First of all, the author wrote this article is not targeting someone or something, but presents some potential crises in some environments currently think of security in security. The purpose is to point out the vulnerability, communication technology, and highlights.
Tencent's QQ estimation is a must-have tool for domestic personal Internet users. Although the current QQ has a long progress in security than three years ago, it always feels that these security measures are always more than Hacker. .
Because the author's friend's QQ number is rumored, I want to retrieve it, but I forgot the password protected prompt question, so I will find the author, I hope to help him unlined the stolen QQ password. Unfortunately, it is well known that the current QQ is already a 2003 version. If it is the previous version, you can try to open QQ from the first way to first use the enumeration method, and use the computer's computational speed violent crack. But now, the author here is too slow, and the second QQ now is completely thorough, so the third party program that continuously sends the TCP package is very thorough, so don't work. The author told friends to find ways to contact Tencent's network management, or simply reapply the QQ number. But the author's friend said it is too trouble, still wants me to help him unlock the password, because even if he wants to re-apply, write down some important netizens on this QQ. So the author told him that if only one of the netizens, then the cracked is OK, there may be a way.
The author has had similar experience, because the data files in QQ low version are not very good, so I have saved "Benefits" in it, but today's QQ is already in the past, is it so easy? I reported the attitude of trying to decrypt. First, there is a corresponding number folder under each logged in QQ root directory folder, so I first regain the previous login number file in the machine, and all the files inside, there are 4 autological autologin. DAT, LoginuinList.dat, DLG.0 and QQWRY.Dat From the name and size analysis, Autologin.Dat and DLG.0 are too small to exclude. Qqwry.dat is too big, although it is not dare to exclude but consider it. LoginuinList.dat can be seen from the name, the size is similar. In order to verify my judgment, I made an experiment. I will back up this file first, and then log in to the QQ number in a list. As a result, compare this file and backup file, the former has increased by 58 bytes.
In order to further prove my thoughts, I deleted this file and then launched QQ and found the history number in the list disappeared. You can determine that the history number is placed in this file. Open it with VC's binary, it is a bunch of chaos 0 and 1. After the new number has been added, this file has increased by 58 bytes, and now this file is a large size of 108 bytes, about 50 * 4 8. I have a registration to log in to a number, come back, 158 bytes, you can see that this number takes up 50 bytes. Suppose this 50-byte is continuous, where the extra 8-byte is inevitably in the head or tail, the action is to be statistics, is it necessary to do a test? After the investigation, it is judged in the head. So after the 8-byte file header is removed, the remaining 150 bytes is easy to see every 50 bytes, and each copy can be seen in the law. Figure:
After several efforts, summarize the writing rules: The first 8 bytes of the document is a summary field, where the content of the 5 bytes is the number of numbers in the login box, and the other byte content is fixed. Subsequently, every 50 bytes describe the information at starting with 09 2D, at the end of 04 00 00 00 00 00 00 00, where x represents the front login form, stealth to 1, otherwise 0. You can find that the four bytes of only 9e 8D AF 93 9404 00 00 00 each number are different. Suppose these 4 bytes are qq numbers, tested one byte by one byte, which is divided 4 times, each time The content of each byte adds 1, and the result is found that these four bytes are storing the number and is stored in UINT. But byte storage is reversed, that is, the high byte is behind, the low byte is in front.
Try to change this to another number to start QQ although this number appears in the login box, the following login button has become a registration wizard, that is, not allowed to log in. Then I enhance the directory name of a number to this number, start QQ this time you can log in but prompt the password. It can be seen that QQ's main program reads things in the same number folder. These things are related to the number and password.
Enter the number folder, rename each file one by one, discovers that EWH.DB and MSGEX.DB will not be locally logged in after any file, user.db can log in locally after the rename, the friend list is empty, Note .DB can be logged in locally after the .db is changed, but the message system is empty. So the file related to the number password is EWH.DB and MSGEX.DB. From the name, you can know that the latter is stored is a chat history.
Concentrate energy to get EWH.DB in the password verification information.
EWH.DB only 60 bytes, open multiple numbers with VC, so convenient is relatively different, very obviously found that most of the 60-byte is fixed, that is, it is not related to the password, only 17, 18, 19 bytes, 31-46 bytes are different, and the last four bytes are saved in the UINT form of the QQ number, and in the LoginuinList.dat file.
I hope that Tencent is in a clear text, it is best to use the characteristic plants, it is Happy! But if the login method is the number password, it is not that simple. Since it is here, you must gamble. As a result, I won, the login passed! Haha but returns to the login interface, local login is not successful. However, there is no relationship that may not be consistent in another file (loginuinlist.dat), as long as there is no report, it is possible. It can be understood that there is no number to participate in the local login four-smoke password, which is only a password operation, and a simple replacement can get a password. The 17, 18, 19, 31-46 bytes and passwords in EWH.DB may be found in the EWH.DB may be related to the password, and any byte change in the door will report the password. These bytes are related to the password. Reissue it, QQ, newly log in, find that EWH.DB has not changed, the same password calculates the same feature value, saves the same location. This method is not so easy to get the expressword password, so that Hacker is not so easy to get a clear text. I didn't pick up code in my hand.
First of all, the author wrote this article is not targeting someone or something, but presents some potential crises in some environments currently think of security in security. The purpose is to point out the vulnerability, communication technology, and highlights.
