If you forget to restore the password of the wizard and install a new program, the software prompts you to restart the computer. At this time, don't click the "OK" button, and choose "Restart later". Then select "Restart the computer" in "Start → Shut down the system". At this time, be sure to hold down the Shift key, so that the computer will directly reload the system program, thus bypassing the protection of the restore wizard.

Method 2: Long-term solution

If you want to save your own files for a long time, you must uninstall the restore wizard or obtain the administrator password of the restore wizard. Uninstalling the recovery wizard is not difficult. There is a special program "Restore Wizard Eraser" on the Internet, which can directly erase the password of the restore wizard after running. However, it should be noted that it is dangerous to use this recovery wizard cleaner because the recovery wizard is an article made in the MBR, the most important master boot record of the hard disk.

Method 3: Use the initial password

The restore card has a default initialization password. If you haven't changed its default password at all, it will be much easier, because the default password of the recovery wizard is 12345678!

Method 4: Write the password.

When installing the restore wizard, there will be an auxiliary tool of the restore wizard, namely the password reading tool readpwd.exe provided by the manufacturer. You can also get the encrypted password of the restore wizard by running it, and the format is similar to this: [db] [b8] [5e] [79] [3e] [3b] [5e] [C5] [BD] [B2]. Send the encrypted password to this email address: info@yuanzhi.com.cn only.

So you don't need any software, you can get the password of the restore wizard with a few simple clicks! Conversely, anyone can get the password of the restore wizard in this way, including restricted users! So we should keep the password reader readpwd.exe, rename it, hide it or simply delete it.

Method 5: rewrite the main boot sector

The restore wizard will intercept the underlying function calls of the system and leave its own trace in the main boot area of the hard disk. The main boot area of the hard disk stores the main boot information and partition information of the system. Generally speaking, viruses are very interested in it. If we can get the Master Boot Sector (MBR) of the hard disk before the recovery wizard, then we can have the greatest management authority on the hard disk. In other words, we have "killed" the recovery wizard.

According to the above principle, rewrite the main boot sector with the fidisk/mbr command, and then restart the computer, so that the recovery wizard is gone.

Method 6: Use 16 binary file editor.

WinHex's memory search and editing function can help us find the password lost in the recovery wizard. The specific method is: right-click the recovery wizard icon in the lower right corner of the taskbar, select "parameter setting → change password" in the pop-up menu, enter the old password in the dialog box, and randomly fill in several numbers, such as123456; Enter a new password in the New Password box. Fill in 37 1042 randomly here, and click "OK" at last.

Because we randomly entered the password, the old password will not be correct. A dialog box will pop up, prompting that the password is incorrect. Be careful not to click the "OK" button. Run WinHex, 16 binary editor, click "RAM Editor" in the tools menu, and find "Main Memory" under Hddgmon in the open window. Hddgmon, this is the process of the recovery wizard.

Finally, click the "Search → Find Text" menu option in WinHex, and add your own random fake password 37 1042 in the opened window. Click "OK" and the real password will appear in front of us!

Principle: After entering the password, the software will calculate the real password through its internal predefined method and compare it with the entered password. The comparison process is carried out in memory. Because WinHex has excellent memory editing function, we can find them by searching input strings in memory. Generally speaking, the comparison between real passwords and fake passwords will be very close, so that we can find them easily.

Method 7: Use the password reading software of the restore wizard.

Through the sixth method, we can easily draw the conclusion that there is a loophole in the storage of plaintext password in the recovery wizard, and the password of the recovery wizard can be easily obtained by using the password reading software of the recovery wizard. The use of this software is very simple. Just open the "Change Password" window or "Check Administrator Password" window of the recovery wizard, and then click the "Read" button of the software. Without entering any password, the password will be automatically read from the memory of the recovery wizard.

Method 1: Use the initial password.

The recovery wizard has a default initialization password. If you didn't change its default password at all, it would be much easier, because the default password of the original wizard was 12345678, simple!

Method 2: Send a letter to the development company of the restore wizard to ask for the password.

When installing the restore wizard, there will be an auxiliary tool of the restore wizard, namely the password reading tool readpwd.exe provided by the manufacturer. You can also get the encrypted password of the restore wizard by running it in a format similar to this: [DR][W8][6n][D0][2L][IW][ ah] [KH] [3G] [9E], and send the encrypted password to this mailbox in :info@yuanzhi.com.cn. This does not require any software, just a few simple clicks to get the password of the restore wizard! Conversely, anyone can get the password of the restore wizard in this way, including restricted users! Therefore, everyone should keep the password reading tool readpwd.exe, rename it hidden or simply delete it, which will be much safer!

Method 3: rewrite the main boot sector

As we said before, the recovery wizard is a soft protection card, which will intercept the function calls at the bottom of the system and leave its own trace in the main boot area of the hard disk. The main boot area of the hard disk stores the main boot information and partition information of the system. Generally speaking, viruses are very interested in it. If we can occupy the Master Boot Sector (MBR) of the hard disk before the recovery wizard, then we can have the greatest management authority on the hard disk. In other words, we have "killed" the restoration elves.

According to the above principle, rewrite the main boot sector with fidsk/mbr command ("/mbr" is a hidden parameter of fidsk program, which can rewrite the main boot sector without changing the partition table structure), and then restart the computer, so that the recovery wizard is gone.

Method 4: Use WinHex, 16 binary file editor.

WinHex is an excellent 16 binary file editor, and its memory search editing function can help us find the password lost in the recovery wizard. The specific method is: Select "Parameter Settings → Modify Password" in the recovery wizard, and then fill in an original password, preferably this commonly used irregular password, and be sure to remember this password. Otherwise, don't click the "OK" button, run WinHex, 16 binary editor, click "RAM Editor" in the "Tools" menu, and find one in the open window under Hddgmon. Hddgmon is the process of restoring the wizard, and then click the "Search → Find Text" menu option in WinHex, and fill in the fake password you just changed in the open window. After clicking OK, the real password will appear nearby.

Principle: After we enter the password of the recovery wizard, the software will calculate the real password through its internal predefined method and compare it with the password you entered. This comparison process is carried out in memory. Because WinHex has excellent memory editing function, we can find them by searching input strings in memory. Generally speaking, the comparison between the real password and the fake password will be very close, so that we can find it.

Method 5: Use the recovery wizard to read the software password.

Method 4: It is not difficult for us to draw the conclusion that the restore wizard has loopholes in putting plaintext passwords in this memory. Taking advantage of this loophole, Guangwai Girl Network Group developed the password reading software of the restore wizard, which can easily obtain the password of the restore wizard. The use of this software is very simple. Just open the "Change Password" or "Check Administrator Password" window of the recovery wizard, and then you don't need to enter any data. Just click the "Read" button of this software, and the password will be automatically read from the memory of the recovery wizard.

In addition, most hacker websites provide such software tools, which are easy to find or download. A lot!

Method 6: Download and install the recovery wizard.

A simpler method, you just need to download different versions of the recovery wizard first, and then cover the installation software on the machine! The password after reinstall the system is 12345678. Of course, the requirements are higher than the original.

In addition, if you know assembly language, you can also use Debug to debug and break through the defense of restore wizard.

References:

/question/2226098.htm