Shulou(Shulou.com)06/01 Report--

This article will explain the decryption process of SQL SERVER SP for you in detail. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

In SQL SERVER, Microsoft is known to use the RC4 algorithm to encrypt and decrypt stored procedures. The following is the idea of decrypting the stored procedure, according to which the reader can write a decrypted Mini Program.

To decrypt SP is to answer the following proof question.

Known conditions:

The ciphertext of the known stored procedure SP_A that needs to be decrypted is Ma. Replace SP_A with a known plaintext SP_B, so that the plaintext and ciphertext of SP_B are Tb and Mb, respectively.

Verification: Ta=Ma ⊕ Tb ⊕ Mb,Ta is the plaintext of the stored procedure that needs to be decrypted.

Proof process:

Log in to SQLSERVER with DAC and get Ma and Mb: SELECT imageval FROM sys.sysobjvalues where... Since the RC4 algorithm uses the same secret key for encryption and decryption, assuming that the secret key is K, then:

A. Mb=Tb ⊕ K

b. According to the XOR formula, you can get the following secret keys used by the stored procedure to add and decrypt:

K ⊕ 0 K ⊕ Tb ⊕ Tb= (K ⊕ Tb) ⊕ Tb= (Tb ⊕ K) ⊕ Tb=Mb ⊕ Tb because of Ma=Ta ⊕ K, the XOR formula is used again and the following results are obtained:

Ta=Ta ⊕ 0=Ta ⊕ (K ⊕ K) = (Ta ⊕ K) ⊕ K=Ma ⊕ K=Ma ⊕ Mb ⊕ Tb, namely Ta=Ma ⊕ Tb ⊕ Mb,Ta, is the plaintext of the stored procedure that needs to be decrypted.

/ * * Object: StoredProcedure [dbo]. [dbtwin_sp_decrypt] Script Date: 01UniUniverse 21:09:31 /

IF EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID (N' [dbo]. [dbtwin_sp_decrypt]') AND type in (Nipple, Native PC'))

DROP PROCEDURE [dbo]. [dbtwin_sp_decrypt]

GO

/ * * Object: StoredProcedure [dbo]. [dbtwin_sp_decrypt] Script Date: 01UniUniverse 21:09:31 /

SET ANSI_NULLS ON

GO

SET QUOTED_IDENTIFIER ON

GO

CREATE PROCEDURE [dbo]. [dbtwin_sp_decrypt] (@ procname sysname = NULL)

AS

DECLARE @ encrypted NVARCHAR (MAX)

DECLARE @ encryptedLength INT

DECLARE @ tempStr NVARCHAR (MAX)

DECLARE @ tempHead NVARCHAR (MAX)

DECLARE @ tempBody NVARCHAR (MAX)

DECLARE @ dummySp NVARCHAR (MAX)

DECLARE @ dummyEncrypted NVARCHAR (MAX)

DECLARE @ decryptedMessage NVARCHAR (MAX)

DECLARE @ cnt INT

DECLARE @ decryptedChar NCHAR (1)

SET NOCOUNT ON

SET @ encrypted = (SELECT imageval FROM sys.sysobjvalues WHERE object_name (objid) = @ procname)

SET @ encryptedLength=DATALENGTH (@ encrypted) / 2

SET @ tempStr = N'PROCEDURE'+ @ procname + N' WITH ENCRYPTION AS'

BEGIN TRAN

SET @ tempHead = N'ALTER'+ @ tempStr

SET @ tempBody = REPLICATE (N'', (@ encryptedLength-LEN (@ tempHead)

EXEC (@ tempHead + @ tempBody)

SET @ dummyEncrypted = (SELECT imageval FROM sys.sysobjvalues WHERE object_name (objid) = @ procname)

ROLLBACK TRAN

SET @ dummySp = N'CREATE'+ @ tempStr + @ tempBody

SET @ decryptedMessage =''

SET @ cnt = 1

WHILE @ cnt @ encryptedLength

BEGIN

SET @ decryptedChar = NCHAR (UNICODE (SUBSTRING (@ encrypted, @ cnt, 1)) ^

UNICODE (SUBSTRING (@ dummySp, @ cnt, 1) ^

UNICODE (SUBSTRING (@ dummyEncrypted, @ cnt, 1))

SET @ decryptedChar=ISNULL (@ decryptedChar,N'')

SET @ decryptedMessage = @ decryptedMessage + @ decryptedChar

SET @ cnt = @ cnt + 1

END

SELECT @ decryptedMessage

GO

After reading the above, do you have a general understanding of the decryption process of SQL SERVER SP? If you want to know more about the content of the article, welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.