VB編程破解Windows屏幕保護密碼
大家都知道,屏幕保護密碼最多為16個字符。微軟內置了16字節的密鑰:48 EE 76 1D 67 69 A1 1B 7A 8C 47 F8 54 95 97 5F。Windows便用上述密鑰加密你輸入的密碼。其加密過程為:首先將你輸入的密碼字符逐位轉換為其16進制的ASCⅡ碼值(小寫字母先轉為大寫字母),再依次與對應密鑰逐位進行異或運算,把所得16進制值的每一位當作字符,轉換為其16進制ASCII碼,并在其尾加上00作為結束標志,存入注冊表HKEY_CURRENT_USERControl Paneldesktop下的二進制鍵ScreenSave_Data中。
懂得其加密原理后,便不難編程破解我的屏幕保護密碼(即上網密碼)了。本人用VB6.0編制了一讀取注冊表中ScrrenSave_Data值的函數GetBinaryValue(Entry As String),讀出其值為31 43 41 33 33 43 35 35 33 34 32 31 00,去掉其結束標志00,把余下字節轉換為對應的ASCII字符,并把每兩個字符組成一16進制數:1C A3 3C 55 34 21,顯然,密碼為6位,將其與前6字節密鑰逐一異或后便得出密碼的ASCII碼(16進制值):54 4D 4A 48 53 48,對應的密碼明文為TMJHSH,破解成功!用它拔號一試,呵,立刻傳來Modem歡快的叫聲。
附VB源程序:(程序中使用了窗體Form1,文本框Text1,命令按鈕Command1)
1、窗體代碼:
2、模塊代碼:
懂得其加密原理后,便不難編程破解我的屏幕保護密碼(即上網密碼)了。本人用VB6.0編制了一讀取注冊表中ScrrenSave_Data值的函數GetBinaryValue(Entry As String),讀出其值為31 43 41 33 33 43 35 35 33 34 32 31 00,去掉其結束標志00,把余下字節轉換為對應的ASCII字符,并把每兩個字符組成一16進制數:1C A3 3C 55 34 21,顯然,密碼為6位,將其與前6字節密鑰逐一異或后便得出密碼的ASCII碼(16進制值):54 4D 4A 48 53 48,對應的密碼明文為TMJHSH,破解成功!用它拔號一試,呵,立刻傳來Modem歡快的叫聲。
附VB源程序:(程序中使用了窗體Form1,文本框Text1,命令按鈕Command1)
1、窗體代碼:
| Option Explicit Dim Cryptograph As String Dim i As Integer Dim j As Integer Dim k As Integer Dim CryptographStr(32) As Integer Dim PWstr As String Dim PassWord As String Private Sub Command1_Click() PWstr = "" PassWord = "" Text1.Text ="" Cryptograph = GetBinaryValue("ScreenSave_Data") k = Len(Cryptograph) For j = 1 To k - 1 For i = 32 To 126 If Mid(Cryptograph, j, 1) = Chr(i) Then CryptographStr(j) = i End If Next i Next j i = (k - 1) / 2 '密碼位數為(h-1)/2,根據位數選擇解密過程。 Select Case i Case 16 GoTo 16 Case 15 GoTo 15 Case 14 GoTo 14 Case 13 GoTo 13 Case 12 GoTo 12 Case 11 GoTo 11 Case 10 GoTo 10 Case 9 GoTo 9 Case 8 GoTo 8 Case 7 GoTo 7 Case 6 GoTo 6 Case 5 GoTo 5 Case 4 GoTo 4 Case 3 GoTo 3 Case 2 GoTo 2 Case 1 GoTo 1 Case Else End End Select 16: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(31)) & Chr(CryptographStr(32))) Xor &H5F) 15: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(29)) & Chr(CryptographStr(30))) Xor &H97) 14: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(27)) & Chr(CryptographStr(28))) Xor &H95) 13: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(25)) & Chr(CryptographStr(26))) Xor &H54) 12: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(23)) & Chr(CryptographStr(24))) Xor &HF8) 11: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(21)) & Chr(CryptographStr(22))) Xor &H47) 10: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(19)) & Chr(CryptographStr(20))) Xor &H8C) 9: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(17)) & Chr(CryptographStr(18))) Xor &H7A) 8: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(15)) & Chr(CryptographStr(16))) Xor &H1B) 7: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(13)) & Chr(CryptographStr(14))) Xor &HA1) 6: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(11)) & Chr(CryptographStr(12))) Xor &H69) 5: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(9)) & Chr(CryptographStr(10))) Xor &H67) 4: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(7)) & Chr(CryptographStr(8))) Xor &H1D) 3: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(5)) & Chr(CryptographStr(6))) Xor &H76) 2: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(3)) & Chr(CryptographStr(4))) Xor &HEE) 1: PWstr = PWstr & Chr(("&H" & Chr(CryptographStr(1)) & Chr(CryptographStr(2))) Xor &H48) For i = i To 1 Step -1 '所得PWstr的值為密碼的倒序列,將其倒置便得出密碼。 PassWord = PassWord & Mid(PWstr, i, 1) Next i Text1.Text = PassWord '在文本框內顯示密碼。 End Sub |
2、模塊代碼:
| Option Explicit Const ERROR_SUCCESS = 0& Const ERROR_BADDB = 1009& Const ERROR_BADKEY = 1010& Const REG_EXPAND_SZ = 2& Const REG_BINARY = 3& Const KEY_QUERY_VALUE = &H1& Const KEY_ENUMERATE_SUB_KEYS = &H8& Const KEY_NOTIFY = &H10& Const READ_CONTROL = &H20000 Const STANDARD_RIGHTS_READ = READ_CONTROL Const KEY_READ = STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY Const HKEY_CURRENT_USER = &H80000001 Dim hKey As Long, MainKeyHandle As Long Dim rtn As Long, lBuffer As Long, sBuffer As String, SubKey As String Dim lBufferSize As Long Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long Declare Function RegQueryValueEx Lib"advapi32.dll" Alias"Reg QueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long Function GetBinaryValue(Entry As String) MainKeyHandle = HKEY_CURRENT_USER SubKey = "Control Paneldesktop" rtn = RegOpenKeyEx(MainKeyHandle, SubKey, 0, KEY_READ, hKey) If rtn = ERROR_SUCCESS Then '如果HKEY_CURRENT_USERControl Paneldesktop鍵被成功打開 lBufferSize = 1 rtn = RegQueryValueEx(hKey, Entry, 0, REG_BINARY, 0, lBufferSize) '讀取ScreenSave_Data的值 sBuffer = Space(lBufferSize) rtn = RegQueryValueEx(hKey, Entry, 0, REG_BINARY, sBuffer, lBufferSize) If rtn = ERROR_SUCCESS Then '如果讀取ScreenSave_Data的值成功 rtn = RegCloseKey(hKey) GetBinaryValue = sBuffer '函數返回ScreenSave_Data的值 Else '如果讀取ScreenSave_Data的值不成功 Call ErrorMsg End End If Else '如果HKEY_CURRENT_USERControl Paneldesktop鍵不能打開 Call ErrorMsg '調用ErrorMsg()過程 End End If End Function Private Sub ErrorMsg() '顯示錯誤信息過程 Select Case rtn Case ERROR_BADDB MsgBox ("您的計算機注冊表有錯誤!") Case ERROR_BADKEY, REG_EXPAND_SZ MsgBox ("您的計算機未設屏保密碼!") Case Else MsgBox ("破解過程中遇到未知錯誤,錯誤號:" & Str$(rtn)) End Select End Sub |