ACCESS密码破解工具源码VC6

// MdbGetPwdDlg.cpp : implementation file // #include "stdafx.h" #include "MdbGetPwd.h" #include "MdbGetPwdDlg.h" #ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE static char THIS_FILE[] = __FILE__; #endif ///////////////////////////////////////////////////////////////////////////// // CAboutDlg dialog used for App About class CAboutDlg : public CDialog { public: CAboutDlg(); // Dialog Data //{{AFX_DATA(CAboutDlg) enum { IDD = IDD_ABOUTBOX }; //}}AFX_DATA // ClassWizard generated virtual function overrides //{{AFX_VIRTUAL(CAboutDlg) protected: virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support //}}AFX_VIRTUAL // Implementation protected: //{{AFX_MSG(CAboutDlg) //}}AFX_MSG DECLARE_MESSAGE_MAP() }; CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD) { //{{AFX_DATA_INIT(CAboutDlg) //}}AFX_DATA_INIT } void CAboutDlg::DoDataExchange(CDataExchange* pDX) { CDialog::DoDataExchange(pDX); //{{AFX_DATA_MAP(CAboutDlg) //}}AFX_DATA_MAP } BEGIN_MESSAGE_MAP(CAboutDlg, CDialog) //{{AFX_MSG_MAP(CAboutDlg) // No message handlers //}}AFX_MSG_MAP END_MESSAGE_MAP() ///////////////////////////////////////////////////////////////////////////// // CMdbGetPwdDlg dialog CMdbGetPwdDlg::CMdbGetPwdDlg(CWnd* pParent /*=NULL*/) : CDialog(CMdbGetPwdDlg::IDD, pParent) { //{{AFX_DATA_INIT(CMdbGetPwdDlg) m_FilePath = _T(""); //}}AFX_DATA_INIT m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); } void CMdbGetPwdDlg::DoDataExchange(CDataExchange* pDX) { CDialog::DoDataExchange(pDX); //{{AFX_DATA_MAP(CMdbGetPwdDlg) DDX_Text(pDX, IDC_FILEDIR, m_FilePath); //}}AFX_DATA_MAP } BEGIN_MESSAGE_MAP(CMdbGetPwdDlg, CDialog) //{{AFX_MSG_MAP(CMdbGetPwdDlg) ON_WM_SYSCOMMAND() ON_WM_PAINT() ON_WM_QUERYDRAGICON() ON_BN_CLICKED(IDC_BTNEXIT, OnBtnexit) ON_BN_CLICKED(IDC_BTNGET, OnBtnget) ON_BN_CLICKED(IDC_BTNSELECT, OnBtnselect) //}}AFX_MSG_MAP END_MESSAGE_MAP() ///////////////////////////////////////////////////////////////////////////// // CMdbGetPwdDlg message handlers BOOL CMdbGetPwdDlg::OnInitDialog() { CDialog::OnInitDialog(); // Add "About..." menu item to system menu. // IDM_ABOUTBOX must be in the system command range. ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX); ASSERT(IDM_ABOUTBOX < 0xF000); CMenu* pSysMenu = GetSystemMenu(FALSE); if (pSysMenu != NULL) { CString strAboutMenu; strAboutMenu.LoadString(IDS_ABOUTBOX); if (!strAboutMenu.IsEmpty()) { pSysMenu->AppendMenu(MF_SEPARATOR); pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu); } } SetIcon(m_hIcon, TRUE); // Set big icon SetIcon(m_hIcon, FALSE); // Set small icon // 设置"破解"按钮无效状态 ((CButton*)GetDlgItem(IDC_BTNGET))->EnableWindow(FALSE); return TRUE; } void CMdbGetPwdDlg::OnSysCommand(UINT nID, LPARAM lParam) { if ((nID & 0xFFF0) == IDM_ABOUTBOX) { CAboutDlg dlgAbout; dlgAbout.DoModal(); } else { CDialog::OnSysCommand(nID, lParam); } } // If you add a minimize button to your dialog, you will need the code below // to draw the icon. For MFC applications using the document/view model, // this is automatically done for you by the framework. void CMdbGetPwdDlg::OnPaint() { if (IsIconic()) { CPaintDC dc(this); // device context for painting SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0); // Center icon in client rectangle int cxIcon = GetSystemMetrics(SM_CXICON); int cyIcon = GetSystemMetrics(SM_CYICON); CRect rect; GetClientRect(&rect); int x = (rect.Width() - cxIcon + 1) / 2; int y = (rect.Height() - cyIcon + 1) / 2; // Draw the icon dc.DrawIcon(x, y, m_hIcon); } else { CDialog::OnPaint(); } } HCURSOR CMdbGetPwdDlg::OnQueryDragIcon() { return (HCURSOR) m_hIcon; } void CMdbGetPwdDlg::OnBtnexit() { CDialog::OnCancel(); } void CMdbGetPwdDlg::OnBtnget() { CString PwdStr=GetAccessPwd(); SetDlgItemText(IDC_PWDTXT,PwdStr); } void CMdbGetPwdDlg::OnBtnselect() { CFileDialog FileDlg(TRUE,"*.mdb","",OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT,"ACCESS文件(*.mdb)|*.mdb|所有文件(*.*)|*.*||",NULL); int nRet=FileDlg.DoModal(); if (IDOK==nRet) { m_FilePath=FileDlg.GetPathName(); // 获取选择的文件路径 UpdateData(FALSE); // 更新窗口 } ((CButton*)GetDlgItem(IDC_BTNGET))->EnableWindow(TRUE); // 恢复 } CString CMdbGetPwdDlg::GetAccessPwd() { CString Pwd=""; BYTE MdbID=0x00; BYTE MdbFile[40]={0}; BYTE MdbData[128]={0}; char MdbFlag[16]={0}; // 以只读方式打开 CFile CMdbFile(m_FilePath,CFile::modeRead|CFile::shareDenyNone); DWORD FileLen=CMdbFile.GetLength(); // 获取文件长度 if (FileLen>320) // 基本文件头长度 { CMdbFile.Seek(66,CFile::begin); // 移动文件指针第66个字节 CMdbFile.Read(&MdbFile,sizeof(MdbFile)); // 读取40个字节,密钥字段 CMdbFile.Seek(20,CFile::begin); CMdbFile.Read(&MdbID,sizeof(MdbID)); // 判断ACCESS版本的依据 CMdbFile.Seek(24,CFile::begin); CMdbFile.Read(&MdbData,sizeof(MdbData)); CMdbFile.Seek(4,CFile::begin); CMdbFile.Read(&MdbFlag,sizeof(MdbFlag)); // 判断是否为有效的ACCESS文件的字符 } CMdbFile.Close(); if (strcmp(MdbFlag,"Standard Jet DB")) // 与标准数据库字符串对比 { SetDlgItemText(IDC_MDBTYPE,"不是ACCESS数据库,请重新选择!"); return "不是ACCESS数据库,请重新选择!"; } // ACCESS2000采用的是40位中的低字节,如前两位二进制值为"20 7D",那么它的加密位为20位 // ACCESS2000的最大密码长度为20位,加密位也是从头文件的67位开始至106位结束,未加密的这40位十六进制值为 // 20 6D EC 37 FB D2 9C FA 60 C8 28 E6 B5 20 8A 60 F2 02 7B 36 53 E4 DF B1 D1 62 13 43 69 39 B1 33 92 F7 79 5B 34 23 7C 2A //char *Key2k="3074EC37EBCB9CFA70D128E6A5398A60E21B7B3643FDDFB1C17B13437920B13382EE795B243A7C2A"; //char *Key97="86FBEC375D449CFAC65E28E613"; // MdbId=0 为Access97,否则为Access2000 CString Version; Version=(MdbID==0?"Access 97":"Access 2000"); SetDlgItemText(IDC_MDBTYPE,Version); // 读取密码 if (MdbID==1) // 2000 版本2000 { Pwd=GetPwdDirect(MdbData); if (Pwd.GetLength()==0) { Pwd="没有设置密码"; } }else if (MdbID==0) // 97 版本access { Pwd=GetPwd97(MdbFile); if (Pwd.GetLength()==0) { Pwd="没有设置密码"; } } return Pwd; } CString CMdbGetPwdDlg::GetPwd97(BYTE (&f_bytes)[40]) { CString retPwd; //ACCESS97的最大密码长度为13位,加密位是从头文件的67位开始至79位结束,未加密的这13位十六进制值为86FBEC375D449CFAC65E28E613 BYTE KEY[] = {0X86,0xfb,0xec,0x37,0x5d,0x44,0x9c,0xfa,0xc6,0x5e,0x28,0xe6,0x13}; long lAsc; // 循环每位抑或运算得到密钥 for(int i=0;i<sizeof(KEY);i++) { lAsc = f_bytes[i] ^ KEY[i]; // 抑或运算 if(lAsc != 0) { retPwd += (char)lAsc; } } return retPwd; } CString CMdbGetPwdDlg::GetPwdDirect(BYTE (&f_bytes)[128]) { CString ret; long l; BYTE EncryptKey[4]; //初始密钥 BYTE EncryptRet[258] = {0}; EncryptKey[0] = 0xC7; EncryptKey[1] = 0xDA; EncryptKey[2] = 0x39; EncryptKey[3] = 0x6b; //得到解密Key for(l=0;l<=255;l++) { EncryptRet[l] = l; } long temp1,temp2,temp3,temp4,temp5,temp6,temp7,temp8; temp1 = temp2 = temp3 = temp4 = temp5 = temp6 = temp7 = temp8 = 0; for(l=0;l<=255;l++) { temp1 = temp2; temp1 = EncryptKey[temp1]; temp4 = EncryptRet[l]; temp1 = temp1 + temp4; temp4 = temp3; temp1 = temp1 + temp4; temp1 = temp1 & 0x800000FF; temp3 = temp1; temp1 = EncryptRet[l]; temp5 = temp1; temp1 = temp3; temp1 = EncryptRet[temp1]; EncryptRet[l] = temp1; temp4 = temp3; EncryptRet[temp4] = temp5; temp1 = temp2; temp1++; temp4 = temp1 % 4; temp2 = temp4; } //运算结束 //又一轮运算 tem