[群联]PS2251 Linux加锁解锁程序 [复制链接]

昨天把加解锁的scsi io数据分析出来了
今天搞了个linux版本的加锁解锁程序~

很简单主要涉及几个自定义命令，有查询写保护、查询设备密码状态和加密状态、清除密码、设置密码、解锁等

有意思的是，其中一个命令是设置当前失败次数，所以6次格式化优盘这个限制，本质上是软件限制的，而不是硬件限制的。

有没有感兴趣的，等我做完放上来哈，先贴部分实验代码



void ScsiUnlockFlashDrive(int fd, char *pwd)
{
    struct sg_io_hdr * p = InitScsiIoHdr();
    unsigned char cdb[12];
    int ret;

    SetScsiDataBuffer(p, ScsiDataBuffer, 0x200);
    SetScsiSenseData(p, ScsiSenseBuffer, 24);
    memset(ScsiDataBuffer, 0, 0x200);
    strncpy(ScsiDataBuffer, pwd, 16);

    memset(cdb, 0 ,sizeof(cdb));
    cdb[0] = 0xe;
    p->dxfer_direction = SG_DXFER_TO_DEV;
    p->cmdp = cdb;
    p->cmd_len = sizeof(cdb);

    ret = ioctl(fd, SG_IO, p);
    if (!ret)
    {

    }
    else
    {
        printf("ScsiUnlockFlashDrive ioctl failed %d\n",errno);
    }

    DestroyScsiIoHdr(p);
}

void ScsiFlashDrivePwdErrorCnt(int fd, unsigned char count)
{
    struct sg_io_hdr * p = InitScsiIoHdr();
    unsigned char cdb[12];
    int ret;

    SetScsiDataBuffer(p, ScsiDataBuffer, 0x200);
    SetScsiSenseData(p, ScsiSenseBuffer, 24);
    memset(ScsiDataBuffer, 0, 0x200);
    ScsiDataBuffer[0] = count;

    memset(cdb, 0 ,sizeof(cdb));
    cdb[0] = 6;
    cdb[0] = 6;
    p->dxfer_direction = SG_DXFER_TO_DEV;
    p->cmdp = cdb;
    p->cmd_len = sizeof(cdb);

    ret = ioctl(fd, SG_IO, p);
    if (!ret)
    {

    }
    else
    {
        printf("ScsiFlashDrivePwdErrorCnt ioctl failed %d\n",errno);
    }

    DestroyScsiIoHdr(p);
}

void ScsiEraseFlashDrivePwd(int fd, char *pwd)
{
    struct sg_io_hdr * p = InitScsiIoHdr();
    unsigned char cdb[12];
    int ret;

    SetScsiDataBuffer(p, ScsiDataBuffer, 0x200);
    SetScsiSenseData(p, ScsiSenseBuffer, 24);
    memset(ScsiDataBuffer, 0, 0x200);
    strncpy(ScsiDataBuffer, pwd, 16);

    memset(cdb, 0 ,sizeof(cdb));
    cdb[0] = 0xe;
    cdb[2] = 1;
    cdb[3] = 0x55;
    cdb[4] = 0xaa;
    p->dxfer_direction = SG_DXFER_TO_DEV;
    p->cmdp = cdb;
    p->cmd_len = sizeof(cdb);

    ret = ioctl(fd, SG_IO, p);
    if (!ret)
    {

    }
    else
    {
        printf("ScsiEraseFlashDrivePwd ioctl failed %d\n",errno);
    }

    DestroyScsiIoHdr(p);
}

void ScsiSetFlashDrivePwd(int fd, char *pwd, char *newpwd, char *pwdtip)
{
    struct sg_io_hdr * p = InitScsiIoHdr();
    unsigned char cdb[12];
    int ret;

    SetScsiDataBuffer(p, ScsiDataBuffer, 0x200);
    SetScsiSenseData(p, ScsiSenseBuffer, 24);
    memset(ScsiDataBuffer, 0, 0x200);
    strncpy(ScsiDataBuffer, pwd, 16);
    strncpy(ScsiDataBuffer + 16, newpwd, 16);
    strncpy(ScsiDataBuffer + 32, pwdtip, 16);

    memset(cdb, 0 ,sizeof(cdb));
    cdb[0] = 0xe;
    cdb[2] = 1;
    p->dxfer_direction = SG_DXFER_TO_DEV;
    p->cmdp = cdb;
    p->cmd_len = sizeof(cdb);

    ret = ioctl(fd, SG_IO, p);
    if (!ret)
    {

    }
    else
    {
        printf("ScsiSetFlashDrivePwd ioctl failed %d\n",errno);
    }

    DestroyScsiIoHdr(p);
}

请登录后查看

请登录后查看

请登录后查看

请登录后查看