如果你过分信任 Access 2000数据库的密码保护,你可能会因此而蒙受损失。这是因为access 2000的数据库级密码并不安全,相反它很脆弱,甚至下面这段非常小的程序就可以攻破它: ? ' 程序一(VB6):access 2000密码破译 Private Sub Command1_Click() Const Offset = &H43 ' 文件偏移地址:access数据库从此处开始存放加密密码 Dim bEmpty(1 To 2) As Byte, bPass(1 To 2) As Byte Dim I As Integer, Password As String ' 打开一个空数据库作为参照 Open "D:\VB6_Test\MDB_Password\New_Empty_DB.mdb" For Binary As #1 ' 打开被密码保护的数据库 Open "D:\VB6_Test\MDB_Password\Pass_Protected_DB.mdb" For Binary As #2 Seek #1, Offset Seek #2, Offset For I = 1 To 20 ' access 2000 数据库密码最长允许20位 Get #1, , bEmpty ' 其中每位密码占两个字节 Get #2, , bPass ' 一个汉字也仅是一位密码,占两个字节 If (bEmpty(1) Xor bPass(1)) <> 0 Then Password = Password + Chr(bEmpty(1) Xor bPass(1)) ' 将密码解密 End If Next Close 1, 2 MsgBox "Password:" + Password ' 显示密码 End Sub 下图显示了 access 2000的密码建立以及被上述程序破解后的情况:
应注意的是:上面的“创建日期”只是操作系统级的,也就是 Windows记录在文件夹目录里的信息(根据文件名的长短,每个文件在目录里占用至少32个字节,包括:文件名、属性、文件大小、首蔟号、创建时间、修改时间和访问时间等)。 access 2000 在数据库中也记录了该数据库的“创建日期”。加密数据库密码的正是数据库内部记录的这个“创建日期”。该日期只有在数据库被成功打开后才能看到。但在一般情况下,操作系统级的以及数据库内保存的“创建日期”是完全一样的,因此这为破译者提供了方便。 上述程序中还有一点需要说明:为简明起见,解密密码时仅处理了双字节的首字节,因此它仅对非汉字密码有效。若要解密汉字密码,须对双字节均做处理。 二、防范措施 1、隐藏“创建日期” 从上面的分析可以看出,既然“创建日期”是破译的关键,那么我们应“对症下药”,将真实的“创建日期”隐藏起来。 第一步,创建数据库时,使用一个“不可思议的、别人不易猜测”的日期。做法为:修改 Windows系统日期,例如改为2026年05月15日,创建数据库后再将系统日期改回。这个“不可思议”的日期即为该数据库的真实“创建日期”。 第二步,修改操作系统级的“创建日期”。上述第一步完成后,该数据库在操作系统级的创建日期也是2026年05月15日,必须加以修改,以达到隐藏真实创建日期的目的。修改操作系统级的“创建日期”可以由下面的程序二完成。 ? ' 程序二(VB6):修改文件在操作系统级的“创建日期” Private Type FILETIME dwLowDateTime As Long dwHighDateTime As Long End Type Private Type SYSTEMTIME wYear As Integer wMonth As Integer wDayOfWeek As Integer wDay As Integer wHour As Integer wMinute As Integer wSecond As Integer wMilliseconds As Integer End Type Private Const GENERIC_WRITE = &H40000000 Private Const OPEN_EXISTING = 3 Private Const FILE_SHARE_READ = &H1 Private Const FILE_SHARE_WRITE = &H2 Private Declare Function SetFileTimeWrite Lib "kernel32" Alias _ "SetFileTime" (ByVal hFile As Long, lpCreateTime As FILETIME, _ ByVal NullP As Long, ByVal NullP2 As Long) As Long Private Declare Function SystemTimeToFileTime Lib "kernel32" _ (lpSystemTime As SYSTEMTIME, lpFileTime As FILETIME) As Long Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" _ (ByVal lpFileName As String, ByVal dwDesiredaccess As Long, ByVal _ dwShareMode As Long, ByVal lpSecurityAttributes As Long, ByVal _ dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, _ ByVal hTemplateFile As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) _ As Long Private Declare Function LocalFileTimeToFileTime Lib "kernel32" _ (lpLocalFileTime As FILETIME, lpFileTime As FILETIME) As Long Private Sub Command1_Click() Dim Year As Integer, Month As Integer, Day As Integer Dim Hour As Integer, Minute As Integer, Second As Integer Dim TimeStamp As Variant, Filename As String, X As Integer Year = 2001: Month = 3: Day = 13 ' 准备设定的“创建日期” Hour = 12: Minute = 0: Second = 26 TimeStamp = DateSerial(Year, Month, Day) + TimeSerial(Hour, Minute, Second) Filename = "D:\VB6_Test\MDB_Password\Pass_Protected_DB.mdb" ' 目标文件名 X = ModifyFileStamp(Filename, TimeStamp) End Sub Function ModifyFileStamp(Filename As String, TimeStamp As Variant) As Integer Dim X As Long, Handle As Long, System_Time As SYSTEMTIME Dim File_Time As FILETIME, Local_Time As FILETIME System_Time.wYear = Year(TimeStamp): System_Time.wMonth = Month(TimeStamp) System_Time.wDay = Day(TimeStamp) System_Time.wDayOfWeek = Weekday(TimeStamp) - 1 System_Time.wHour = Hour(TimeStamp): System_Time.wSecond = Second(TimeStamp) System_Time.wMilliseconds = 0 X = SystemTimeToFileTime(System_Time, Local_Time) X = LocalFileTimeToFileTime(Local_Time, File_Time) ' 转换成可用的类型 Handle = CreateFile(Filename, GENERIC_WRITE, FILE_SHARE_READ Or _ FILE_SHARE_WRITE, ByVal 0&, OPEN_EXISTING, 0, 0) ' 打开文件 X = SetFileTimeWrite(Handle, File_Time, ByVal 0&, ByVal 0&) ' 设置日期 CloseHandle Handle ' 关闭文件 End Function 图三显示的是数据库的真实“创建日期”以及经程序二伪装的操作系统级的“假象”日期。
