-
-
全程图解超级密码破解步骤
-
发表于: 2014-10-2 11:11
-
有XD谈到网上卖解密设备的贴子,正好昨天给客户成功解开一台T30的超级密码。机器还没有拿走,拍几张照发篇贴子谈一谈解超级密码的方法和步骤。
以前我没有接触过笔记本解密这一块。但是我在网上看过一些文章,知道IBM的超级密码一般是存在Atmel的24RF08或者24CXXX之类的芯片里。拿到机器后首先想到的是拆开机器找这颗芯片。大卸八块后,发现原来就在内存槽下面,型号是24RF08CN。早知根本就不用拆这么散。
接下来要做的工作是用风枪卸下这颗芯片,放到编程器里去读取它里面的内容。编程器本身只能直接支持长条的DIP封装芯片,其它封装类型的芯片都必须要使用转接座。这种SO8的转接座我是有的,当时买编程器的时候特地配了一个。因为不光TP的笔记本上用到这种八脚存储芯片,其它比如内存SPD,网卡上都有用这种芯片。7d3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5@1y4r3f1&6z5r3x3^5z5o6g2W2y4U0u0V1y4o6l9J5y4$3f1%4x3p5g2I4e0@1!0I4x3#2A6o6f1h3&6A6L8q4)9J5k6h3A6H3k6H3`.`.
1e0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5%4y4e0c8U0j5K6V1@1x3e0S2X3y4h3q4X3x3h3p5#2j5e0M7^5k6f1A6C8K9$3&6i4K9X3S2q4k6#2b7J5f1W2)9J5k6h3A6H3k6H3`.`.
芯片焊上去的样子。这种转接座比较蠢,每次使用都要这样焊上焊下,次数多了座上的焊盘就不行了。在网上看到过不用焊直接夹住的转接座,比较先进的说!不过这种也有好处,那就是绝对不存在接触不良的问题。e73K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5%4y4r3c8T1y4o6x3#2y4o6j5#2y4K6q4U0j5e0u0S2j5X3q4S2j5h3q4V1L8K6c8I4L8U0N6v1x3#2c8y4d9#2)9J5k6h3A6H3k6H3`.`.
等到用编程器读取的时候才发现一个极度郁闷的问题:号称万能编程器的Labtool-48居然不支持24RF08这颗芯片。更让人郁闷的自从台湾研仪开发了它的下一代Labtool-48UXP后,已经停掉了对Labtool-48的软件升级。222K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3k6U0y4h3g2S2x3U0c8S2k6h3p5$3z5o6M7I4j5K6j5@1x3X3f1$3y4r3y4T1k6$3S2K6P5p5A6m8N6@1!0Z5K9g2)9J5k6h3A6H3k6H3`.`.
这时候想起来公司还有一台小小的西尔特编程器,这台西尔特因为支持的芯片种类太少,已经收起来不用很久了。从仓库的角落里翻出来,落了好厚一层灰.d95K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5#2k6o6c8S2j5K6k6W2x3U0c8T1y4e0N6U0j5U0p5$3z5h3y4W2y4U0k6x3c8$3q4b7d9p5V1@1k6g2N6v1L8q4)9J5k6h3A6H3k6H3`.`.
西尔特的随机光盘已经不见了,从网上当了个驱动装起来。在不抱希望的时候,惊喜地发现这台被遗忘了很久的西尔特居然支持24RF08CN。正所谓人不可貌相。d09K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5J5x3U0j5%4y4U0R3J5j5$3x3H3z5o6j5@1k6X3k6U0x3e0R3K6y4@1W2n7f1q4k6T1y4@1N6H3c8p5g2G2j5g2)9J5k6h3A6H3k6H3`.`.
读取芯片数据保存为一个二进制文件。点击编程器自带的编辑器,可以看到机器的序列号。超级密码也在其中,位于00000330的位置,因为是加密过的,所以编程器是看不出来的,只能看到一个个方块。超级密码的位置不是我研究出来的,而是从636N6%4N6%4i4K6u0W2j5X3W2G2M7%4u0W2M7r3q4A6M7W2)9J5k6h3y4G2L8g2!0q4y4q4!0n7z5q4)9^5b7g2!0q4y4#2)9&6b7g2)9^5y4q4!0q4y4q4!0n7z5q4)9^5x3q4!0q4y4#2!0m8c8W2)9^5y4#2!0q4y4W2)9&6y4W2)9^5y4#2!0q4y4#2!0m8b7W2!0m8x3q4!0q4y4#2)9&6b7#2)9^5b7W2!0q4y4W2)9&6c8q4!0m8y4g2!0q4y4#2)9&6b7g2)9^5y4q4!0q4x3#2)9^5x3q4)9^5x3W2!0q4y4W2)9&6b7#2)9^5z5g2!0q4y4g2)9^5y4g2!0n7x3#2!0q4y4#2)9^5z5g2)9^5z5q4!0q4y4W2)9&6c8q4)9^5x3#2!0q4y4#2)9&6b7g2)9^5y4q4!0q4z5g2)9&6y4#2!0m8c8g2!0q4z5g2!0m8x3W2)9&6z5q4!0q4y4W2)9^5z5q4)9&6x3g2!0q4y4q4!0n7b7W2!0m8b7#2!0q4z5q4!0m8y4W2)9^5x3g2!0q4y4q4!0n7b7g2!0m8y4q4!0q4y4q4!0n7b7W2!0m8x3#2!0q4y4W2!0n7z5q4)9^5y4g2!0q4y4W2!0m8y4g2)9&6b7g2!0q4x3#2)9^5x3q4)9^5x3R3`.`.
芯片读完后要焊回主板的,没有这颗芯片应该是开不了机器的。我没试过,但是想想应该是这样的,不然取掉芯片就可以了,想来Thinkpad不会让我们这么轻松的。52eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5I4z5e0R3@1k6U0S2U0k6r3j5#2x3K6j5#2j5X3j5K6y4K6M7J5k6e0y4&6f1#2y4Y4g2i4t1$3e0o6m8B7L8W2)9J5k6h3A6H3k6#2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7X3S2@1N6s2m8Q4x3@1q4Q4x3V1k6Q4x3V1k6X3L8%4u0#2L8g2)9J5k6e0f1I4L8X3u0Q4x3X3g2U0L8$3#2Q4x3V1k6S2N6s2c8S2j5$3S2E0k6h3&6@1M7#2)9J5c8X3#2G2L8Y4c8Z5i4K6g2X3x3e0p5H3x3#2)9J5c8U0t1H3x3e0p5H3x3K6t1@1i4K6g2X3j5U0u0W2x3o6g2U0x3K6p5%4y4$3q4V1x3e0f1H3y4X3g2X3j5K6x3$3e0o6b7$3N6%4c8w2e0h3#2h3k6f1#2Q4x3X3g2B7M7r3M7`.
下面这张图就是我说的那篇文章,注意红圈中部分为超级密码,我就是从这里看出来超级密码的位置的。再注意它这个密码已经是解密过的明文.0a2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3k6T1z5h3p5K6y4h3b7%4k6o6u0U0j5K6l9H3y4U0j5^5x3U0M7&6z5q4g2J5c8X3g2W2z5g2q4Z5c8h3q4X3P5g2)9J5k6h3A6H3k6H3`.`.
现在关键的问题就是不知道这是用什么软件解出来的。他们写的这篇文章主要是推销他们开发的一种24RF08专用编程器,出于可以理解的原因文章里看不出来软件的名字。没关系,有Internet,我自己找。Google、Baidu、Yahoo轮流上,搜了一个上午没找到头绪。
中午的时候加了eastrepair站长的QQ,想跟他谈一谈可不可以只买他们那个解密软件,编程器因为我自己也有,再买就没意义了。对方报价1K,但是不光这一个解IBM的。是整套的,可以解IBM、Dell、HP、SONY等基本上所有的主流机器。东西是好东西,但是1K这个价格让人有些犹豫。准备下午再找找看。
在用芯片的型号24RF08CN搜索的时候终于找到一个国外网站有相关的内容。
8c3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5&6x3X3k6X3j5h3f1I4x3K6t1&6j5e0u0T1k6r3x3I4y4U0t1@1y4W2N6r3y4p5y4&6b7%4k6h3b7h3S2C8h3q4)9J5k6h3A6H3k6#2!0q4y4g2)9^5c8q4)9^5x3#2!0q4z5q4!0n7c8g2)9&6b7W2!0q4y4q4!0n7z5q4)9^5y4#2!0q4z5q4)9^5b7W2!0m8y4W2!0q4y4#2!0n7b7W2)9^5z5q4!0q4y4q4!0n7b7g2)9^5c8g2!0q4y4W2)9^5z5g2!0n7c8g2!0q4y4g2)9^5z5q4!0n7x3q4!0q4y4q4!0n7b7g2)9^5y4W2!0q4y4W2)9^5z5q4)9&6x3g2!0q4y4W2)9^5x3#2!0n7x3#2!0q4z5q4!0m8y4W2)9^5x3g2!0q4y4#2)9&6b7g2)9^5y4q4!0q4y4q4!0n7z5q4)9&6b7#2!0q4y4q4!0n7z5q4)9&6b7#2!0q4y4q4!0n7b7g2)9^5y4W2!0q4c8W2!0n7b7#2)9^5b7#2!0q4y4g2!0m8c8g2)9^5x3#2!0q4y4g2)9^5c8W2!0m8b7V1W2T1L8i4m8S2M7%4y4Q4c8e0y4Q4z5o6m8Q4z5o6u0Q4c8e0c8Q4b7U0S2Q4z5p5u0Q4c8e0S2Q4b7V1c8Q4b7V1c8Q4c8e0g2Q4b7f1g2Q4z5o6W2Q4c8e0S2Q4b7e0y4Q4z5o6g2Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0k6Q4z5f1y4Q4z5o6W2Q4c8e0k6Q4b7U0u0Q4b7e0q4Q4c8e0k6Q4z5f1y4Q4z5o6W2Q4c8e0g2Q4z5p5k6Q4z5e0q4Q4c8e0N6Q4z5p5g2Q4b7U0m8Q4c8e0g2Q4z5e0u0Q4z5p5x3^5i4@1f1$3i4@1p5#2i4@1u0o6i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1@1i4@1t1^5i4K6R3H3i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1@1i4@1t1^5i4K6W2o6i4@1f1@1i4@1t1^5i4K6W2o6i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1#2i4K6V1I4i4@1t1#2i4@1f1#2i4K6V1I4i4@1t1#2i4@1g2r3i4@1u0o6i4K6R3I4
打开先前保存的二进制文件。080K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3k6V1z5o6m8X3j5e0k6U0y4$3g2S2z5o6p5H3x3e0x3&6z5r3p5K6y4r3u0$3z5i4R3#2k6V1g2F1k6h3I4d9x3W2)9J5k6h3A6H3k6H3`.`.
以前我没有接触过笔记本解密这一块。但是我在网上看过一些文章,知道IBM的超级密码一般是存在Atmel的24RF08或者24CXXX之类的芯片里。拿到机器后首先想到的是拆开机器找这颗芯片。大卸八块后,发现原来就在内存槽下面,型号是24RF08CN。早知根本就不用拆这么散。
接下来要做的工作是用风枪卸下这颗芯片,放到编程器里去读取它里面的内容。编程器本身只能直接支持长条的DIP封装芯片,其它封装类型的芯片都必须要使用转接座。这种SO8的转接座我是有的,当时买编程器的时候特地配了一个。因为不光TP的笔记本上用到这种八脚存储芯片,其它比如内存SPD,网卡上都有用这种芯片。7d3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5@1y4r3f1&6z5r3x3^5z5o6g2W2y4U0u0V1y4o6l9J5y4$3f1%4x3p5g2I4e0@1!0I4x3#2A6o6f1h3&6A6L8q4)9J5k6h3A6H3k6H3`.`.
1e0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5%4y4e0c8U0j5K6V1@1x3e0S2X3y4h3q4X3x3h3p5#2j5e0M7^5k6f1A6C8K9$3&6i4K9X3S2q4k6#2b7J5f1W2)9J5k6h3A6H3k6H3`.`.
芯片焊上去的样子。这种转接座比较蠢,每次使用都要这样焊上焊下,次数多了座上的焊盘就不行了。在网上看到过不用焊直接夹住的转接座,比较先进的说!不过这种也有好处,那就是绝对不存在接触不良的问题。e73K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5%4y4r3c8T1y4o6x3#2y4o6j5#2y4K6q4U0j5e0u0S2j5X3q4S2j5h3q4V1L8K6c8I4L8U0N6v1x3#2c8y4d9#2)9J5k6h3A6H3k6H3`.`.
等到用编程器读取的时候才发现一个极度郁闷的问题:号称万能编程器的Labtool-48居然不支持24RF08这颗芯片。更让人郁闷的自从台湾研仪开发了它的下一代Labtool-48UXP后,已经停掉了对Labtool-48的软件升级。222K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3k6U0y4h3g2S2x3U0c8S2k6h3p5$3z5o6M7I4j5K6j5@1x3X3f1$3y4r3y4T1k6$3S2K6P5p5A6m8N6@1!0Z5K9g2)9J5k6h3A6H3k6H3`.`.
这时候想起来公司还有一台小小的西尔特编程器,这台西尔特因为支持的芯片种类太少,已经收起来不用很久了。从仓库的角落里翻出来,落了好厚一层灰.d95K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5#2k6o6c8S2j5K6k6W2x3U0c8T1y4e0N6U0j5U0p5$3z5h3y4W2y4U0k6x3c8$3q4b7d9p5V1@1k6g2N6v1L8q4)9J5k6h3A6H3k6H3`.`.
西尔特的随机光盘已经不见了,从网上当了个驱动装起来。在不抱希望的时候,惊喜地发现这台被遗忘了很久的西尔特居然支持24RF08CN。正所谓人不可貌相。d09K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5J5x3U0j5%4y4U0R3J5j5$3x3H3z5o6j5@1k6X3k6U0x3e0R3K6y4@1W2n7f1q4k6T1y4@1N6H3c8p5g2G2j5g2)9J5k6h3A6H3k6H3`.`.
读取芯片数据保存为一个二进制文件。点击编程器自带的编辑器,可以看到机器的序列号。超级密码也在其中,位于00000330的位置,因为是加密过的,所以编程器是看不出来的,只能看到一个个方块。超级密码的位置不是我研究出来的,而是从636N6%4N6%4i4K6u0W2j5X3W2G2M7%4u0W2M7r3q4A6M7W2)9J5k6h3y4G2L8g2!0q4y4q4!0n7z5q4)9^5b7g2!0q4y4#2)9&6b7g2)9^5y4q4!0q4y4q4!0n7z5q4)9^5x3q4!0q4y4#2!0m8c8W2)9^5y4#2!0q4y4W2)9&6y4W2)9^5y4#2!0q4y4#2!0m8b7W2!0m8x3q4!0q4y4#2)9&6b7#2)9^5b7W2!0q4y4W2)9&6c8q4!0m8y4g2!0q4y4#2)9&6b7g2)9^5y4q4!0q4x3#2)9^5x3q4)9^5x3W2!0q4y4W2)9&6b7#2)9^5z5g2!0q4y4g2)9^5y4g2!0n7x3#2!0q4y4#2)9^5z5g2)9^5z5q4!0q4y4W2)9&6c8q4)9^5x3#2!0q4y4#2)9&6b7g2)9^5y4q4!0q4z5g2)9&6y4#2!0m8c8g2!0q4z5g2!0m8x3W2)9&6z5q4!0q4y4W2)9^5z5q4)9&6x3g2!0q4y4q4!0n7b7W2!0m8b7#2!0q4z5q4!0m8y4W2)9^5x3g2!0q4y4q4!0n7b7g2!0m8y4q4!0q4y4q4!0n7b7W2!0m8x3#2!0q4y4W2!0n7z5q4)9^5y4g2!0q4y4W2!0m8y4g2)9&6b7g2!0q4x3#2)9^5x3q4)9^5x3R3`.`.
芯片读完后要焊回主板的,没有这颗芯片应该是开不了机器的。我没试过,但是想想应该是这样的,不然取掉芯片就可以了,想来Thinkpad不会让我们这么轻松的。52eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5I4z5e0R3@1k6U0S2U0k6r3j5#2x3K6j5#2j5X3j5K6y4K6M7J5k6e0y4&6f1#2y4Y4g2i4t1$3e0o6m8B7L8W2)9J5k6h3A6H3k6#2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7X3S2@1N6s2m8Q4x3@1q4Q4x3V1k6Q4x3V1k6X3L8%4u0#2L8g2)9J5k6e0f1I4L8X3u0Q4x3X3g2U0L8$3#2Q4x3V1k6S2N6s2c8S2j5$3S2E0k6h3&6@1M7#2)9J5c8X3#2G2L8Y4c8Z5i4K6g2X3x3e0p5H3x3#2)9J5c8U0t1H3x3e0p5H3x3K6t1@1i4K6g2X3j5U0u0W2x3o6g2U0x3K6p5%4y4$3q4V1x3e0f1H3y4X3g2X3j5K6x3$3e0o6b7$3N6%4c8w2e0h3#2h3k6f1#2Q4x3X3g2B7M7r3M7`.
下面这张图就是我说的那篇文章,注意红圈中部分为超级密码,我就是从这里看出来超级密码的位置的。再注意它这个密码已经是解密过的明文.0a2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3k6T1z5h3p5K6y4h3b7%4k6o6u0U0j5K6l9H3y4U0j5^5x3U0M7&6z5q4g2J5c8X3g2W2z5g2q4Z5c8h3q4X3P5g2)9J5k6h3A6H3k6H3`.`.
现在关键的问题就是不知道这是用什么软件解出来的。他们写的这篇文章主要是推销他们开发的一种24RF08专用编程器,出于可以理解的原因文章里看不出来软件的名字。没关系,有Internet,我自己找。Google、Baidu、Yahoo轮流上,搜了一个上午没找到头绪。
中午的时候加了eastrepair站长的QQ,想跟他谈一谈可不可以只买他们那个解密软件,编程器因为我自己也有,再买就没意义了。对方报价1K,但是不光这一个解IBM的。是整套的,可以解IBM、Dell、HP、SONY等基本上所有的主流机器。东西是好东西,但是1K这个价格让人有些犹豫。准备下午再找找看。
在用芯片的型号24RF08CN搜索的时候终于找到一个国外网站有相关的内容。
8c3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3j5&6x3X3k6X3j5h3f1I4x3K6t1&6j5e0u0T1k6r3x3I4y4U0t1@1y4W2N6r3y4p5y4&6b7%4k6h3b7h3S2C8h3q4)9J5k6h3A6H3k6#2!0q4y4g2)9^5c8q4)9^5x3#2!0q4z5q4!0n7c8g2)9&6b7W2!0q4y4q4!0n7z5q4)9^5y4#2!0q4z5q4)9^5b7W2!0m8y4W2!0q4y4#2!0n7b7W2)9^5z5q4!0q4y4q4!0n7b7g2)9^5c8g2!0q4y4W2)9^5z5g2!0n7c8g2!0q4y4g2)9^5z5q4!0n7x3q4!0q4y4q4!0n7b7g2)9^5y4W2!0q4y4W2)9^5z5q4)9&6x3g2!0q4y4W2)9^5x3#2!0n7x3#2!0q4z5q4!0m8y4W2)9^5x3g2!0q4y4#2)9&6b7g2)9^5y4q4!0q4y4q4!0n7z5q4)9&6b7#2!0q4y4q4!0n7z5q4)9&6b7#2!0q4y4q4!0n7b7g2)9^5y4W2!0q4c8W2!0n7b7#2)9^5b7#2!0q4y4g2!0m8c8g2)9^5x3#2!0q4y4g2)9^5c8W2!0m8b7V1W2T1L8i4m8S2M7%4y4Q4c8e0y4Q4z5o6m8Q4z5o6u0Q4c8e0c8Q4b7U0S2Q4z5p5u0Q4c8e0S2Q4b7V1c8Q4b7V1c8Q4c8e0g2Q4b7f1g2Q4z5o6W2Q4c8e0S2Q4b7e0y4Q4z5o6g2Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0k6Q4z5f1y4Q4z5o6W2Q4c8e0k6Q4b7U0u0Q4b7e0q4Q4c8e0k6Q4z5f1y4Q4z5o6W2Q4c8e0g2Q4z5p5k6Q4z5e0q4Q4c8e0N6Q4z5p5g2Q4b7U0m8Q4c8e0g2Q4z5e0u0Q4z5p5x3^5i4@1f1$3i4@1p5#2i4@1u0o6i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1@1i4@1t1^5i4K6R3H3i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1@1i4@1t1^5i4K6W2o6i4@1f1@1i4@1t1^5i4K6W2o6i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1#2i4K6V1I4i4@1t1#2i4@1f1#2i4K6V1I4i4@1t1#2i4@1g2r3i4@1u0o6i4K6R3I4
打开先前保存的二进制文件。080K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2y4e0q4F1j5W2)9J5k6h3y4G2L8g2)9J5c8X3q4@1N6r3q4U0K9r3#2W2L8Y4c8K6i4K6u0r3L8h3!0F1N6r3S2Q4y4h3j5I4x3e0l9K6i4K6u0r3x3U0l9I4x3e0l9K6x3U0c8Q4y4h3k6V1z5o6m8X3j5e0k6U0y4$3g2S2z5o6p5H3x3e0x3&6z5r3p5K6y4r3u0$3z5i4R3#2k6V1g2F1k6h3I4d9x3W2)9J5k6h3A6H3k6H3`.`.
|
|
|---|---|
