发布ros密码清除光盘
本帖最后由 情灭缘尽 于 2009-2-26 09:33 编辑下载地址
支持 ros 2.8-----4.x
bug请邮件到lcnja@qq
有时间的帮我踩qzone哦
测试过的朋友说下情况(ros版本/磁盘类型/结果),特别是sata接口盘的时候的情况,我没测试过
例
2.9.27/ide/成功
我自己测试结果
3.20/ide/成功 本帖最后由 cracks 于 2009-2-26 00:00 编辑
大家新年好,我情灭缘尽,QQ=93334898
今天简单的说一下ros密码清除工具的用法
ros密码遗忘以后,如果不想重新安装导致配置丢失
就需要清除密码,也可以说是还原密码
下面看我的操作
我们现在修改admin用户的用户名称和密码
模拟一次忘记密码和用户的过程
现在假设我忘记了密码和用户了
现在我们把ros停机
不停机那是不能清除密码的
停机以后重新启动,用我做的livecd盘引导系统
这里再介绍一下,我qq号码是93334898
我姓高,呵呵,据说有人用我的名义忽悠人,这里强调一
下我的qq号码,呵呵
ros是不支持scsi/sas盘的,如果以后支持那是最好
记住选择的时候ros的版本和磁盘类型别选错了哦
否则就操作失败就只能重新启动再选择一次了哦
呵呵
本操作不影响数据,呵呵
完成操作以后,请使用admin 空密码
登录吧
旁边已经操作完成了,我们看看
呵呵,简单吧,我们再试试
说明一下哦,2.8的ros是不支持sata盘的哦,呵呵
2.9的才可能使用sata盘,用dom盘的记得看清楚
大部分dom都是ide的,当然sata的也是有的
反正大家按照自己的实际情况选择
好啦,88各位
好原创,杂能一个"顶"字了得!!! 有的用,我只看不说话!!!
----------------------------------
:lol有空我也发布一个...支持情灭缘尽
---打击网络山寨人士人人有责....................
支持原创!!
测试可用,秋风落叶扫㊣----鉴定完毕!!!! 直接接电脑上.删user.dat文件不是更方便么.为何要弄成iso呢 有空我也发布一个...支持情灭缘尽 ---打击山寨人士人人有责..... 演示文件地址 好东西 哈,顶上 直接接电脑上.删user.dat文件不是更方便么.为何要弄成iso呢
ksw520 发表于 2009-2-25 23:52 http://bbs.routerclub.com/images/common/back.gif
因为有人不喜欢用命令撒 windows下就可以,点鼠标就能完成不需要命令.
搞光盘就该搞成一个 读取密码的.恢复空密码就没多大意思了. /*
mtpass.cpp
This tool decodes user passwords from MikroTik RouterOS user.dat file
license: GPL v2.0
(c) by Mariusz "Manio" Bialonczyk; manio@skyboo.net
v0.1 : initial release
v0.2 : rewritten in C++
ability to show other users besides admin
added decrypt keys and key prediction
*/
#include <iostream>
#include <list>
#include <fcntl.h>
using namespace std;
const char* szVerInfo = "mtpass v0.2 - MikroTik RouterOS password recovery tool, (c) 2008 by Manio";
const char* szFormatHdr = "%-3s | %-15s | %-18s | %-14s | %-35s";
const char* szFormatData = "%-3d | %-15s | %-18s | %-14s | %-35s";
const int iFormatLineLength = 92;
const int KeyLength = 16;
const char key[] = {
{0x02, 0x6d, 0xb5, 0x70, 0x66, 0xa6, 0x3d, 0x2a, 0xb7, 0xcd, 0xec, 0x68, 0xe2, 0x6e, 0x44, 0x0e},
{0x48, 0xbf, 0xde, 0x06, 0x49, 0x5a, 0x0e, 0x2d, 0x09, 0xd5, 0xfb, 0x27, 0xb1, 0x44, 0xec, 0x93},
{0xe8, 0x61, 0xb0, 0xa8, 0x2f, 0xbb, 0x68, 0x29, 0xe2, 0x53, 0xce, 0xeb, 0x1e, 0x3e, 0x61, 0x5a},
{0x98, 0x40, 0x20, 0xa0, 0x8c, 0xb9, 0xba, 0x55, 0xb9, 0xb6, 0xf2, 0x48, 0x0c, 0xd5, 0x2b, 0x80},
{0xe3, 0x33, 0x29, 0x1d, 0x2e, 0xc8, 0x9a, 0xfc, 0xf2, 0xd2, 0xc5, 0x8c, 0xe5, 0xfd, 0xff, 0x36},
{0x06, 0xa4, 0x6c, 0x65, 0x97, 0x5b, 0x79, 0x7c, 0x74, 0xf6, 0xbd, 0x94, 0x43, 0x00, 0x23, 0x41},
{0x79, 0x37, 0x7c, 0x26, 0xdc, 0x38, 0xbf, 0xda, 0xf2, 0x23, 0xd4, 0x57, 0x83, 0xa9, 0x84, 0xdb},
{0x3f, 0xea, 0xb5, 0x12, 0x11, 0xab, 0x30, 0x17, 0xbe, 0x71, 0x86, 0xae, 0x65, 0xde, 0x96, 0x60},
{0xa2, 0xdb, 0xb1, 0x5d, 0x27, 0x72, 0x44, 0x6f, 0xa9, 0x1c, 0xa2, 0x38, 0xb0, 0xfc, 0xc2, 0x29},
{0x26, 0xa0, 0x52, 0x14, 0x80, 0x0e, 0xa2, 0x6b, 0xbd, 0x5f, 0x7c, 0x53, 0x6f, 0xde, 0x08, 0x71}
};
class cUserRecord
{
private:
bool bDisabled;
int iRecNumber;
char szCryptedPass;
char* szUserName;
char* szComment;
int iPrefKey;
public:
cUserRecord()
{
szUserName=NULL;
szComment=NULL;
bDisabled=false;
iRecNumber=-1;
bzero(szCryptedPass, KeyLength);
}
cUserRecord(const cUserRecord &t)
{
bDisabled=t.bDisabled;
iRecNumber=t.iRecNumber;
memcpy(szCryptedPass, t.szCryptedPass, KeyLength);
if (t.szUserName==NULL)
szUserName=NULL;
else
{
szUserName=new char;
strcpy(szUserName, t.szUserName);
}
if (t.szComment==NULL)
szComment=NULL;
else
{
szComment=new char;
strcpy(szComment, t.szComment);
}
}
~cUserRecord()
{
if (szUserName) delete []szUserName;
if (szComment) delete []szComment;
}
void SetCryptedPass(char* pPass)
{
memcpy(szCryptedPass, pPass, KeyLength);
}
void SetDisableFlag(bool bFlag)
{
bDisabled=bFlag;
}
void SetRecNumber(int iRecNo)
{
iRecNumber=iRecNo;
}
void SetUserName(char* NewUserName)
{
if (szUserName) delete []szUserName;
szUserName=new char;
strcpy(szUserName, NewUserName);
}
void SetComment(char* NewComment)
{
if (szComment) delete []szComment;
szComment=new char;
strcpy(szComment, NewComment);
}
void compute(int keys)
{
/*
i don't know the key selection algorithn - so above are the keys that i collected so far
and this function is simply trying to predict the correct key based on number of printable
characters in output
*/
int maxpts, pts;
maxpts=0;
char c;
for (int i=0; i<keys; i++)
{
pts=0;
for (int j=0; j<KeyLength; j++)
{
c=szCryptedPass^key;
if (c==0x00 || (c>=32 && c<=126))
pts++;
}
if (pts>maxpts)
{
iPrefKey=i;
maxpts=pts;
}
}
}
void show()
{
char szPass={0};
for (int i=0; i<KeyLength; i++)
sprintf(szPass+i, "%c", szCryptedPass ^ key);
fprintf(stdout, szFormatData, iRecNumber, szUserName, szPass, bDisabled?"USER DISABLED":"", szComment==NULL?"":szComment);
fprintf(stdout, "\n");
}
};
int main(int argc, char **argv)
{
char *buff;
int fd;
list<cUserRecord> tabUser;
int i, bytes, iKeys;
fprintf(stdout, "%s\n\n", szVerInfo);
if (argc <= 1)
{
fprintf(stdout, "usage: %s input_file\n", argv);
fprintf(stdout, "input_file: RouterOS userdata file from /nova/store/user.dat\n");
return -1;
}
fd = open(argv, O_RDONLY);
if (fd < 0)
{
fprintf(stderr, "Error: could not open file: %s\n", argv);
return -2;
}
bytes = lseek(fd, 0, SEEK_END);
fprintf(stdout, "Reading file %s, %d bytes long\n", argv, bytes);
buff = new char;
if (buff==NULL)
{
fprintf(stderr, "Error: cannot allocate buffer\n");
return -3;
}
cUserRecord *ptr=NULL;
lseek(fd, 0, SEEK_SET);
if (read(fd, buff, bytes) == bytes)
{
for (i=0; i<bytes; i++)
{
//searching for StartOfRecord
if ((buff==0x4d) && (buff==0x32) && (buff==0x0a))
{
ptr=new cUserRecord;
//fprintf(stdout, "Found user record at offset 0x%.5x\n",i);
//5 bytes ahead is enable/disable flag
i+=5;
ptr->SetDisableFlag(bool(buff));
i+=15;
ptr->SetRecNumber(buff);
i+=18;
//is there a comment?
if (buff!=0x00)
{
char *tmp=new char+1];
memcpy(tmp,(void*)&buff,buff);
//terminating the string
tmp]=0;
ptr->SetComment(tmp);
delete tmp;
i+=buff;
}
//searching for StartOfPassword
while (!((buff==0x11) && (buff==0x21) && (buff==0x10))) i++;
i+=5;
//copying pass
ptr->SetCryptedPass(&buff);
i+=buff;
//searching for StartOfUsername
while (!((buff==0x01) && (buff==0x21))) i++;
i+=4;
if (buff!=0x00)
{
char *tmp=new char+1];
memcpy(tmp,(void*)&buff,buff);
//terminating the string
tmp]=0;
ptr->SetUserName(tmp);
delete tmp;
i+=buff;
}
tabUser.push_back(*ptr);
}
//clean if we need to
if (ptr)
{
delete ptr;
ptr=NULL;
}
}
delete buff;
}
else
{
fprintf(stderr, "Error: can't read file\n");
return -4;
}
close(fd);
iKeys=sizeof(key)/KeyLength;
//show the results
list<cUserRecord>::iterator iter1;
list<cUserRecord>::iterator iter2;
iter1 = tabUser.begin();
iter2 = tabUser.end();
//print header
fprintf(stdout, "\n");
fprintf(stdout, szFormatHdr, "Rec#", "Username", "Password", "Disable flag", "User comment");
fprintf(stdout, "\n");
for (int i=0; i<iFormatLineLength; i++) fprintf(stdout, "-");
fprintf(stdout, "\n");
//print data
for (; iter1!=iter2; ++iter1)
{
iter1->compute(iKeys);
iter1->show();
}
fprintf(stdout, "\n");
return 0;
} 从不在windows下处理linux问题的人飘过 来抢金币的 已经测试
很好很强大 /*
mtpass.cpp
This tool decodes user passwords from MikroTik RouterOS user.dat file
license: GPL v2.0
(c) by Mariusz "Manio" Bialonczyk; manio@skyboo.net
v0.1 :...
ksw520 发表于 2009-2-25 23:59 http://bbs.routerclub.com/images/common/back.gif
好东西,我有时间弄到那个光盘里面去 謝謝! 顶一个支持情灭