程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
 程式師世界 >> 編程語言 >> Visual Basic語言 >> VB綜合教程 >> 破解Windows屏幕保護admin888

破解Windows屏幕保護admin888

編輯:VB綜合教程
大家都知道,屏幕保護密碼最多為16個字符。微軟內置了16字節的密鑰:48EE761D6769A11B7A8C47F85495975F。Windows便用上述密鑰加密你輸入的密碼。其加密過程為:首先將你輸入的密碼字符逐位轉換為其16進制的ASCⅡ碼值(小寫字母先轉為大寫字母),再依次與對應密鑰逐位進行異或運算,把所得16進制值的每一位當作字符,轉換為其16進制ASCII碼,並在其尾加上00作為結束標志,存入注冊表HKEY_CURRENT_USERControlPaneldesktop下的二進制鍵ScreenSave_Data中。
  懂得其加密原理後,便不難編程破解我的屏幕保護密碼(即上網密碼)了。本人用VB6.0編制了一讀取注冊表中ScrrenSave_Data值的函數GetBinaryValue(EntryAsString),讀出其值為31434133334335353334323100,去掉其結束標志00,把余下字節轉換為對應的ASCII字符,並把每兩個字符組成一16進制數:1CA33C553421,顯然,密碼為6位,將其與前6字節密鑰逐一異或後便得出密碼的ASCII碼(16進制值):544D4A485348,對應的密碼明文為TMJHSH,破解成功!用它拔號一試,呵,立刻傳來Modem歡快的叫聲。
  附VB源程序:(程序中使用了窗體Form1,文本框Text1,命令按鈕Command1)
  1、窗體代碼:
  OptionExplicit
  DimCryptographAsString
  DimiAsInteger
  DimjAsInteger
  DimkAsInteger
  DimCryptographStr(32)AsInteger
  DimPWstrAsString
  DimPassWordAsString
  PrivateSubCommand1_Click()
  PWstr=“"
  PassWord=“"
  Text1.Text=“"
  Cryptograph=GetBinaryValue(“ScreenSave_Data")
  k=Len(Cryptograph)
  Forj=1Tok-1
  Fori=32To126
  IfMid(Cryptograph,j,1)=Chr(i)Then
  CryptographStr(j)=i
  EndIf
  Nexti
  Nextj
  i=(k-1)/2'密碼位數為(h-1)/2,根據位數選擇解密過程。
  SelectCasei
  Case16
  GoTo16
  Case15
  GoTo15
  Case14
  GoTo14
  Case13
  GoTo13
  Case12
  GoTo12
  Case11
  GoTo11
  Case10
  GoTo10
  Case9
  GoTo9
  Case8
  GoTo8
  Case7
  GoTo7
  Case6
  GoTo6
  Case5
  GoTo5
  Case4
  GoTo4
  Case3
  GoTo3
  Case2
  GoTo2
  Case1
  GoTo1
  CaseElse
  End
  EndSelect
  16:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(31))&Chr(CryptographStr(32)))Xor&H5F)
  15:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(29))&Chr(CryptographStr(30)))Xor&H97)
  14:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(27))&Chr(CryptographStr(28)))Xor&H95)
  13:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(25))&Chr(CryptographStr(26)))Xor&H54)
  12:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(23))&Chr(CryptographStr(24)))Xor&HF8)
  11:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(21))&Chr(CryptographStr(22)))Xor&H47)
  10:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(19))&Chr(CryptographStr(20)))Xor&H8C)
  9:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(17))&Chr(CryptographStr(18)))Xor&H7A)
  8:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(15))&Chr(CryptographStr(16)))Xor&H1B)
  7:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(13))&Chr(CryptographStr(14)))Xor&HA1)
  6:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(11))&Chr(CryptographStr(12)))Xor&H69)
  5:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(9))&Chr(CryptographStr(10)))Xor&H67)
  4:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(7))&Chr(CryptographStr(8)))Xor&H1D)
  3:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(5))&Chr(CryptographStr(6)))Xor&H76)
  2:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(3))&Chr(CryptographStr(4)))Xor&HEE)
  1:PWstr=PWstr&Chr((“&H"&Chr(CryptographStr(1))&Chr(CryptographStr(2)))Xor&H48)
  Fori=iTo1Step-1'所得PWstr的值為密碼的倒序列,將其倒置便得出密碼。
  PassWord=PassWord&Mid(PWstr,i,1)
  Nexti
  Text1.Text=PassWord'在文本框內顯示密碼。
  EndSub
  2、模塊代碼:
  OptionExplicit
  ConstERROR_SUCCESS=0&
  ConstERROR_BADDB=1009&
  ConstERROR_BADKEY=1010&
  ConstREG_EXPAND_SZ=2&
  ConstREG_BINARY=3&
  ConstKEY_QUERY_VALUE=&H1&
  ConstKEY_ENUMERATE_SUB_KEYS=&H8&
  ConstKEY_NOTIFY=&H10&
  ConstREAD_CONTROL=&H20000
  ConstSTANDARD_RIGHTS_READ=READ_CONTROL
  ConstKEY_READ=STANDARD_RIGHTS_READOrKEY_QUERY_VALUEOrKEY_ENUMERATE_SUB_KEYSOrKEY_NOTIFY
  ConstHKEY_CURRENT_USER=&H80000001
  DimhKeyAsLong,MainKeyHandleAsLong
  DimrtnAsLong,lBufferAsLong,sBufferAsString,SubKeyAsString
  DimlBufferSizeAsLong
  DeclareFunctionRegOpenKeyExLib“advapi32.dll"Alias“RegOpenKeyExA"(ByValhKeyAsLong,ByVallpSubKeyAsString,ByValulOptionsAsLong,ByValsamDesiredAsLong,phkResultAsLong)AsLong
  DeclareFunctionRegCloseKeyLib“advapi32.dll"(ByValhKeyAsLong)AsLong
  DeclareFunctionRegQueryValueExLib“advapi32.dll"Alias“RegQueryValueExA"(ByValhKeyAsLong,ByVallpValueNameAsString,ByVallpReservedAsLong,lpTypeAsLong,ByVallpDataAsString,lpcbDataAsLong)AsLong
  FunctionGetBinaryValue(EntryAsString)
  MainKeyHandle=HKEY_CURRENT_USER
  SubKey=“ControlPaneldesktop"
  rtn=RegOpenKeyEx(MainKeyHandle,SubKey,0,KEY_READ,hKey)
  Ifrtn=ERROR_SUCCESSThen'如果HKEY_CURRENT_USERControlPaneldesktop鍵被成功打開
  lBufferSize=1
  rtn=RegQueryValueEx(hKey,Entry,0,REG_BINARY,0,lBufferSize)'讀取ScreenSave_Data的值
  sBuffer=Space(lBufferSize)
  rtn=RegQueryValueEx(hKey,Entry,0,REG_BINARY,sBuffer,lBufferSize)
  Ifrtn=ERROR_SUCCESSThen'如果讀取ScreenSave_Data的值成功
  rtn=RegCloseKey(hKey)
  GetBinaryValue=sBuffer'函數返回ScreenSave_Data的值
  Else'如果讀取ScreenSave_Data的值不成功
  CallErrorMsg
  End
  EndIf
  Else'如果HKEY_CURRENT_USERControlPaneldesktop鍵不能打開
  CallErrorMsg'調用ErrorMsg()過程
  End
  EndIf
  EndFunction
  PrivateSubErrorMsg()'顯示錯誤信息過程
  SelectCasertn
  CaseERROR_BADDB
  MsgBox(“您的計算機注冊表有錯誤!")
  CaseERROR_BADKEY,REG_EXPAND_SZ
  MsgBox(“您的計算機未設屏保密碼!")
  CaseElse
  MsgBox(“破解過程中遇到未知錯誤,錯誤號:"&Str$(rtn))
  EndSelect
  EndSub->

  1. 上一頁:
  2. 下一頁:
Copyright © 程式師世界 All Rights Reserved