1. 杨CC有话说

原文来自于:公众号:魔音堡

2. 所需工具

  • 保存过数据库密码的navicat
  • java

3. 破解开始

3.1 导出.ncx文件

  • file——导出连接——勾上导出密码——确定:

3.2 打开.ncx文件,复制密码:

3.3 使用下面的Java代码解密即可。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.MessageDigest;
import java.util.Arrays;

public class NavicatPassword {
    public static void main(String[] args) throws Exception {
        NavicatPassword navicatPassword = new NavicatPassword();
        
        // 11版本及以前的密码,填写在""中
        // String decode = navicatPassword.decrypt("CE3AAB73CBBE383C", 11);
        
        // 12版本及以后的密码,填写在""中,本例以12的密码为例
        String decode = navicatPassword.decrypt("6E23C926C0363C8B37BBC74D04832E0D", 12);
        System.out.println(decode);
    }

    private static final String AES_KEY = "libcckeylibcckey";
    private static final String AES_IV = "libcciv libcciv ";
    private static final String BLOW_KEY = "3DC5CA39";
    private static final String BLOW_IV = "d9c7c3c8870d64bd";

    public static String encrypt(String plaintext, int version) throws Exception {
        switch (version) {
            case 11:
                return encryptEleven(plaintext);
            case 12:
                return encryptTwelve(plaintext);
            default:
                throw new IllegalArgumentException("Unsupported version");
        }
    }

    public static String decrypt(String ciphertext, int version) throws Exception {
        switch (version) {
            case 11:
                return decryptEleven(ciphertext);
            case 12:
                return decryptTwelve(ciphertext);
            default:
                throw new IllegalArgumentException("Unsupported version");
        }
    }

    private static String encryptEleven(String plaintext) throws Exception {
        byte[] iv = hexStringToByteArray(BLOW_IV);
        byte[] key = hashToBytes(BLOW_KEY);
        
        int round = plaintext.length() / 8;
        int leftLength = plaintext.length() % 8;
        StringBuilder result = new StringBuilder();
        byte[] currentVector = iv.clone();
        
        Cipher cipher = Cipher.getInstance("Blowfish/ECB/NoPadding");
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, "Blowfish");
        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
        
        for (int i = 0; i < round; i++) {
            byte[] block = xorBytes(plaintext.substring(i * 8, (i + 1) * 8).getBytes(), currentVector);
            byte[] temp = cipher.doFinal(block);
            currentVector = xorBytes(currentVector, temp);
            result.append(bytesToHex(temp));
        }
        
        if (leftLength > 0) {
            currentVector = cipher.doFinal(currentVector);
            byte[] block = xorBytes(plaintext.substring(round * 8).getBytes(), currentVector);
            result.append(bytesToHex(block));
        }
        
        return result.toString().toUpperCase();
    }

    private static String encryptTwelve(String plaintext) throws Exception {
        byte[] iv = AES_IV.getBytes();
        byte[] key = AES_KEY.getBytes();
        
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec);
        
        byte[] result = cipher.doFinal(plaintext.getBytes());
        return bytesToHex(result).toUpperCase();
    }

    private static String decryptEleven(String ciphertext) throws Exception {
        byte[] iv = hexStringToByteArray(BLOW_IV);
        byte[] key = hashToBytes(BLOW_KEY);
        byte[] encrypted = hexStringToByteArray(ciphertext.toLowerCase());
        
        int round = encrypted.length / 8;
        int leftLength = encrypted.length % 8;
        StringBuilder result = new StringBuilder();
        byte[] currentVector = iv.clone();
        
        Cipher cipher = Cipher.getInstance("Blowfish/ECB/NoPadding");
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, "Blowfish");
        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
        
        for (int i = 0; i < round; i++) {
            byte[] block = Arrays.copyOfRange(encrypted, i * 8, (i + 1) * 8);
            byte[] temp = xorBytes(cipher.doFinal(block), currentVector);
            currentVector = xorBytes(currentVector, block);
            result.append(new String(temp));
        }
        
        if (leftLength > 0) {
            currentVector = cipher.doFinal(currentVector);
            byte[] block = Arrays.copyOfRange(encrypted, round * 8, round * 8 + leftLength);
            result.append(new String(xorBytes(block, currentVector)));
        }
        
        return result.toString();
    }

    private static String decryptTwelve(String ciphertext) throws Exception {
        byte[] iv = AES_IV.getBytes();
        byte[] key = AES_KEY.getBytes();
        byte[] encrypted = hexStringToByteArray(ciphertext.toLowerCase());
        
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);
        
        byte[] result = cipher.doFinal(encrypted);
        return new String(result);
    }

    private static byte[] xorBytes(byte[] bytes1, byte[] bytes2) {
        byte[] result = new byte[bytes1.length];
        for (int i = 0; i < bytes1.length; i++) {
            result[i] = (byte) (bytes1[i] ^ bytes2[i]);
        }
        return result;
    }

    private static byte[] hexStringToByteArray(String s) {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                    + Character.digit(s.charAt(i + 1), 16));
        }
        return data;
    }

    private static byte[] hashToBytes(String s) throws Exception {
        return MessageDigest.getInstance("SHA-1").digest(s.getBytes());
    }

    private static String bytesToHex(byte[] bytes) {
        StringBuilder result = new StringBuilder();
        for (byte b : bytes) {
            result.append(String.format("%02X", b));
        }
        return result.toString();
    }
}

3.4 将复制的密码字符贴入Java代码中执行即可得到密码明文

4. 结束语

  • CTRl+D 将本网站:ycc77.com添加到书签栏哦~
  • 需要资源,记得将ycc77.cn 添加到书签栏哦~
  • QQ交流群:660264846(最新开展免杀担保等业务)
  • B站: 疯狂的杨CC
  • 抖音: 疯狂的杨CC
  • 快手: 疯狂的杨CC
  • 公众号:SGY安全
  • 91: 疯狂的杨CC
  • p站: 疯狂的杨CC