Easily crack Windows Syskey Double encryption-vulnerability warning-the black bar safety net

ID MYHACK58:6220067481
Type myhack58
Reporter 佚名
Modified 2006-02-28T00:00:00


Many of my friends may know that in Windows 2 0 0 0 and Windows XP you can use the syskey command to the system is encrypted using Syskey Double encryption system generally speaking it should be relatively safe, however some of the so-called hack or find a hack Syskey dual encryption method, the following will look at how to Syskey Double encryption, a hacker and how to crack Syskey Double encryption!

One, Syskey Double encryption method

1. The Set up a dual-boot passwords

In the system account password data file has been encrypted, the ordinary method is not able to see where the true content, but the use of some tool software you can easily view, and the Syskey on this account password data file for secondary encryption, so that can guarantee system security. At the same time it also can set the boot password, this password before the user password before, and therefore play a dual protection function. The specific setting method is as follows:

(1) In“run”, enter“syskey”you can start the encryption of the Windows here to Windows XP, for example, as Figure 1:


If the direct click“OK”you will find and no hints, you have actually completed the SAM file of the secondary encryption work.

(2)Set up a dual-boot password: just set just on the SAM file for the secondary encryption. But at this time did not set up a dual-boot password, you need to click on“update”to enter the password settings window to set, such as Figure 2:


Select the“password startup”, and then twice repeated to set the boot password, save the settings after the completion of the dual password settings.

Thus in starting the system, first you will be prompted to enter the boot password, only to start the password is correct it will appear the user and password input interface. Do not think like Win9x, like the use of the ESC key can be skipped, here will make the machine restart.

Note: This encryption function once started cannot be turned off. The only solution is to open the back up the registry before, you need to close when restore a backup of the registry. But to cancel the startup password is still very simple, in the start the password setting window, select“On this machine save boot password”, determined to will let you input you just set the boot password, after completion of the startup password has been saved on the hard drive, so boot time will not display the startup password window.

2. the Create a“boot floppy”

Set up a dual-boot password in a certain extent, enhance its security, but if you do not care to be someone spying your passwords, or useless, to really be absolutely safe, you also need to bring a system power on“key” it!

The use of Syskey can also create“power on key”at boot time only insert this“key”to enter the system.

The same is to start the password settings window, select the“on the floppy disk save startup password”, then you will be prompted to enter the set boot password, used to verify the user's authenticity. As shown in Figure 3:


Then you will be prompted to insert a blank floppy disk, to determine after the password file has been stored on the floppy disk. note be sure to take good care of your floppy disk, the floppy disk is lost after you only format the machine reinstall the system.

So after the setup is complete, the next time you start the machine, first you will be prompted to insert the password diskette, after successful authentication to enter the system. The use of Syskey can be very good to encrypt the account password data file, while the set to start a dual password also a very good protection system safety.

Tip: You can also for different users to create different“power on key”, the specific method is the same as above. Insert the password diskette, according to different accounts, enter a different password. However, the password floppy disk in the key file can be copied to another floppy disk, so you also must be guarded well your floppy disk is!

Two, easy to crack Syskey encryption

In Windows 2 0 0 0/XP system installation directory there is a“repair”folder, the specific location is: c: WINDOWS epair, where c: is your installation of the system where the drive letter, which holds that the system installation is complete after the first start create registry backup files, as shown in Figure 4)。


Hackers use this registry backup file to replace the current system in the registry information file, the system will be restored to just after installing the system state. Specific operation method is as follows:

First of all using Windows 2 0 0 0/XP installation CD to boot the system, enter the System Recovery Console, and then the“X: WINDOWSsystem32config”under the file replaced with the“repair”file under the same name file in order to ensure the safety of the system in to be replaced before the best would be“X: WINDOWSsystem32config”folder of the registry file backup. If in Windows 2 0 0 0, Then the corresponding folder to X: WINNT is. in. The specific operation of the command is:

copy windows epairsam c: windowssystem32config

copy windows epairsystem c: windowssystem32config

copy windows epairsecurity c: windowssystem32config

copy windows epairsoftware c: windowssystem32config

copy windows epairdefault c: windowssystem32config

The completion of the above replacement operation to restart the computer after you can clear the syskey password, in this case to the Administrator user login system, note that in this case you must enter the system when installed set the Administrator user corresponds to the password. Just like that, hackers would easily break the syskey limit!

Since the“repair”file under the registry file information is the system installation is complete when generated, use this registry file to overwrite the current system registry information, will inevitably lead to most of the software and hardware information is lost, thus after entering the system, the need to re-install the software and hardware aspects of the program, the re-establishment of the user and user group level.

Third, the prevention method

The original syskey encryption system has been very safe, but still a hack, for this hack, we must be optimistic about your love machine, not to some ill-intended person to start the opportunity. At the same time we can also be used on the market the more popular the flash drive boot lock to protect your system, the boot lock's main function is to prevent others from illegally using your computer, and can set the computer lock time. Of course, such computer lock is also expensive, the demand for security is particularly high, the user can use!