你好,游客 登录 注册 搜索
背景:
阅读新闻

破解ACCESS的数据库密码

[日期:2005-07-13] 来源:未知  作者:佚名 [字体: ]
unit GetAPass;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  Variants, ComOBJ, StdCtrls, ExtCtrls, ComCtrls, FileCtrl, ActnList, ImgList,
  ToolWin;

const
  Model = 'yyyy-mm-dd hh:nn:ss';
type
  PassType = record
 PassCode: string;
 FileType: string;
 FileTime: TDateTime;
  end;
  TPassForm = class(TForm)
 ListView1: TListView;
 ImageList1: TImageList;
 StatusBar1: TStatusBar;
 Memo1: TMemo;
 CoolBar1: TCoolBar;
 ToolBar1: TToolBar;
 ToolButton1: TToolButton;
 ToolButton2: TToolButton;
 ToolButton3: TToolButton;
 ToolButton4: TToolButton;
 ToolButton5: TToolButton;
 ToolButton6: TToolButton;
 ImageList2: TImageList;
 Edit1: TEdit;
 Pick1: TDateTimePicker;
 Splitter1: TSplitter;
 procedure CloseForm(Sender: TObject);
 procedure FormCreate(Sender: TObject);
 procedure FormDestroy(Sender: TObject);
 procedure GetMDBDir(Sender: TObject);
 procedure Edit1KeyPress(Sender: TObject; var Key: Char);
 procedure CreateMDB(Sender: TObject);
 procedure GetAllPass(Sender: TObject);
 procedure SetCurTime(Sender: TObject);
  private
 { Private declarations }
 DateStr: DWord;
 PassCode: WideString;
 EncodeArray: array[0..19] of Word;
 ReaderArray: array[0..19] of Word;
 function ExecFile(FName: string): PassType;
 procedure ExecDirectory(S: string);
 function Make01(F: string; P: string = ''): boolean;
 function Make02(F: string): boolean;
 procedure SetTime(YY, MM, DD: Word); overload;
 procedure SetTime(MYDate: TDate); overload;
  public
 { Public declarations }
 FileBox1: TFileListBox;
  end;

var
//2079-06-05前[EC379CFA28E68A607B36DFB11343B133795B7C2A ]
//2079-06-05后[ED379DFA29E68B607A36DEB11243B033785B7D2A ]
{ 固定密钥 }
  InhereCode: array[0..9] of Word =
  ($37EC, $FA9C, $E628, $608A, $367B, $B1DF, $4313, $33B1, $5B79, $2A7C);

{活动密钥 }
  UserCode8: array[0..9] of Word = //89年9月17日前
  ($8B86, $345D, $2EC6, $C613, $E454, $02F5, $8477, $DFCF, $1134, $C592);
  UserCode: array[0..9] of Word = //89年9月17日后
  ($7B86, $C45D, $DEC6, $3613, $1454, $F2F5, $7477, $2FCF, $E134, $3592);

  InCode97: array[0..19] of byte = //Access 97 固定密钥
  ($86, $FB, $EC, $37, $5D, $44, $9C, $FA, $C6, $5E,
 $28, $E6, $13, $00, $00, $00, $00, $00, $00, $00);
var
  PassForm: TPassForm;

implementation

{$R *.DFM}

procedure TPassForm.SetTime(YY, MM, DD: Word);
var
  myST: TSystemTime;
  MSec: Word;
begin
  with myST do begin
 MyST.wYear := YY;
 MyST.wMonth := MM;
 MyST.wDay := DD;
 DecodeTime(Time, wHour, wMinute, wSecond, MSec);
  end;
  try SetLocalTime(myST)except ShowMessage('Error'); end;
end;

procedure TPassForm.SetTime(MYDate: TDate);
var
  myST: TSystemTime;
  MSec: Word;
begin
  with myST do begin
 DecodeDate(MyDate, wYear, wMonth, wDay);
 DecodeTime(Time, wHour, wMinute, wSecond, MSec);
  end;
  try SetLocalTime(myST)except end;
end;

procedure TPassForm.CreateMDB(Sender: TObject);
var
  Date0: TDate;
  Date1: TDate;
  Date2: TDate;
begin
{Date0 := EncodeDate(1978, 7, 01);
  Date1 := EncodeDate(1989, 9, 17);
  Date2 := EncodeDate(2079, 6, 05); }
  //SetTime(Date0);
  Make01('D:\DB01.MDB', '112233大');
  //SetTime(Date1);
  Make01('D:\DB02.MDB', '甚至于');
  //SetTime(Date2);
  Make01('D:\DB03.MDB', '');
end;

procedure SetFTime(const FileName: string; DTime: TDateTime);
var
  Q: HFile;
  ST: TSystemTime;
  FT: TFileTime;
begin
  DateTimeToSystemTime(DTime, ST);
  SystemTimeToFileTime(ST, FT);
  LocalFileTimeToFileTime(FT, FT);
  Q := FileOpen(FileName, fmOpenWrite or fmShareDenyNone);
  SetFileTime(Q, @FT, @FT, @FT);
end;

function TempPath(): string;
var
  SPath, Sfile&58 array[0..254] of char;
begin
  GetTempPath(254, SPath);
  GetTempFileName(SPath, '~SM', 0, SFile);
  result := SFile;
  DeleteFile(result);
end;

function TPassForm.Make01(F: string; P: string = ''): boolean;
var
  Linker: string;
  Access: OleVariant;
begin
  if FileExists(F) then DeleteFile(F);
  Linker :=
 'Provider=Microsoft.Jet.OLEDB.4.0;Data ' +
 'Source=%s;Jet OLEDB:Database Password=%s;';
  Access := CreateOleObject('ADOX.Catalog');
  Access.Create(format(Linker, [F, P]));
end;

function TPassForm.Make02(F: string): boolean;
var
  Access: OleVariant;
begin
  if FileExists(F) then DeleteFile(F);
  Access := CreateOleObject('Access.Application');
  Access.NewCurrentDatabase(F);
  Access.Quit;
  Access := null;
end;

procedure TPassForm.FormCreate(Sender: TObject);
begin
  Pick1.DateTime := Now;
  FileBox1 := TFileListBox.Create(nil);
  FileBox1.Visible := false;
  FileBox1.Parent := Self;
  FileBox1.Mask := '*.MDB';
end;

procedure TPassForm.FormDestroy(Sender: TObject);
begin
  FileBox1.Free;
end;

procedure TPassForm.ExecDirectory(S: string);
var
  i: integer;
  P: PassType;
begin
  FileBox1.Directory := S;
  ListView1.Items.BeginUpdate;
  ListView1.Items.Clear;
  for i := FileBox1.Count - 1 downto 0 do begin
 S := FileBox1.Items[i];
 P := ExecFile(S);
 if P.PassCode = '' then Continue;
 with ListView1.Items.Add do begin
 Caption := S;
 ImageIndex := 0;
 SubItems.Add(P.FileType);
 SubItems.Add(P.PassCode);
 SubItems.Add(FormatDateTime(model, P.FileTime));
 end;
 ListView1.Items.EndUpdate;
  end;
end;

procedure TPassForm.GetMDBDir(Sender: TObject);
var
  S: string;
begin
  if not SelectDirectory('选择数据库目录', '', S) then Exit;
  Edit1.Text := S;
  ExecDirectory(S);
end;

procedure TPassForm.Edit1KeyPress(Sender: TObject; var Key: Char);
begin
  if Key <> #13 then Exit;
  if Trim(Edit1.Text) = '' then Exit;
  ExecDirectory(Edit1.Text);
end;

procedure TPassForm.CloseForm(Sender: TObject);
begin
  Close;
end;

function TPassForm.ExecFile(FName: string): PassType;
  function CovTime(FD: _FileTime): TDateTime;
  var
 TCT: _SystemTime;
 Tmp: _FileTime;
  begin
 FileTimeToLocalFileTime(FD, Tmp);
 FileTimeToSystemTime(Tmp, TCT);
 Result := SystemTimeToDateTime(TCT);
  end;

var
  Stream: TFileStream;
  i, n: integer;
  TP: TSearchRec;
  WTime: TDateTime;
  WSec: DWord;
  M, S: string;
  Buf: array[0..200] of byte;
  Date0: TDateTime;
  Date1: TDateTime;
  Date2: TDateTime;
const
  XorStr = $823E6C94;
begin
  FindFirst(FName, faAnyFile, TP);
//FT := CovTime(TP.FindData.ftCreationTime);

  Stream := TFileStream.Create(FName, fmOpenReadWrite);
  Stream.Seek($00, 00); Stream.Read(Buf[0], 200);
  if Buf[$14] = 0 then begin
 PassCode := '';
 Stream.Seek($42, 00); Stream.Read(Buf[0], 20);
 for i := 0 to 19 do
 PassCode := PassCode + chr(Buf[i] xor InCode97[i]);
 Result.PassCode := PassCode;
 Result.FileType := 'ACCESS-97';
 Result.FileTime := Now;
 Exit; // 按Access97版本处理
  end;

  Date0 := EncodeDate(1978, 7, 01);
  Date1 := EncodeDate(1989, 9, 17);
  Date2 := EncodeDate(2079, 6, 05);

  Stream.Seek($42, 00); Stream.Read(ReaderArray[0], 40);
  Stream.Seek($75, 00); Stream.Read(DateStr, 4);
  Stream.Free;
  for i := $42 to $42 + 55 do begin
 if i = $72 then M := '-' else M := '';
 S := S + #32 + M + IntToHex(Buf[i], 2);
  end;
  Delete(S, 1, 1);
  Memo1.Lines.Add(Format(
 '数据库文件名:%s,%s' +
 '10进制时间串:%d,%s' +
 '16进制时间串:%x,%s' +
 '数据库密码串:%s',
 [FName, #13#10, DateStr, #13#10, DateStr, #13#10, #13#10 + S + #13#10]));

  if (DateStr >= $90000000) and (DateStr < $B0000000) then begin
 WSec := DateStr xor $903E6C94;
 WTime := Date2 + WSec / 8192 * 2;
  end else begin
 WSec := DateStr xor $803E6C94;
 WTime := Date1 + WSec / 8192;
 if WSec and $30000000 <> 0 then begin
 WSec := $40000000 - WSec;
 WTime := Date1 - WSec / 8192 / 2;
 end;
  end;
  Memo1.Lines.Add('创建时间:' + DateTimeToStr(WTime));
  if WTime < Date1 then begin
 for i := 0 to 9 do begin
 EncodeArray[i * 2] := (Trunc(WTime) - Trunc(Date0)) xor UserCode[i] xor $F000;
 // Xor $F000 就是“高位取反”
 EncodeArray[i * 2 + 1] := InhereCode[i];
 end;
  end;
  if (WTime >= Date1) and (WTime < Date2) then begin
 for i := 0 to 9 do begin
 EncodeArray[i * 2] := (Trunc(WTime) - Trunc(Date1)) xor UserCode[i];
 EncodeArray[i * 2 + 1] := InhereCode[i];
 end;
  end;
  if WTime >= Date2 then begin
 for i := 0 to 9 do begin
 EncodeArray[i * 2] := (Trunc(WTime) - Trunc(Date1)) xor UserCode[i];
 EncodeArray[i * 2 + 1] := InhereCode[i] xor 1;
 // Xor 1 就是“末位取反”
 end;
  end;
  PassCode := '';
  for i := 0 to 19 do begin
 N := EncodeArray[i] xor ReaderArray[i];
//if N <> 0 then PassCode := PassCode + Chr(N);
 if N <> 0 then PassCode := PassCode + WideChar(N);
  end;
  Result.FileType := 'ACCESS-2000';
  Result.FileTime := WTime;
  Result.PassCode := PassCode;
end;

procedure TPassForm.GetAllPass(Sender: TObject);
begin
  Memo1.Clear;
  Memo1.Lines.BeginUpdate;
  if Trim(Edit1.Text) = '' then Exit;
  ExecDirectory(Edit1.Text);
  Memo1.Lines.EndUpdate;
end;

procedure TPassForm.SetCurTime(Sender: TObject);
begin
  Self.SetTime(Pick1.Date);
end;

end. 
收藏 推荐 打印 | 阅读:
本文评论   查看全部评论 (0)
表情: 表情 姓名: 字数
点评:
       
评论声明
  • 尊重网上道德,遵守中华人民共和国的各项有关法律法规
  • 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
  • 本站管理人员有权保留或删除其管辖留言中的任意内容
  • 本站有权在网站内转载或引用您的评论
  • 参与本评论即表明您已经阅读并接受上述条款
相关新闻      
热门评论