解密 SQL Server 的加密存儲(chǔ)過程

1、解密SQL Server加密存儲(chǔ)過程,函數(shù),觸發(fā)器,視圖本主主題包括了解密SQLServer2005和Sql Server 2000的加密存儲(chǔ)過程,函數(shù),觸發(fā)器,視圖。A),解密SQLServer2005加密存儲(chǔ)過程,函數(shù),觸發(fā)器,視圖在SQL SERVER 2005中必須用專用管理連接才可以查看過程過程中用到的表，專用管理連接需要在sqlcmd命令后帶參數(shù) -A,要不然就會(huì)出錯(cuò)，提示 無效的對(duì)象名：'sys.sysobjvalues'Msg 208, Level 16, State 1, Server MICROSOF-A91382WINCC, Procedure sp_de

2、crypt,Line 8Invalid object name 'sys.sysobjvalues'.步驟：1、創(chuàng)建sp_decrypt儲(chǔ)存過程，見create PROCEDURE dbo.sp_decrypt 部分2、使用命令行：sqlcmd -A -S localhost>use 數(shù)據(jù)庫名>go>sp_decrypt '加密的對(duì)象名'>go就顯示加密對(duì)象的內(nèi)容了/-create PROCEDURE dbo.sp_decrypt (procedure sysname = NULL) AS SET NOCOUNT ON BEGINDECL

3、ARE intProcSpace bigint, t bigint, maxColID smallint,intEncrypted tinyint,procNameLength int select maxColID = max(subobjid),intEncrypted = imageval FROM sys.sysobjvalues WHERE objid = object_id(procedure) GROUP BY imageval select procNameLength = datalength(procedure) + 29 DECLARE real_01 nvarchar(

4、max) DECLARE fake_01 nvarchar(max) DECLARE fake_encrypt_01 nvarchar(max) DECLARE real_decrypt_01 nvarchar(max),real_decrypt_01a nvarchar(max) declare objtype varchar(2),ParentName nvarchar(max) select real_decrypt_01a = '' -提取對(duì)象的類型如是存儲(chǔ)過程還是函數(shù)，如果是觸發(fā)器，還要得到其父對(duì)象的名稱 select objtype=type,parentname=

5、object_name(parent_object_id) from sys.objects where object_id=object_id(procedure) - 從sys.sysobjvalues里提出加密的imageval記錄 SET real_01=(SELECT top 1 imageval FROM sys.sysobjvalues WHERE objid = object_id(procedure) and valclass = 1 order by subobjid) -創(chuàng)建一個(gè)臨時(shí)表 create table #output ( ident int IDENTITY (

6、1, 1) NOT NULL , real_decrypt NVARCHAR(MAX) ) -開始一個(gè)事務(wù)，稍后回滾 BEGIN TRAN -更改原始的存儲(chǔ)過程，用短橫線替換 if objtype='P' SET fake_01='ALTER PROCEDURE '+ procedure +' WITH ENCRYPTION AS '+REPLICATE('-', 40003 - procNameLength) else if objtype='FN' SET fake_01='ALTER FUNCTION

7、 '+ procedure +'() RETURNS INT WITH ENCRYPTION AS BEGIN RETURN 1 /*'+REPLICATE('*', datalength(real_01) /2 - procNameLength)+'*/ END' else if objtype='V' SET fake_01='ALTER view '+ procedure +' WITH ENCRYPTION AS select 1 as col /*'+REPLICATE('

8、*', datalength(real_01) /2 - procNameLength)+'*/' else if objtype='TR' SET fake_01='ALTER trigger '+ procedure +' ON '+parentname+'WITH ENCRYPTION AFTER INSERT AS RAISERROR (''N'',16,10) /*'+REPLICATE('*', datalength(real_01) /2 - p

9、rocNameLength)+'*/' EXECUTE (fake_01) -從sys.sysobjvalues里提出加密的假的 SET fake_encrypt_01=(SELECT top 1 imageval FROM sys.sysobjvalues WHERE objid = object_id(procedure) and valclass = 1 order by subobjid ) if objtype='P' SET fake_01='Create PROCEDURE '+ procedure +' WITH ENCR

10、YPTION AS '+REPLICATE('-', 40003 - procNameLength) else if objtype='FN' SET fake_01='CREATE FUNCTION '+ procedure +'() RETURNS INT WITH ENCRYPTION AS BEGIN RETURN 1 /*'+REPLICATE('*', datalength(real_01) /2 - procNameLength)+'*/ END' else if objtyp

11、e='V' SET fake_01='Create view '+ procedure +' WITH ENCRYPTION AS select 1 as col /*'+REPLICATE('*', datalength(real_01) /2 - procNameLength)+'*/' else if objtype='TR' SET fake_01='Create trigger '+ procedure +' ON '+parentname+'WIT

12、H ENCRYPTION AFTER INSERT AS RAISERROR (''N'',16,10) /*'+REPLICATE('*', datalength(real_01) /2 - procNameLength)+'*/' -開始計(jì)數(shù) SET intProcSpace=1 -使用字符填充臨時(shí)變量 SET real_decrypt_01 = replicate(N'A', (datalength(real_01) /2 ) -循環(huán)設(shè)置每一個(gè)變量，創(chuàng)建真正的變量 -每次一個(gè)字節(jié) SET intPro

13、cSpace=1 -如有必要，遍歷每個(gè)real_xx變量并解密 WHILE intProcSpace<=(datalength(real_01)/2) BEGIN -真的和假的和加密的假的進(jìn)行異或處理 SET real_decrypt_01 = stuff(real_decrypt_01, intProcSpace, 1, NCHAR(UNICODE(substring(real_01, intProcSpace, 1) (UNICODE(substring(fake_01, intProcSpace, 1) UNICODE(substring(fake_encrypt_01, intP

14、rocSpace, 1) SET intProcSpace=intProcSpace+1 END -通過sp_helptext邏輯向表#output里插入變量 insert #output (real_decrypt) select real_decrypt_01 - select real_decrypt AS '#output chek' from #output -測(cè)試 - - -開始從sp_helptext提取 - - declare dbname sysname ,BlankSpaceAdded int ,BasePos int ,CurrentPos int ,Te

15、xtLength int ,LineId int ,AddOnLen int ,LFCR int -回車換行的長度 ,DefinedLength int ,SyscomText nvarchar(4000) ,Line nvarchar(255) Select DefinedLength = 255 SELECT BlankSpaceAdded = 0 -跟蹤行結(jié)束的空格。注意Len函數(shù)忽略了多余的空格 CREATE TABLE #CommentText (LineId int ,Text nvarchar(255) collate database_default) -使用#output代替

16、sys.sysobjvalues DECLARE ms_crs_syscom CURSOR LOCAL FOR SELECT real_decrypt from #output ORDER BY ident FOR READ ONLY -獲取文本 SELECT LFCR = 2 SELECT LineId = 1 OPEN ms_crs_syscom FETCH NEXT FROM ms_crs_syscom into SyscomText WHILE fetch_status >= 0 BEGIN SELECT BasePos = 1 SELECT CurrentPos = 1 SEL

17、ECT TextLength = LEN(SyscomText) WHILE CurrentPos != 0 BEGIN -通過回車查找行的結(jié)束 SELECT CurrentPos = CHARINDEX(char(13)+char(10), SyscomText, BasePos) -如果找到回車 IF CurrentPos != 0 BEGIN -如果Lines的長度的新值比設(shè)置的大就插入Lines目前的內(nèi)容并繼續(xù) While (isnull(LEN(Line),0) + BlankSpaceAdded + CurrentPos-BasePos + LFCR) > DefinedLe

18、ngth BEGIN SELECT AddOnLen = DefinedLength-(isnull(LEN(Line),0) + BlankSpaceAdded) INSERT #CommentText VALUES ( LineId, isnull(Line, N'') + isnull(SUBSTRING(SyscomText, BasePos, AddOnLen), N'') SELECT Line = NULL, LineId = LineId + 1, BasePos = BasePos + AddOnLen, BlankSpaceAdded = 0

19、 END SELECT Line = isnull(Line, N'') + isnull(SUBSTRING(SyscomText, BasePos, CurrentPos-BasePos + LFCR), N'') SELECT BasePos = CurrentPos+2 INSERT #CommentText VALUES( LineId, Line ) SELECT LineId = LineId + 1 SELECT Line = NULL END ELSE -如果回車沒找到 BEGIN IF BasePos <= TextLength BEG

20、IN -如果Lines長度的新值大于定義的長度 While (isnull(LEN(Line),0) + BlankSpaceAdded + TextLength-BasePos+1 ) > DefinedLength BEGIN SELECT AddOnLen = DefinedLength - (isnull(LEN(Line),0) + BlankSpaceAdded) INSERT #CommentText VALUES ( LineId, isnull(Line, N'') + isnull(SUBSTRING(SyscomText, BasePos, AddO

21、nLen), N'') SELECT Line = NULL, LineId = LineId + 1, BasePos = BasePos + AddOnLen, BlankSpaceAdded = 0 END SELECT Line = isnull(Line, N'') + isnull(SUBSTRING(SyscomText, BasePos, TextLength-BasePos+1 ), N'') if LEN(Line) < DefinedLength and charindex(' ', SyscomTex

22、t, TextLength+1 ) > 0 BEGIN SELECT Line = Line + ' ', BlankSpaceAdded = 1 END END END END FETCH NEXT FROM ms_crs_syscom into SyscomText END IF Line is NOT NULL INSERT #CommentText VALUES( LineId, Line ) select Text from #CommentText order by LineId CLOSE ms_crs_syscom DEALLOCATE ms_crs_sy

23、scom DROP TABLE #CommentText - - -結(jié)束從sp_helptext提取 - - -刪除用短橫線創(chuàng)建的存儲(chǔ)過程并重建原始的存儲(chǔ)過程 ROLLBACK TRAN DROP TABLE #outputEND B),解密SQLServer2000加密存儲(chǔ)過程,函數(shù),觸發(fā)器,視圖創(chuàng)建好sp_decrypt之后，運(yùn)行SQLServer2000查詢分析器use db_nameexec sp_decrypt 'encrypt_view' 顯示加密內(nèi)容 /- createPROCEDURE sp_decrypt(objectname varchar(50) AS b

24、egin set nocount on -CSDN：j9988 copyright:2004.07.15 -V3.2 -破解字節(jié)不受限制，適用于SQLSERVER2000存儲(chǔ)過程，函數(shù)，視圖，觸發(fā)器 -修正上一版"視圖觸發(fā)器"不能正確解密錯(cuò)誤 -發(fā)現(xiàn)有錯(cuò)，請(qǐng)E_MAIL：CSDNj9988 begin tran declare objectname1 varchar(100),orgvarbin varbinary(8000) declare sql1 nvarchar(4000),sql2 varchar(8000),sql3 nvarchar(4000),sql4 nv

25、archar(4000) DECLAREOrigSpText1 nvarchar(4000),OrigSpText2 nvarchar(4000) , OrigSpText3 nvarchar(4000), resultsp nvarchar(4000) declarei int,status int,type varchar(10),parentid int declare colid int,n int,q int,j int,k int,encrypted int,number int select type=xtype,parentid=parent_obj from sysobjec

26、ts where id=object_id(objectname) create table#temp(number int,colid int,ctext varbinary(8000),encrypted int,status int) insert #temp SELECT number,colid,ctext,encrypted,status FROM syscommentsWHERE id = object_id(objectname) select number=max(number) from #temp set k=0 while k<=number begin if e

27、xists(select 1 from syscomments where id=object_id(objectname) and number=k) begin if type='P' set sql1=(case when number>1 then 'ALTER PROCEDURE '+ objectname +''+rtrim(k)+' WITH ENCRYPTION AS ' else 'ALTER PROCEDURE '+ objectname+' WITH ENCRYPTION AS

28、' end) if type='TR' begin declare parent_obj varchar(255),tr_parent_xtype varchar(10) select parent_obj=parent_obj from sysobjects where id=object_id(objectname) select tr_parent_xtype=xtype from sysobjects where id=parent_obj if tr_parent_xtype='V' begin set sql1='ALTER TRIG

29、GER '+objectname+' ON '+OBJECT_NAME(parentid)+' WITH ENCRYPTION INSTERD OF INSERT AS PRINT 1 ' end else begin set sql1='ALTER TRIGGER '+objectname+' ON '+OBJECT_NAME(parentid)+' WITH ENCRYPTION FOR INSERT AS PRINT 1 ' end end if type='FN' or type=&

30、#39;TF' or type='IF' set sql1=(case type when 'TF' then 'ALTER FUNCTION '+ objectname+'(a char(1) returns b table(a varchar(10) with encryption as begin insert b select a return end ' when 'FN' then 'ALTER FUNCTION '+ objectname+'(a char(1) ret

31、urns char(1) with encryption as begin return a end' when 'IF' then 'ALTER FUNCTION '+ objectname+'(a char(1) returns table with encryption as return select a as a' end) if type='V' set sql1='ALTER VIEW '+objectname+' WITH ENCRYPTION AS SELECT 1 as f

32、9; set q=len(sql1) set sql1=sql1+REPLICATE('-',4000-q) select sql2=REPLICATE('-',8000) set sql3='exec(sql1' select colid=max(colid) from #temp where number=k set n=1 while n<=CEILING(1.0*(colid-1)/2) and len(sql3)<=3996 begin set sql3=sql3+'+' set n=n+1 end set

33、sql3=sql3+')' exec sp_executesql sql3,N'sql1 nvarchar(4000), varchar(8000)',sql1=sql1,=sql2 end set k=k+1 end set k=0 while k<=number begin if exists(select 1 from syscomments where id=object_id(objectname) and number=k) begin select colid=max(colid) from #temp where number=k set

34、n=1 while n<=colid begin select OrigSpText1=ctext,encrypted=encrypted,status=status FROM #tempWHERE colid=n and number=k SET OrigSpText3=(SELECT ctext FROM syscomments WHERE id=object_id(objectname) and colid=n and number=k) if n=1 begin if type='P' SET OrigSpText2=(case when number>1

35、then 'CREATE PROCEDURE '+ objectname +''+rtrim(k)+' WITH ENCRYPTION AS ' else 'CREATE PROCEDURE '+ objectname +' WITH ENCRYPTION AS ' end) if type='FN' or type='TF' or type='IF' SET OrigSpText2=(case type when 'TF' then 'CRE

36、ATE FUNCTION '+ objectname+'(a char(1) returns b table(a varchar(10) with encryption as begin insert b select a return end ' when 'FN' then 'CREATE FUNCTION '+ objectname+'(a char(1) returns char(1) with encryption as begin return a end' when 'IF' then 'CREATE FUNCTION '+ objectname+'(a char(1) returns table with encryption as return select a as a' en