Tutorials to .com

Tutorials to .com » Database » Access » Crack Access (*. mdb) all current versions of the password

Crack Access (*. mdb) all current versions of the password

Print View , by: iSee ,Total views: 71 ,Word Count: 1716 ,Date: Fri, 17 Apr 2009 Time: 9:37 PM


Crack password on Access97 in many websites and magazines have been introduced. Here, I simply repeat.

Mdb file in the first byte 0x42 Department with 13 bytes 0x86, 0xfb, 0xec, 0x37, 0x5d, 0x44, 0x9c, 0xfa, 0xc6, 0x5e, 0x28, 0xe6, 0x13 XOR can be obtained after the database password. However, in access 2000 and 2002 version of the key is no longer a fixed 13 bytes. But the way encryption has changed.

After the afternoon with a ccrun time to study the Access2000 finally find out the encryption method. . Even in this experience will be published. Useful for all of us hope that, if I understand you find an error, please contact us to tell us. Email: info@ccrun.com Copyright although there is not no relationship, but if you want to reprint, please indicate the source and to ensure the integrity of the document. .

I use the analysis tools is UltraEdit32 v10.00, programming tools are c + + Builder 6.0

After analysis by UltraEdit32 found Access2000 and Access2002 database in the same manner as encryption, so the following only the mdb file Access2000. I also used a number of 16-band said, it was added in front of 0x, if you are using a vb or other, it is necessary to pay attention to numerical Oh.

First of all AccessXP created with an empty database file password db1.mdb, contains a table, of which there is a field, did not fill in any data. Exit and then save a copy for db2.mdb, to open exclusive 2.mdb, and add a password to save 1324567890123.

UltraEdit32 open with the two databases and compare. I am also very simple way. In UltraEdit32, the rapid back and forth by clicking the tab to open the file (that is switch back and forth between two documents, huh, huh.it), found from the file byte 0x42 Department start to change.

db1.mdb
00000040h: BC 4E BE 68 EC 37 65 D7 9C FA FE CD 28 E6 2B 25;
00000050h: 8A 60 6C 07 7B 36 CD E1 DF B1 4F 67 13 43 F7 3C;

00000060h: B1 33 0C F2 79 5B AA 26 7C 2A 4F E9 7C 99 05 13;
db2.mdb
00000040h: BC 4E 8F 68 DE 37 56 D7 A8 FA CB CD 1E E6 1C 25;
00000050h: B2 60 55 07 4B 36 FC E1 ED B1 7C 67 13 43 F7 3C;

00000060h: B1 33 0C F2 79 5B AA 26 7C 2A 4F E9 7C 99 05 13;

In order to more clearly see, I added a bit different color. Road to see the right, Access97 or later, the password is no longer a continuous storage of bytes, but every one byte of a deposit. And encrypted. Way to decrypt them on, or use the old methods of "XOR"! 0xBE ^ 0x8F = 0x31, This is the Ascii code "1" Oh. Next 0xEC ^ 0xDE = 0x32 precisely Ascii code "2", huh, huh. Until the last of a different 0x4F ^ 0x7C = 0x33, synthesis will be the string of characters is expressly password "1234567890123", do not call it a day so that the. Because it was just the right touch. Ha ha. I also think that just started simple, then use CB to do a small program, try several mdb password solutions are still lines, but the test to the mdb filefound out the password wrong, fainted. Then use another tool to check the password mdb look and found that others can retrieve the correct password is Access2000 format, so feel the way Microsoft's encryption research, or not finished. One byte can only test a byte. . . . nnn times since the first discovery of the byte 0x62 Department plays a key role, tentatively called the encryption signs.

db1.mdb / / empty password
00000040h: BC 4E BE 68 EC 37 65 D7 9C FA FE CD 28 E6 2B 25;
00000050h: 8A 60 6C 07 7B 36 CD E1 DF B1 4F 67 13 43 F7 3C;

00000060h: B1 33 0C F2 79 5B AA 26 7C 2A 4F E9 7C 99 05 13;

db2.mdb / / password is: 1234567890123
00000040h: BC 4E 8F 68 DE 37 56 D7 A8 FA CB CD 1E E6 1C 25;
00000050h: B2 60 55 07 4B 36 FC E1 ED B1 7C 67 13 43 F7 3C;

00000060h: B1 33 0C F2 79 5B AA 26 7C 2A 4F E9 7C 99 05 13;

dvbbs.mdb / / password: yemeng.net

00000040h: BC 4E DB 6A 89 37 14 D5 F9 FA 8C CF 4F E6 19 27;

00000050h: E4 60 15 05 0F 36 D1 E3 DF B1 53 65 13 43 EB 3E;

00000060h: B1 33 10 F0 79 5B B6 24 7C 2A 4A E0 7C 99 05 13;

How test, or XOR. Check the byte 0x42 start 0xDB documents with blank passwords Department byte XOR 0x42, 0x62 Department of encryption check mark and empty password file byte XOR 0x62 Department and then the two values to obtain different or:

(0xDB ^ 0xBE) ^ (0x10 ^ 0x0C) = 0x79. Ascii value of the "y", and then remove one byte (a byte from the following recall a)

(0x89 ^ 0xEC) ^ (0x10 ^ 0x0C) = 0x79 Well, Actually, this byte should be "e", and how into a "y" a? Try not to back the value of two different or different, or, only 0x89 ^ 0xEC = 0x65 to be "e", and Kazakhstan. This is the next right. Next

(0x14 ^ 0x65) ^ (0x10 ^ 0C) = 0x6D be "m", the next

(0xF9 ^ 9C) = 0x65 to be "e", pay attention to here is only a few XOR of these two. Behind you can try.

This summed up the law came.

Decryption, the encrypted file to remove the header from the beginning of the byte 0x62 Department with empty password database file first differences or 0x62 Department received an encrypted symbol.

0x42 Department from the beginning of every one byte for a byte access to 13-byte encrypted password, respectively, with empty password database file one byte 0x42 Department made every 13-byte XOR would like to be 13 semi passwords. Why is it semi-finished products, because even 13-byte password every one byte, marked with different encryption, or end up with 13 bytes is the real password. Of course, if there is 0x0 bytes, then not enough 13-digit password. Show up directly on it.

In addition, I found signs encryption machines over time or vary, so it does not omnipotent, but there is a reference to it. The following code is written, I made this process a few times, and I wrote this article is not a time, so values are not the same, but the result of decryption is the same. We can refer to.

Yes, there is an important first served to determine the version of the database, I used a simple approach, Department of bytes from 0x14, if the judge is 0 for the Access97, if one thinks that the Access2000 or 2002 . But there is no study to determine the way in 2000 and 2002, if any knows, please advice.

Code:

/ / Here is the definition of 13 bytes as the source XOR Access2000. Encrypted with the corresponding signs are 0x13, ccrun hereby marked

/ / Of course, you can use this group: BE EC 65 9C FE 28 2B 8A 6C 7B CD DF 4F with this group of signs corresponding to the encryption is 0x0c

/ / Ha ha. Procedures, some chaos, hope that we can see to understand.
char PassSource2k [13] = (0xa1, 0xec, 0x7a, 0x9c, 0xe1, 0x28, 0x34, 0x8a, 0x73, 0x7b, 0xd2, 0xdf, 0x50);

/ / Access97 XOR of the source
char PassSource97 [13] = (0x86, 0xfb, 0xec, 0x37, 0x5d, 0x44, 0x9c, 0xfa, 0xc6, 0x5e, 0x28, 0xe6, 0x13);

void __fastcall TMainForm:: GetMdbPass ()
(
char PassStrTemp [26], Ver, EncrypFlag, t1;
int FileHandle;
String MdbPassword, MdbVersion, MdbFileName;

FileHandle = FileOpen (MdbFileName, fmOpenRead);
if (FileHandle <0)
(
ShowMessage ( "File open error!");
return;
)

/ / Get the database version
FileSeek (FileHandle, 0x14, 0);
FileRead (FileHandle, & Ver, 1);

/ / Get encrypted logo
FileSeek (FileHandle, 0x62, 0);
FileRead (FileHandle, & EncrypFlag, 1);

/ / Read the encrypted password to the buffer zone
FileSeek (FileHandle, 0x42, 0);
FileRead (FileHandle, & PassStrTemp, 26);
FileClose (FileHandle);

if (Ver <1)
(
MdbVersion = "Access 97";
if (int (PassStrTemp [0] ^ PassSource97 [0]) == 0)
MdbPassword = "password is empty!";
else
(
MdbPassword = "";
for (int j = 0; j <13; j + +)
MdbPassword = MdbPassword + char (PassStrTemp [j] ^ PassSource97 [j]);
)
)
else
(
MdbVersion = "Access 2000 or 2002";
MdbPassword = "";
for (int j = 0; j <13; j + +)
(
if (j% 2 == 0)

t1 = char (0x13 ^ EncrypFlag ^ PassStrTemp [j * 2] ^ PassSource2k [j]);

/ / Every byte with a different sign or encrypt. Encryption signs here for the 0x13

else

t1 = char (PassStrTemp [j * 2] ^ PassSource2k [j]);
MdbPassword = MdbPassword + t1;
)
)
if (MdbPassword [1] <0x20 | | MdbPassword [1]> 0x7e)
MdbPassword = "password is empty!";
EditMdbFileName-> Text = MdbFileName;
EditMdbPassword-> Text = MdbPassword;
EditMdbVersion-> Text = MdbVersion;
)

ccrun original, from C++ + + Builder Study http://www.ccrun.com

Email: info@ccrun.com QQ: 165332

If reproduced please specify the source and to ensure the integrity of the document, thank you.
If you are lazy to do the procedure, you can click here to download.


Microsoft Access Tutorial Articles


Can't Find What You're Looking For?


Rating: Not yet rated

Comments

No comments posted.