[C#]Access 97/2K/XP/2K3数据库文件密码解密算法

原来是VB6的代码,我翻译过来的。。。下面贴出主要的实现代码吧。。。

 

        public static readonly byte[] keyMDB97 = new byte[] { 0x86, 0xFB, 0xEC, 0x37, 0x5D, 0x44, 0x9C, 0xFA, 0xC6, 0x5E, 0x28, 0xE6, 0x13 };
        public static readonly byte[] keyMDB2K = new byte[] { 0x4E, 0xA2, 0xDD, 0x43, 0x16, 0xD0, 0x34, 0xBE, 0x26, 0x60, 0x9B, 0x11, 0x56,
                                                              0xAE, 0x12, 0x8C, 0xF6, 0x22, 0x7C, 0xCB, 0x4D, 0xCD, 0x8D, 0xF1, 0x5E, 0x27,
                                                              0x52, 0x1D, 0x24, 0x3E, 0x72, 0x3C, 0xE3, 0xFD, 0xC8, 0x00, 0xAA, 0x46, 0xAD,
                                                              0x38, 0x89, 0x5D, 0x6D, 0x85, 0x78, 0x71, 0xE6, 0x80, 0x77, 0x82, 0xCC, 0x53,
                                                              0x09, 0xDB, 0x79, 0x69, 0x6F, 0x73, 0x50, 0x9E, 0x49, 0x5A, 0x42, 0x23, 0x4C,
                                                              0x55, 0xF2, 0xEB, 0xD4, 0x15, 0x98, 0x47, 0x33, 0x1E, 0x1F, 0xC4, 0xF0, 0x35,
                                                              0x1A, 0xA8, 0x4A, 0x7B, 0x18, 0x10, 0xEE, 0x7D, 0xE4, 0x40, 0x0A, 0x6B, 0x61,
                                                              0x9A, 0x66, 0x70, 0x93, 0xE2, 0x58, 0x01, 0x19, 0xB8, 0x83, 0xBD, 0xBF, 0x04,
                                                              0xF4, 0x2C, 0xDA, 0x59, 0x3A, 0xEF, 0x97, 0xAB, 0x5F, 0x03, 0x84, 0x48, 0xCE,
                                                              0x37, 0xFA, 0xCA, 0x8E, 0x9C, 0xE9, 0xCF, 0x8F, 0x02, 0xF8, 0x5B, 0x20, 0xA3,
                                                              0xD5, 0xFB, 0xE0, 0xE5, 0xA4, 0x17, 0x2B, 0xD2, 0x06, 0x68, 0x5C, 0xB1, 0x6C,
                                                              0xFC, 0x2D, 0xE1, 0x25, 0x3F, 0xF5, 0x2A, 0x88, 0x28, 0xB7, 0xB9, 0x0B, 0x1C,
                                                              0x32, 0x7E, 0x29, 0xFF, 0x92, 0xDC, 0x07, 0xC5, 0x90, 0xC6, 0xB0, 0xC3, 0x8A,
                                                              0xB5, 0x08, 0xB2, 0xE8, 0x75, 0x31, 0xA1, 0x57, 0xC1, 0x30, 0xC9, 0x91, 0xD3,
                                                              0xBA, 0x0C, 0x6A, 0x36, 0xB3, 0x54, 0x6E, 0x63, 0xA6, 0x44, 0x1B, 0xC0, 0x2E,
                                                              0x45, 0x7F, 0x99, 0x7A, 0x4F, 0x39, 0xC2, 0xAF, 0xA0, 0xED, 0xD9, 0x3D, 0xEA,
                                                              0x14, 0x21, 0xE7, 0xAC, 0xB4, 0xF3, 0x51, 0x9F, 0xD1, 0xD7, 0x8B, 0xFE, 0x76,
                                                              0xA7, 0xBB, 0x9D, 0x0E, 0xA5, 0x81, 0x64, 0x95, 0xF9, 0x2F, 0x62, 0x94, 0x05,
                                                              0x0F, 0x87, 0x4B, 0xD6, 0xC7, 0xA9, 0x74, 0x96, 0x41, 0x13, 0xD8, 0xF7, 0x65,
                                                              0xB6, 0xBC, 0xEC, 0x86, 0xDF, 0x3B, 0xDE, 0x67, 0x0D, 0x00, 0x00 };

        private void LoGetKey(byte[] arrKeyData, int flMaxValue)
        {
            byte[] key2K = new byte[keyMDB2K.Length];
            keyMDB2K.CopyTo(key2K, 0);

            uint i1, i2, i3, i4, i5, i6, i7, i8 = 0;
            i4 = key2K[0x100];
            i1 = key2K[0x101];
            for (int i = 0; i < flMaxValue; i++)
            {
                i4++;
                i4 &= 0x800000FF;
                i3 = i4 & 0xFF;
                i5 = key2K[i3];
                i1 &= 0xFF;
                i5 += i1;
                i1 = i5 & 0x800000FF;
                i6 = key2K[i4];
                i5 = key2K[i1];
                key2K[i3] = (byte)i5;
                i2 = i1;
                key2K[i2] = (byte)i6;
                i5 = key2K[i3];
                i3 = key2K[i1 & 0xFF];
                i5 += i3;
                i5 &= 0x800000FF;
                i7 = i5;
                i3 = i8;
                i5 = key2K[i5];
                arrKeyData[i3] ^= (byte)i5;
                i8++;
            }
            key2K[0x100] = (byte)i4;
            key2K[0x101] = (byte)i1;
        }

        /// <summary>
        /// 获取 Access 文件信息
        /// </summary>
        /// <param name="lvi"></param>
        private void GetAccessInfo(ListViewItem lvi)
        {
            FileStream fs = new FileStream(lvi.SubItems[2].Text, FileMode.Open, FileAccess.Read, FileShare.None);
            try
            {
                //读取并判断标记
                byte[] arrTag = new byte[15];
                fs.Position = 0x04;
                fs.Read(arrTag, 0, arrTag.Length);
                if (ASCIIEncoding.ASCII.GetString(arrTag) != "Standard Jet DB")
                {
                    lvi.Text = "不是 Access 数据库文件!";
                    throw new Exception("不是 Access 数据库文件!");
                }

                //读取版本号
                string szVersion, szPwd = "";
                byte[] arrVersion = new byte[3];
                fs.Position = 0x9C;
                fs.Read(arrVersion, 0, arrVersion.Length);

                //获取密码明文
                if (arrVersion[0] == 0) //Access 97
                {
                    szVersion = "Access 97 v3.51";

                    //读取密码数据
                    byte[] arrKeyData = new byte[40];
                    fs.Position = 0x42;
                    fs.Read(arrKeyData, 0, arrKeyData.Length);

                    //开始解密
                    for (int i = 0; i < keyMDB97.Length; i++)
                    {
                        byte bTmp = (byte)((int)keyMDB97[i] ^ (int)arrKeyData[i]);
                        if (bTmp == 0) continue;

                        szPwd += Convert.ToChar(bTmp);
                    }
                }
                else //Access 2K/XP/2K3
                {
                    szVersion = "Access 2K/XP/2K3 v" + ASCIIEncoding.ASCII.GetString(arrVersion);

                    //读取密码数据
                    int iKey;
                    double dbTmp;
                    int[] iRst = new int[20];
                    byte[] arrKeyData = new byte[128];
                    fs.Position = 0x18;
                    fs.Read(arrKeyData, 0, arrKeyData.Length);

                    //开始解密
                    LoGetKey(arrKeyData, 0x80);
                    dbTmp = BitConverter.ToDouble(arrKeyData, 90);
                    iKey = (int)dbTmp;
                    for (int i = 0; i < 19; i++)
                    {
                        iRst[i] = (int)BitConverter.ToUInt16(arrKeyData, i * 2 + 42);
                        if (i % 2 == 0) iRst[i] ^= iKey;
                        if (iRst[i] != 0)
                            szPwd += Convert.ToChar(iRst[i]);
                    }
                }

                lvi.Text = szVersion;
                lvi.SubItems[1].Text = (szPwd.Length == 0) ? "(没有密码)" : szPwd;
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.ToString());
            }
            finally
            {
                fs.Close();
            }
        }

        private void btnAdd_Click(object sender, EventArgs e)
        {
            if (fbdMDB.ShowDialog() == DialogResult.OK)
            {
                txtMDB.Text = fbdMDB.SelectedPath;
                foreach (string szFile in Directory.GetFiles(fbdMDB.SelectedPath, "*.MDB"))
                {
                    ListViewItem lvi = new ListViewItem(new string[] { null, null, szFile });
                    lvwMDB.Items.Add(lvi);
                    
                    //获取 MDB 文件版本和密码
                    GetAccessInfo(lvi);
                }
            }
        }


对Access2007/2010无效,网上找到的声称可破解这两种数据库的软件也只是暴力穷举密码来破解,还没有真正知道解密的算法

 

工程下载,改后缀为RAR后打开:http://hi.csdn.net/attachment/201111/5/0_1320474470a46C.gif

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值