Everyone knows that the screen protection password is up to 16 characters. Microsoft built a 16-byte key: 48 EE 76 1D 67 69 A1 1B 7A 8C 47 F8 54 95 97 5F. Windows encrypts your password you entered with the above key. Its encryption process is: first convert your input password characters to its 16-based ASCI i-code value (lowercase letters first turn to uppercase letters), and then in turn differently or operate in turn, put the resulting 16 Each bit of the input value is used as a character, converted to its 16 credit ASCII code, and plus 00 as the end flag, deposit the binary key screensave_data under the registry hkey_current_user / control panel / desktop. After understanding its encryption principle, it is not difficult to program the crack my screen protection password (ie the online password). I used VB6.0 to read the function of the Scrrensave_Data value in the registry, and read its value of 31 43 41 33 33 43 35 35 33 34 32 31 00, removed the end sign 00, The remaining byte is converted to the corresponding ASCII character, and each two characters are formed into a 16-grade number: 1C A3 3C 55 34 21, obviously, the password is 6 bits, which will be partially different from the top 6 byte key I got a password ASCII code (16 entered value): 54 4D 4A 48 53 48, the corresponding password is clearly TMJHSH, the crack is successful! Try it with it, huh, immediately came to MODEM cheerful voice. Attached to the VB source: (Used Form1, Text Box Text1, Command Button Command1) 1, Form Code:
Option Explicit Dim Cryptograph As String Dim i As Integer Dim j As Integer Dim k As Integer Dim CryptographStr (32) As Integer Dim PWstr As String Dim PassWord As String Private Sub Command1_Click () PWstr = "" PassWord = "" Text1.Text = "" Cryptograph = getBinaryValue ("screensave_data") K = LEN (CRYPTOGRAPH) for J = 1 to K - 1 for i = 32 to 126 if Mid (Cryptograph, J, 1) = CHR (i) Then Cryptographstr (j) = I end if next i next j i = (k - 1) / 2 'password number is (h-1) / 2, select the decryption process according to the number of digits.
Select Case I Case 16 Goto 16 Case 15 Goto 15 Case 14 Goto 14 Case 13 Goto 13 Case 12 Goto 12 Case 11 Goto 11 Case 10 Goto 10 Case 9 Goto 9 Case 8 Goto 8 Case 7 Goto 7 Case 6 Goto 6 Case 5 goto 5 case 4 goto 4 case 3 goto 3 case 2 Goto 2 Case 1 Goto 1 Case Else End SELECT 16: PWSTR = Pwstr & Chr ("& H" & chr (Cryptographstr (31)) & chr (Cryptographstr (32)) XOR & H5F) 15: PWSTR = Pwstr & Chr ("& H" & chr (Cryptographstr (29)) & chr (Cryptographstr (30))) XOR & H97) 14: Pwstr = Pwstr & Chr (("& H" & chr (Cryptographstr (27)) & chr (Cryptographstr (28)))) XOR & H95) 13: Pwstr = PWSTR & CHR (("& H" & chr (Cryptographstr (25)) & chr (Cryptographstr (26))) XOR & H54) 12: PWSTR = Pwstr & Chr (("& H" & chr (Cryptographstr (23)) & chr (Cryptographstr (24))) XOR & HF8) 11: Pwstr = Pwstr & Chr (("& H" & chr (Cryptographstr (21 )) & Chr (Cryptographstr (22))) XOR & H47) 10: PWSTR = Pwstr & Chr (("& H" & chr (Cryptographstr (19)) & chr (Cryptographstr (20))) XOR & H8C) 9: Pwstr = P WSTR & CHR ("& H" & chr (Cryptographstr (17)) & chr (Cryptographstr (18))) XOR & H7A) 8: PWSTR = Pwstr & Chr (("& H" & chr (Cryptographstr (15)) & chr (Cryptographstr (16)))) XOR & H1B) 7: PWSTR = Pwstr & Chr (("& H" & chr (Cryptographstr (13)) & chr (Cryptographstr (14))) XOR & HA1) 6: Pwstr = Pwstr & Chr ("Cryptographstr (11)) & chr (Cryptographstr (12))) XOR & H69) 5: Pwstr = Pwstr & Chr (("
& H "& chr (9)) & chr (Cryptographstr (10))) XOR & H67) 4: Pwstr = Pwstr & Chr ((" & H "& chr (Cryptographstr (7)) & chr (Cryptographstr (8)) ) Xor & h1d) 3: pwstr = pwstr & chr ("& H" & chr (Cryptographstr (5)) & chr (Cryptographstr (6))) XOR & H76) 2: PWSTR = Pwstr & Chr (("& H" & chr (Cryptographstr (3)) & chr (Cryptographstr (4)))) xor & hee) 1: Pwstr = Pwstr & Chr (("& H" & chr (Cryptographstr (1)) & chr (Cryptographstr (2))) XOR & H48) For i = i to 1 step -1 'The value of PWSTR is a password inverted sequence, and it will be inverted. Password = Password & Mid (Pwstr, I, 1) Next I text1.text = password' in text The password is displayed in the box. End Sub2, module code:
Option Explicit Const ERROR_SUCCESS = 0 & Const ERROR_BADDB = 1009 & Const ERROR_BADKEY = 1010 & Const REG_EXPAND_SZ = 2 & Const REG_BINARY = 3 & Const KEY_QUERY_VALUE = & H1 & Const KEY_ENUMERATE_SUB_KEYS = & H8 & Const KEY_NOTIFY = & H10 & Const READ_CONTROL = & H20000 Const STANDARD_RIGHTS_READ = READ_CONTROL Const KEY_READ = STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY Const HKEY_CURRENT_USER = & H80000001 Dim hKey As Long, MainKeyHandle As Long Dim rtn As Long, lBuffer As Long, sBuffer As String, SubKey As String Dim lBufferSize As Long Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "REG QueryValueexa" (Byval Hkey As Long, Byval LpValueename As String, ByVal Lpreser ved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long Function GetBinaryValue (Entry As String) MainKeyHandle = HKEY_CURRENT_USER SubKey = "Control Panel / desktop /" rtn = RegOpenKeyEx (MainKeyHandle, SubKey, 0, KEY_READ, hKey) If rtn = ERROR_SUCCESS Then 'if HKEY_CURRENT_USER / Control Panel / desktop key is successfully opened lBufferSize = 1 rtn = RegQueryValueEx (hKey, Entry, 0, REG_BINARY, 0, lBufferSize)' read ScreenSave_Data value sBuffer = Space (lBufferSize) RTN = RegQueryValueex (HKEY, Entry, 0, Reg_binary, SBuffer, LBuffers IF RTN =
