getpassword.cpp

本软件用于获取已加密的access数据库密码

// GetPassword.cpp : Defines the initialization routines for the DLL.
//

#include "stdafx.h"
#include "GetPassword.h"
#include "stdio.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

//
//	Note!
//
//		If this DLL is dynamically linked against the MFC
//		DLLs, any functions exported from this DLL which
//		call into MFC must have the AFX_MANAGE_STATE macro
//		added at the very beginning of the function.
//
//		For example:
//
//		extern "C" BOOL PASCAL EXPORT ExportedFunction()
//		{
//			AFX_MANAGE_STATE(AfxGetStaticModuleState());
//			// normal function body here
//		}
//
//		It is very important that this macro appear in each
//		function, prior to any calls into MFC.  This means that
//		it must appear as the first statement within the 
//		function, even before any object variable declarations
//		as their constructors may generate calls into the MFC
//		DLL.
//
//		Please see MFC Technical Notes 33 and 58 for additional
//		details.
//

/////////////////////////////////////////////////////////////////////////////
// CGetPasswordApp

BEGIN_MESSAGE_MAP(CGetPasswordApp, CWinApp)
	//{{AFX_MSG_MAP(CGetPasswordApp)
		// NOTE - the ClassWizard will add and remove mapping macros here.
		//    DO NOT EDIT what you see in these blocks of generated code!
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CGetPasswordApp construction

CGetPasswordApp::CGetPasswordApp()
{
	// TODO: add construction code here,
	// Place all significant initialization in InitInstance
}

/////////////////////////////////////////////////////////////////////////////
// The one and only CGetPasswordApp object

CGetPasswordApp theApp;

extern "C" BOOL PASCAL EXPORT GetPassword(char* filedir,char password[])
{
	AFX_MANAGE_STATE(AfxGetStaticModuleState());
	BYTE source03[13] = {0x85,0xEC,0x5E,0x9C,0xC5,0x28,0x10,0x8A,0x57,0x7B,0xF6,0xDF,0x74};
	BYTE source2k[16] = {0xA1,0xEC,0x7A,0x9C,0xE1,0x28,0x34,0x8A,0x73,0x7B,0xD2,0xDF,0x50,0x13,0x31,0xB1};
	BYTE source97[13] = {0x86,0xFB,0xEC,0x37,0x5D,0x44,0x9C,0xFA,0xC6,0x5E,0x28,0xE6,0x13};
	BYTE data[200];
	BYTE bytDateKey[128] = {0};
	BYTE version = 0;
	BYTE flag = 0;
	FILE *fp=0;
	int pos = 0;
	int len = 0;
	int i = 0;
	bool equal = true;
	memset(data,0,200);
 
	fp = fopen(filedir,"r+b");
	if (fp == NULL)
	{
		return FALSE;
	}
	
	len = fread(data,1,200,fp);
    if (len == 0)
	{
		fclose(fp);
		return FALSE;
	}
	version = data[20];
	flag = data[98];
	if(version<1)//access 97
	{
		pos = 0;
		for(i=0; i<13; i++)
		{
			if( source97[i] != data[66 + i] )
			{
				equal = false;
				break;
			}
		}
		
		if(equal)
		{
			*password = '\0';
			fclose(fp);
			return TRUE;
		}
		else
		{
			for(i=0; i<13; i++)
			{
				if( data[66 + i] != source97[i] )
				{
					password[pos++] = (char)(data[66 + i]^source97[i]);
				}
			}
		}
	}
	else
	{
		pos = 0;
		BYTE bytEncriptKey[4] = {0xC7,0xDA,0x39,0x6B};
		BYTE bytEncriptRet[258] = {0};
		
		double db1 = 0;
		long lKey = 0;
		long lRslt[20] = {0};

		for(i=0; i<128; i++)
		{
          bytDateKey[i] = data[24 + i];
		}
		//获得lKey
		long lTemp1 = 0;
		long lTemp2 = 0;
		long lTemp3 = 0;
		long lTemp4 = 0;
		long lTemp5 = 0;
      
		for(i=0; i<256; i++)
		{
            bytEncriptRet[i] = i;
		}

		for(i=0; i<256; i++)
		{
			lTemp1 = lTemp2;
			lTemp1 = bytEncriptKey[lTemp1];
			lTemp4 = bytEncriptRet[i];
			lTemp1 = lTemp1 + lTemp4;
			lTemp4 = lTemp3;
			lTemp1 = lTemp1 + lTemp4;
			lTemp1 = lTemp1 & 0x800000FF;
			lTemp3 = lTemp1;
			lTemp1 = bytEncriptRet[i];
			lTemp5 = lTemp1;
			lTemp1 = lTemp3;
			lTemp1 = bytEncriptRet[lTemp1];
			bytEncriptRet[i] = (BYTE)lTemp1;
			lTemp4 = lTemp3;
			bytEncriptRet[lTemp4] = (BYTE)lTemp5;
			lTemp1 = lTemp2;
			lTemp1 = lTemp1 + 1;
			lTemp4 = lTemp1 % 4;
			lTemp2 = lTemp4;
		}
        //利用lKey对bytDateKey进行解密
		long lTemp6 = 0;
		long lTemp7 = 0;
		long lTemp8 = 0;

		lTemp4 = bytEncriptRet[256];
		lTemp1 = bytEncriptRet[257];

		for(i=1; i<128; i++)
		{
			lTemp4 = lTemp4 + 1;
			lTemp4 = lTemp4 & 0x800000FF;
			lTemp3 = lTemp4 & 0xFF;
			lTemp5 = bytEncriptRet[lTemp3];
			lTemp1 = lTemp1 & 0xFF;
			lTemp5 = lTemp5 + lTemp1;
			lTemp1 = lTemp5 & 0x800000FF;
			lTemp6 = bytEncriptRet[lTemp4];
			lTemp5 = bytEncriptRet[lTemp1];
			bytEncriptRet[lTemp3] = (BYTE)lTemp5;
			lTemp2 = lTemp1;
			bytEncriptRet[lTemp2] = (BYTE)lTemp6;
			lTemp5 = bytEncriptRet[lTemp3];
			lTemp3 = bytEncriptRet[lTemp1 & 0xFF];
			lTemp5 = lTemp5 + lTemp3;
			lTemp5 = lTemp5 & 0x800000FF;
			lTemp7 = lTemp5;
			lTemp3 = lTemp8;
			lTemp5 = bytEncriptRet[lTemp5];
			bytDateKey[lTemp3] = (BYTE)(bytDateKey[lTemp3]^ lTemp5);
			lTemp8 = lTemp8 + 1;
		}
		bytEncriptRet[256] = (BYTE)lTemp4;
		bytEncriptRet[257] = (BYTE)lTemp1;
		
        CopyMemory(&db1,bytDateKey + 90,8);
        lKey = (long)db1;
		//获得密码
		for(i=0; i<20; i++)
		{
			lRslt[i] = bytDateKey[i * 2 + 42] + 256 * (long)(bytDateKey[i * 2 + 43]);
            if(i%2==0)
			{
              lRslt[i] = lRslt[i] ^ lKey;
			}
			//用ChrW来代替WideCharToMultiByte对Unicode字节进行转换
           if(lRslt[i] != 0)
		   {
             //*key++ = WideCharToMultiByte(lRslt[i]);
			 len = 0;
			 BYTE trans[10];
             len = WideCharToMultiByte(CP_ACP, 0, (unsigned short *)&lRslt[i], -1, NULL, 0, NULL, NULL);
             WideCharToMultiByte(CP_ACP, 0, (unsigned short *)&lRslt[i], -1, (char*)trans, len, NULL, NULL);
             int j = 0;
			 for(j=0; j<len; j++)
			 {
				 if(trans[j] != 0)
			      password[pos++] = trans[j];
			 }
		   }
		}
	} 
	
    password[pos] ='\0';
	fclose(fp);
	return TRUE;
}