BADKEY = 1010&
   Const REG_EXPAND_SZ = 2&
   Const REG_BINARY = 3&
   Const KEY_QUERY_VALUE = &H1&
   Const KEY_ENUMERATE_SUB_KEYS = &H8&
   Const KEY_NOTIFY = &H10&
   Const READ_CONTROL = &H20000
   Const STANDARD_RIGHTS_READ = READ_CONTROL
   Const KEY_READ = STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY
   Const HKEY_CURRENT_USER = &H80000001
   Dim hKey As Long, MainKeyHandle As Long
   Dim rtn As Long, lBuffer As Long, sBuffer As String, SubKey As String
   Dim lBufferSize As Long
   Declare Function RegOpenKeyEx Lib “advapi32.dll" Alias “RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
   Declare Function RegCloseKey Lib “advapi32.dll" (ByVal hKey As Long) As Long
   Declare Function RegQueryValueEx Lib“advapi32.dll" Alias“Reg QueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long
   Function GetBinaryValue(Entry As String)
   MainKeyHandle = HKEY_CURRENT_USER
   SubKey = “Control Panel\desktop\"
   rtn = RegOpenKeyEx(MainKeyHandle, SubKey, 0, KEY_READ, hKey)
   If rtn = ERROR_SUCCESS Then '如果HKEY_CURRENT_USER\Control Panel\desktop键被成功打开
   lBufferSize = 1
   rtn = RegQueryValueEx(hKey, Entry, 0, REG_BINARY, 0, lBufferSize) '读取ScreenSave_Data的值
   sBuffer = Space(lBufferSize)
   rtn = RegQueryValueEx(hKey, Entry, 0, REG_BINARY, sBuffer, lBufferSize)
   If rtn = ERROR_SUCCESS Then '如果读取ScreenSave_Data的值成功
   rtn = RegCloseKey(hKey)
   GetBinaryValue = sBuffer '函数返回ScreenSave_Data的值
   Else '如果读取ScreenSave_Data的值不成功
   Call ErrorMsg
   End
   End If
   Else '如果HKEY_CURRENT_USER\Control Panel\desktop键不能打开
   Call ErrorMsg '调用ErrorMsg()过程
   End
   End If
   End Function
   Private Sub ErrorMsg() '显示错误信息过程
   Select Case rtn
   Case ERROR_BADDB
   MsgBox (“您的计算机注册表有错误!")
   Case ERROR_BADKEY, REG_EXPAND_SZ
   MsgBox (“您的计算机未设屏保密码!")
   Case Else
   MsgBox (“破解过程中遇到未知错误,错误号:" & Str$(rtn))
   End Select
   End Sub

http://proj.my-rpg.com

返回页首  留言 [第1页/共1页]

您在这个论坛的权限:
不能在这个论坛回复主题