Midnight Bells
江民炸弹很霸道,不过了解其原因也就轻松易懂了! Jiangmin bomb is overbearing, but also easy to understand to understand the reason for it! 我来告诉你,很简单! I'll tell you, is very simple! ! ! ! ! ! ! 如果细细看了说明就会操作易玩,而且是一个超重量级的炸弹,其结果就是导致不能开机,任何系统都不能启动啊! If you carefully read the operating instructions will be easy to play, but a super-heavyweight bomb, the result is leading to not boot, any system can not boot ah! 就算你有超级保镖一类的东东都不能用了! Even if you have a class of super-bodyguard can not stuff it! 也就是说基本上就只有买硬盘了,所以你用时也一定不要太霸了,以免引起别人的烦恼。 That is basically only buy a hard drive, so when you use must not be too Pa, and to avoid other people's troubles.
软件下载解压后共有4个文件,两个zip(压缩包).两个是应用程序,其中,rescue.exe你一定能看到,这个是修复文件,下面会有介绍,一会再说。 Software download file decompression after a total of four, two zip (compressed). Two is the application which, rescue.exe you will be able to see this is to repair the file, the following will be introduced, one will say. 还有一个是readme.exe。 There is another readme.exe. 如果你有兴趣也可以直接去看一下。 If you are interested can also take a look. 这个是没关系的。 This is okay.
关键在于别外两个解压包里,一个会解出名字为JMBS.这个最好不要点,如果你一点就会中江民。 Lies outside the two do not extract the bag, a name will be solved as JMBS. This is best not to point, if you point it in Jiangmin. 结果是你会无法再启动你的系统,也就是说你的硬盘被锁定了,不能再运行。 The result is you will not be able to boot your system, meaning that your hard drive is locked and can no longer run. 你应该先去拿一张空白的1.44MB软盘,插入软驱,然后运行rescue.exe。 You should pick up a blank 1.44MB floppy disk, insert the floppy drive, then run rescue.exe. 显示OK之后。 OK after the show. 你就有了一张解江民炸弹的软盘,也可以说是江民的启动盘了。 You have a floppy disk bomb Jiangmin a solution, it can be said Jiangmin boot disk.
如果你确定现你已经把上面的步骤一步不漏的全做完了,你就可以放心大胆的去做你想做的事了,先试试看看是不是真的能解江民炸弹,呵呵。 If you are sure you have the steps above step does not leak all done, you can rest assured that you want to do bold things, first try to see if they really understand Jiangmin bomb, huh, huh. 如果不能解也没关系,再到网吧或朋友家里再做一张启动盘,回来再试试能不能解,还有,你会发现那张启动盘上会是什么也没有,像空的一样,不用担心。 If you can not understand it does not matter, then do an Internet cafe or friends home boot disk, back then if you can understand, there are, you will find the boot disk goes, what would not, as empty as not worry about. 就是这样的! Is so! 呵呵 Oh
附: With:
关于kv300逻辑炸弹模拟程序的重要说明 Simulation program for logic bombs kv300 important notes
一.kv300逻辑炸弹事件来龙去脉: One. Kv300 logic bomb context:
1997年6月24日王江民先生在其主页上发布了kv300l++版,内含逻辑炸弹。 June 24, 1997 Mr. Wang Jiangmin released on its home page kv300l + + version includes a logic bomb. 凡是在mk300v4制作的仿真盘(盗版盘)上执行kv300l++的用户硬盘数据均被破坏,同时硬盘被锁,软硬盘皆不能启动。 Those who drive the simulation production in mk300v4 (pirated disc) kv300l + + running on the user's hard disk data were destroyed, while the hard disk is locked, soft and hard are not started. 从网上的求救信息可以看到,包括在校大学生的毕业论文被破坏,kv300的代理商的电脑遭到破坏,求救的人不计其数(网上的求救信息并不能作为证据,因为不能排除有人误判断及有假消息)。 From the online help information can be seen, including college students thesis is destroyed, kv300 the destruction of the agent's computer, help countless people (online help information and not as evidence, because we can not rule out wrong judge and a fake message). 从常规上可做推断:kv300当时至少有几十万正版用户,盗版用户可能远远大于这一数字,可见此逻辑炸弹的影响之大。 Inferred from the conventional to do on: kv300 at least hundreds of thousands of legitimate users, pirates may be far greater than this figure, showing the impact of this great logic bomb. 首先王江民不是执法者,无权对盗版用户进行打击,另外,被打击对象也不应该是用户,而应该是制作盗版的厂商。 First wangjiangmin not law enforcement, the user has no right to fight against piracy, the other, should not be targeted by the user, but should be made piracy vendors.
1997年9月8日,公安部门认定kv300L++事件违反计算机安全保护条例之23条,对其做出罚款3000元的决定! September 8, 1997, the public security department as kv300L + + event of breach of computer security protection regulations 23, a fine of 3,000 yuan for its decision to make!
二.江民炸弹模拟程序 Two. Jiangmin bomb simulation program
Kv300逻辑炸弹可以造成电脑软硬盘都不能启动的现象,当时在电脑届引起轰动。 Kv300 computer software logic bombs can cause hard drive can not start the phenomenon, then stir in the computer session. 这是用常规原理不能解释的现象,当时各大网站及各bbs都做了详细的讨论,有人提到这是微软操作系统的缺陷所至,但本人并没有看到能够非常清楚的原理解释。 This is the conventional theory can not explain the phenomenon, when the major sites and the bbs have done a detailed discussion, it was mentioned that this is Microsoft's operating system defect actions, but I can not see very clearly the principles of interpretation. 于是本人对其进行了深入的研究,发现了最少只需要修改分区表两个字节即可使微软的操作系统启动读硬盘时死锁。 So I was carried out in-depth study found that only need to modify at least two bytes of the partition table to make Microsoft's operating system can read the hard drive boot deadlock. 当时在不少bbs,网站发表文章详细论述了此现象的原理。 Was in a lot of bbs, website published an article discusses in detail the principles of this phenomenon. Kv300作者在这之后,刻意美化自己的行为,后来kv300获得巨大成功后记者对其的采访更证实了这一点,王江民说罚款3000元算什么,起到了比30万元广告更大的宣传作用,使kv300的正版用户的超过了100万(见“计算机世界”文章—王江民传奇)。 Kv300 author after this, deliberately beautify their actions, then kv300 reporters after the huge success of their interview even confirmed this, said the fine of 3,000 yuan Wang Jiangmin What kind of, played more than 30 million yuan advertising advocacy role, so that legitimate users kv300 more than 100 million (see "Computer World" article - wangjiangmin legend).
本人为了探讨和演示江民炸弹的原理,以及揭露kv300的行为,于1997年11月1日编写了江民炸弹模拟程序。 I have to explore and demonstrate the principles of Jiangmin bombs, and to expose kv300 behavior, in November 1, 1997 prepared Jiangmin bomb simulation program.
作为演示程序此程序和kv300的逻辑炸弹有很大的区别,以下为对比: kv300逻辑炸弹: As a demo of this program and kv300 logic bombs are very different, the following comparison: kv300 logic bomb:
1. 1. 先破坏文件分配表,然后修改分区表造成硬盘被锁。 First destroy the file allocation table, and then modify the resulting hard disk partition table is locked. 2. 2. 不做任何备份3. Do not do any backup 3. 没有任何提示4. No prompt 4. 在特定条件下激发(盗版盘) Under certain conditions, stimulate (pirated disc)
5. 5. 王江民始终没有公开提供恢复程序;6. Wangjiangmin recovery process has not publicly available; 6. 如果用一般常用的修复磁盘工具,如NORTON,会造成不可逆转的损失; If the repair disk with commonly used tools such as NORTON, will cause irreversible damage;
7. 7. 对其的恢复类似于cih破坏数据的恢复,因为需要重建分区表。 Damage similar to cih its recovery data recovery, because the need to rebuild the partition table.
8. 8. 在win95环境下执行同样会造成文件分配表被破坏,数据损失。 In the win95 environment, the implementation will also result in the file allocation table is damaged, the data loss.
江民炸弹模拟器: Jiangmin bomb simulator:
1. 1. 对数据没有任何破坏,只修改分区表,演示硬盘死锁现象。 No damage to data, only modify the partition table, demonstrate hard deadlock. 2. 2. 修改之前对原分区表做备份. Modify the partition table before doing a backup of the original.
3. 3. 显示硬盘已被lock. 4. Shows the hard disk has been lock. 4. 用户在知情的情况下主动使用,对于使用软件的结果(执行后锁住电脑,可以解锁)非常清楚。 Users active in the informed use of the results for the use of software (executed lock the computer, you can unlock) is very clear.
5. 5. 配套解锁程序。 Complete unlock procedure. 6. 6. 不存在此问题。 This problem does not exist. 7. 7. 恢复非常简单,安全可靠。 Recovery is very simple, safe and reliable. 8. 8. 在win95环境执行本程序毫无作用。 In the win95 environment, the implementation of this program to no avail.
本人在编写此程序时,非常充分的考虑了安全性: I am writing this program, very good security in mind:
1. 1. 本软件发布时是一个jmbs.zip文件,解开后是3个文件: jmbs.arj ,readme.exe ,rescue.com加锁程序不能立即执行,需要再次解压缩后才能执行,目的是让用户先执行说明文件和解锁盘制作程序。 This software release is a jmbs.zip file, after a three unlock files: jmbs.arj, readme.exe, rescue.com lock program can not immediately required to perform again after decompression, the purpose is to allow users to first documentation and the implementation of the production process to unlock drive. 在readme中有操作的详细说明和本人的详细联系方法。 In operation in the readme for details and my contact details.
2. 2. 加锁程序执行时对分区表自动做了备份,备份在硬盘的空闲扇区(考虑到备份在软盘上,软盘有可能损坏或遗失). Program execution lock automatically when the partition table to do a backup, backup hard drive's free sector (taking into account the backup on a floppy disk, floppy disk may be damaged or lost).
3. 3. 加锁程序在执行时会显示本人的真实的e-mail及bp的号码,目的是为了防止万一别人用其作了坏事,受害人可以联系本人。 Lock in the implementation of the program will show my real e-mail and bp numbers, the purpose is to prevent its use in case someone made a bad thing, the victim can contact me. 事实上当时的情况下不存在将此程序作为特罗伊木马程序在网络上散布的可能性,因为当时的最新及主流操作系统是win95,在win95环境下,模拟器完全不起作用。 Fact, the circumstances do not exist as Troy Trojans this program on the network the possibility of spread, because it was the latest and the mainstream operating system is win95, in the win95 environment, the simulator does not work completely. 用户要演示逻辑锁现象,必须重新启动系统到纯dos方式,所以误操作的可能性很小。 The user logic to demonstrate the phenomenon of lock, you must restart the system to a pure dos mode, so the possibility of misuse is small. 曾有用户与本人联系,建议将其修改成可以在win95下运行,方便运行,考虑到安全问题,本人对此建议没有采纳. I had contact with the user, it is recommended to be modified to run in win95, convenient operation, taking into account security issues, I did not adopt this proposal.
4. 4. 由于此逻辑锁现象是微软操作系统的bug所至,一般需要修改操作系统的io.sys才能使系统启动,这样的操作非常复杂,需要多个步骤。 Because this phenomenon is the logical lock bug in Microsoft's operating system actions, and generally need to modify the operating system io.sys to make the system start, this operation is very complex, requiring multiple steps. 本人经过仔细考虑,编写了一个特殊的引导程序作为解锁程序,由于引导程序是引导操作系统的,在操作系统加载前执行,不受操作系统bug影响。 After careful consideration, I prepared a special program as a guide to unlock the program, because the boot process is to guide the operating system, load the operating system before the execution, regardless of the operating system bug affected. 执行rescue程序即可生成解锁盘,用此盘启动,系统立刻解锁。 Perform rescue program to generate unlock the plate, start with this disc, the system immediately unlock.
5. 5. 为了防止有人篡改本人的程序,造成不良后果,所以对文件作了压缩加密处理,用王全国编写的可执行压缩工具--zlite对文件进行了压缩,选择zlite是因为它没有提供相应的解压缩程序,防止jmbs.exe被人反汇编。 In order to prevent people from tampering with my program, resulting in adverse consequences, so compressed files were encrypted, compressed executable written with Wang Quanguo tools - zlite compressed the file, select zlite because it does not provide the appropriate decompression procedures to prevent jmbs.exe being disassembled.
6. 6. 此程序编写完成后,为了保证其安全性,在自己的电脑,以及同学,朋友的各种电脑上做了反复测试,确保没有问题。 This programming is completed, in order to ensure their safety in their own computers, as well as classmates, friends, doing a variety of repeated tests on the computer, make sure there is no problem.
在经过对安全问题的仔细的考虑及测试后,本人将此程序上传到当时上海热线的一个栏目—电脑之家,经webmaster同意放在了软件下载区,并根据本人要求,用红色高亮度字体显示请一定要先仔细看readme再操作! After about security issues after careful consideration and testing, I uploaded to this program was a part of Shanghai Hotline - Diannaozhijia, agreed by the webmaster on the software download area, and according to his own request, with the red high-brightness font, please be sure to carefully read readme before operation! 当时网上正对kv300L++的事件大讨论,本人的程序受到了一定程度的欢迎,在本人的程序发布以后,并没有毁坏用户数据的情况发生。 At that time online is an event of kv300L + + great debate, my process has been a degree of welcome, after the release of my program, and did not destroy user data to happen. 有不少用户和本人联系,探讨原理。 I have a lot of users and contacts to explore the theory. 并有不止一人将其用于保护计算机数据,曾有一为网友称其单位的电脑常被其他人偷偷使用,造成数据丢失或感染病毒,非常头痛,自从用了本人的程序,下班将电脑加锁,上班再解锁,从此电脑非常安全。 And there is more than one person to be used to protect computer data, there was a call for the unit of computer users often use other people secretly, resulting in data loss or infection, headache, since the use of my program, lock the computer work , and then unlock to work, since the computer is very safe.
随着时间的流逝,kv300L++事件被人淡忘,本人编写的模拟程序也很少有人再提起。 Over time, kv300L + + event is forgotten, I rarely write the simulation program was reinstituted. 过了一年半的时间,1999年5月本人突然收到一些求救信,说执行了别人发的e-mail中的附件happy2000.exe (其实是本人的加锁程序被修改了名字),电脑不能启动,向本人求救,本人立刻向其发送了解锁程序。 After a year and a half, suddenly in May 1999 I received the letter for help, saying that someone else made the implementation of the e-mail attachments in happy2000.exe (in fact, my lock is changed to the name), the computer not start, help to me, I immediately send the unlock procedure. 然而我觉得非常奇怪,本人的程序是不能在win95下执行的。 However, I find it very strange, my program is not running under win95. 经过仔细研究发现,win95的升级版本win98取消了win95的禁止写分区表的功能,同时即使bios的保护分区表功能打开也不起作用。 After careful study, win95 win98 upgrade version lifted the prohibition win95 function to write the partition table, and even if the bios of the protection function to open the partition table does not work. 对于微软的这一项不可理解的升级举动本人实在无法预料。 For Microsoft to upgrade this one incomprehensible act I really can not predict. 当即本人在本人的网站上发表了郑重声明,谴责将本人的软件用于破坏目的,同时请受害人到本人网站下载解锁程序,并请互相转告。 In my website I immediately made a solemn declaration on condemning the destruction of my software for the purpose, and requested the victim to unlock the program I downloaded, and please Huxiangzhuangao. 并同时在各大bbs发表。 And also published in the major bbs. 凡是向本人发求救信的人,本人均向其发送了解锁程序,并向其详细说明了情况。 I sent the letter to help all people, the person to send the unlock procedure, to the detailed description of the situation.
最近一段时间,又出现了不少求救的信件,本人均对其进行了详细的回答,并提供解锁程序。 Recently, there was a lot of letters for help, the person to answer them in detail and provide unlock the program. 同时对所能看到的网站上的求救信息,给与解答。 At the same time can see the information on the site help to give answers. 并在网易bbs上又写了一份详细的说明。 And on Netease bbs wrote a detailed description.
近日,公安部门(计算机安全监察处)找本人调查情况,据公安人员所说情况:最近有很多人电脑被锁,并向kv300作者王江民求援,王江民以不是kv300逻辑炸弹造成的为由,不予解锁。 Recently, the public security departments (Computer Security Supervision Department) to find my investigation, according to security officials said the situation: Recently, many people the computer is locked, to kv300 author wangjiangmin help, wangjiangmin not kv300 logic bomb to cause the ground, not unlock. 并向公安部门举报,并表示要控告本人。 To the public security department and said I should sue. 公安部门对此事很重视。 Public security departments on the matter very seriously.
本人认为有必要对整个事情做一个澄清。 I consider it necessary to make a clarification on the whole thing. 因此经过仔细回忆,写了以上内容。 Therefore, careful memories, written above.
据本人所知,电脑被锁的有两种情况: As far as I know, the computer is locked, there are two cases:
1. 1. 有人将本人的模拟程序修改了名称,如happy2000.exe ,game.exe等等,放在e-mail中发送诱骗他人执行。 Some people I have modified the name of the simulation program, such as happy2000.exe, game.exe, etc., on the e-mail sent to trick others to implement.
2. 2. 首先发送远端控制黑客程序使别人感染,然后通过网络控制别人的电脑,发送并执行加锁程序。 The first hacker to send remote control program that infected people, and control other people's computers through the network, send and execute the locking process.
对于第一种情况,属于欺骗行为,诱使别人执行加锁程序。 In the first case, are fraud, induce others to perform locking procedure. 对于第二种情况,属于黑客入侵行为,强迫别人执行加锁程序。 For the second case, part of the hacker intrusions, forcing others to perform locking procedure.
本人认为,本人的软件被破坏了完整性,并且用诱骗和强迫手段使别人的电脑被锁,这是一种违法行为,责任应有肇事者承担。 I think I damaged the integrity of software and tools used to trick and forced to make someone else's computer is locked, it is an offense, the perpetrators should bear the responsibility.
可以用这样的比喻:本人造了一把锁,锁上有钥匙,有人用此锁在未经别人许可的情况下锁住别人的家门,并取走了钥匙,致使别人不能打开家门,这个责任由谁来负? You can use this analogy: The man had a lock, a key lock, this lock was used without other people permission to lock someone else's house and took away the key, resulting in others can not open the door, this responsibility who is?
请各位网友对此事发表看法。 Users please comment on the matter.
请各位网友将此文广为转发,警告现在还在干坏事的人尽快收手,并请被锁之人到本人网站下载解锁程序,如有问题,和本人联系,我愿提供最大可能的援助! Friends will please forward this article widely, warnings are still people who do bad things as soon as possible close hand, and asked the person to be locked, I unlock program download, subject to the problem, and I should contact, I would like to provide the maximum possible assistance! 人网站:http://sodoo.126.com People sites: http://sodoo.126.com
Tidak ada komentar:
Posting Komentar