SAP Business one

Help me solve the problem of SAP B1. The problem is: SAP B1 contains company data, a user in the company, and how to modify the user name... I can already guess what this is about.

I have never been familiar with SAP B1 before, so it takes a little time to find and download. ftp2 only has minisap 6.1, which is too old. It is second only to the SAP Business One 2005b (Chinese version 7.0) they are using ). This resource seems to be hard to find on the Internet, and finally we can find one on a network disk (qudisk. Later, when I was looking for a reference book, I accidentally found that a preloaded version (the so-called preview version) exists in the CD attached to a book, but the function is limited. Thanks to the CD image retrieval system of the library.

My sister gave a backup file of MB without a suffix. I don't know how to back up and restore it. I am sorry to ask, but I can only think about it myself. The backup and recovery functions in SAP B1 are not very similar. Then I tried to open it in the binary Editor, hoping to see some clues, but it was useless.

During the process of tossing sap B1, I learned something about it. The backend storage of this item depends on the database, and the front end is a shell. After the installation of the back-end SQL Server 2000 in the SBO-COMMONS and sbodemo_china two databases, are SBO global configuration information and "Beijing Haicheng Electronics Company" information.

Then we can naturally guess that this file may be a backup of the database. Database Backup can be either a backup of an SQL file or a private binary format. Let's test it. Back up sbodemo_china as a file. I already know when the backup is complete, because the file size is basically the same. The magic number in the file header is tape, which is consistent with that in the original file. The guess is basically correct.

Create a new database and restore the backup data. The table structure is consistent with that of sbodemo_china. The speculation is verified.

The remaining question is how to establish a company's connection with this database. Direct speculation is (Company, Database Name) the relationship should be stored in the SBO-COMMONS database, the table in this database is not much, one by one to see it. It is easy to find that the DBO. srgc table exists. From the disorganized table names, it is obvious that obfuscation is performed.

If you create a new one (or modify the existing one), you can log on to the company from SBO, and the database is recovered.

Once you know where the corresponding relationship is managed, you can perform a variety of operations. For example, you can move the data of a company to another company, as long as you switch between two databases.

There are a lot of methods for dumping data. The "Enterprise Manager" provided by SQL Server provides the data import and export function, or you can back up a database as a file (binary or SQL) then it is restored to another database.

The next problem is to change the user name. We can guess that since all the information of a company is stored in the database of this company, user information must also exist somewhere. Continue to start from sbodemo_china, after expanding the database I dumb eye, 960 tables, table names have also done obfuscation processing, there is no way to check one by one like the SBO-COMMONS.

The method I came up with later was to view the sbodemo_china logs, and the Microsoft should be shut down (well, I am saying that I am not very kind to the east house before ..), LDF file format is closed. Google's third party tool is terrible.

Then try whether the new version of SQL Server can provide similar functions, using SQL Server 2008 R2 Express. By the way, when managing studio is connected, the server must enter (local) \ sqlexpress, that is, the host and SQL instance must be specified at the same time.

Google again, find the SQL Server unmarshented command, DBCC. To put it bluntly, unauthenticated ented means that Microsoft does not need to provide support services for these commands, and can freely toss these commands, including removing them in the next version at any time.

The syntax is DBCC log (sbodemo_china, 3). The first parameter is DB-name, and the second parameter is Info-level. For more DBCC functions, please google.

Then, enable SBO and log on with a single user. During the logon process, SBO will always come to the database to save the user's table for a look. Indeed, the last few logs are Access Named DBO. ousr table. You can find the name.

The field names in this table are not obfuscated, as before. From the field name and existing user information, it is easy to understand what each field means. Modify the user name directly here. user_code is the login user name, And u_name is the display user name.

 

So far, the goal has been achieved, but I still can't help worrying about the password field next to it. After the password field, there are password1 and password2 .. Maybe it's the historical design. When I change the password in SBO, the value here is changed. What is the corresponding relationship? I cannot see it in my eyes. I may need to reverse the SBO main program, see how passphrase transforms the key string here. This process is standard (see previous blog posts), such as PKCS #5. But to be honest, I do not have much hope for the security awareness and security capabilities of IT practitioners. In the past, csdn was exposed to brute-force databases, and users' passwords were saved in plain text. In addition, a product of QQ claimed that the passwords they saved were encrypted by MD5 in the product introduction and sighed.

Although you do not know the transformation process without reverse engineering, and even if you know it, you may not be able to crack the password of a user (for example, in a certain step of the transformation process, the cryptographic hash function, such as SHA-1 ), we can still note that the (changed) password stored by SBO is only related to the user's passphrase (nonsense, of course). So, substitution attack (replay attack in a sense) can replace the password of a user.

In practice, this SBO design does not introduce too many security risks (SBO needs to be modified. ousr, it is better to directly modify other libraries), but it may still cause problems in some scenarios. For example, a company's ERP system uses SBO, but the database is not well protected. After attackers break the database server, they can modify the password of a user and then use the user account to log in, perform Various destructive operations, then restore the password and clean the site (mainly to clean the SQL server logs ). This precise attack frame is very lethal. Compared with modifying the database directly, this attack can be used to modify the semantics, that is, modification with SBO significance, such as modifying the inventory of a product. If you want to directly modify the database, you need to first reverse obtain how the inventory is saved in the database, which is too heavy.

 

After the record is complete, let me talk about myself again. Because of this girl's big ups and downs, sometimes melancholy and sometimes ecstasy, you can beat her for two days. You are infatuated with the flow of eyes, may have been a moment for you to stay. Don't you hear the buddhist saying that, if you have any, you are bitter. If you do not have any, you are happy.