Professional Documents
Culture Documents
Ora BBED 0a
Ora BBED 0a
pulate data at the Oracle Database block level. No need to say that it’s very powerful and also
extremely dangerous because you can corrupt data/header blocks. There’s an unofficial but very
comprehensive manual for BBED. It’s written by Graham Thornton. You can download it as PDF:
http://orafaq.com/papers/dissassembling_the_data_block.pdf
Before Oracle 11g, BBED object code is shipped but you need to compile it to be able to run it.
On 11g, the required files to compile BBED is not shipped. So you need to copy the following
files from an Oracle 10g home to Oracle 11g home:
$ORACLE_HOME/rdbms/lib/sbbdpt.o
$ORACLE_HOME/rdbms/lib/ssbbded.o
$ORACLE_HOME/rdbms/mesg/bbedus.msb
$ORACLE_HOME/rdbms/mesg/bbedus.msg
What will you do if you don’t have access to any Oracle 10g software home? As you know, Oracle
doesn’t provide link to download Oracle 10g anymore. You may open a service request and ask for
it, but there’s an easier way: You can get the required files by downloading the 10.2.0.5 patchset
from My Oracle Support. Download p8202632_10205_Linux-x86-64.zip, and then issue the
following commands (I assume that you have already set the oracle environment variables):
unzip -j p8202632_10205_Linux-x86-64.zip \
*/oracle.rdbms/10.2.0.5.0/1/DataFiles/filegroup48.1.1.jar -d /tmp
unzip -j p8202632_10205_Linux-x86-64.zip \
*/oracle.rdbms.util/10.2.0.5.0/1/DataFiles/filegroup6.1.1.jar -d /tmp
unzip -j /tmp/filegroup48.1.1.jar sbbdpt.o ssbbded.o -d /tmp
unzip -j /tmp/filegroup6.1.1.jar bbedus.ms* -d /tmp
cp /tmp/s*bd*.o $ORACLE_HOME/rdbms/lib
cp /tmp/bbedus.ms* $ORACLE_HOME/rdbms/mesg
unzip -j p8202632_10205_Linux-x86-64.zip \
*/oracle.rdbms/10.2.0.5.0/1/DataFiles/filegroup48.1.1.jar -d /tmp
unzip -j p8202632_10205_Linux-x86-64.zip \
*/oracle.rdbms.util/10.2.0.5.0/1/DataFiles/filegroup6.1.1.jar -d /tmp
unzip -j /tmp/filegroup48.1.1.jar sbbdpt.o ssbbded.o -d /tmp
unzip -j /tmp/filegroup6.1.1.jar bbedus.ms* -d /tmp
cp /tmp/s*bd*.o $ORACLE_HOME/rdbms/lib
cp /tmp/bbedus.ms* $ORACLE_HOME/rdbms/mesg
When the files are copied, you can compile bbed utility:
make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk \
BBED=$ORACLE_HOME/bin/bbed $ORACLE_HOME/bin/bbed
BBED tool will ask you password when you try to run it. It’s not hard to find if you can use GNU
debugger. You can even find it if you examine the strings in the file, but I see that it’s not a secret
and there are already websites telling the password so here it is: BLOCKEDIT
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
2.执行如下命令:
[oracle@DG ~]$ make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk BBED=$ORACLE_HO
ME/bin/bbed $ORACLE_HOME/bin/bbed
以下为执行命令后默认输出的
Linking BBED utility (bbed)
rm -f /u01/app/oracle/product/11.2.0/dbhome_1/bin/bbed
gcc -o /u01/app/oracle/product/11.2.0/dbhome_1/bin/bbed -m64
-L/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/
-L/u01/app/oracle/product/11.2.0/dbhome_1/lib/
-L/u01/app/oracle/product/11.2.0/dbhome_1/lib/stubs/
/u01/app/oracle/product/11.2.0/dbhome_1/lib/s0main.o
/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/ssbbded.o
/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/sbbdpt.o `cat
/u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11
-ldbtools11 -lclntsh `cat /u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags` -lncrypt11
-lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags`
-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lztkg11 -lztkg11 -lclient11 -lnnetd11
-lvsn11 -lcommon11 -lgeneric11 -lmm -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11
-lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `cat
/u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11
-lnro11 `cat /u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11
-ln11 -lnl11 -lclient11 -lnnetd11 -lvsn11 -lcommon11 -lgeneric11 -lsnls11 -lnls11 -lcore11
-lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11
-lclient11 -lnnetd11 -lvsn11 -lcommon11 -lgeneric11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11
-lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `cat
/u01/app/oracle/product/11.2.0/dbhome_1/lib/sysliblist` -Wl,-
rpath,/u01/app/oracle/product/11.2.0/dbhome_1/lib -lm `cat
/u01/app/oracle/product/11.2.0/dbhome_1/lib/sysliblist` -ldl -lm
-L/u01/app/oracle/product/11.2.0/dbhome_1/lib
3.登录,默认密码 blockedit,出现如下提示符安装成功
[oracle@DG ~]$ bbed
Password:
BBED: Release 2.0.0.0.0 - Limited Production on Sat Sep 8 15:29:28 2012
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
************* !!! For Oracle Internal Use only !!! ***************
Example#1-Changing Data
ROWID
------------------
AAASTyAAEAAAAivAAA
ROW_ID
------------------------------------------------------------
Row_id type is :1
Object# is :74994
Relative_fno is :4
Block number is :2223
Row number is :0
[oracle@DG ~]$ bbed parfile=bbed.par
Password:
BBED> set dba 4,2223
DBA 0x010008af (16779439 4,2223)
BBED> exit
SQL> commit;
Commit complete.
SQL> alter system dump datafile 4 block min 2218 block max 2225;
System altered.
.....省略.....
block_row_dump:
tab 0, row 0, @0x1f79
tl: 31 fb: --H-FL-- lb: 0x0 cc: 3
col 0: [17] 45 69 73 6e 68 74 20 45 69 73 6e 65 68 6f 77 65 72
col 1: [ 4] 31 39 35 33
col 2: [ 4] 31 39 36 31
tab 0, row 1, @0x1f5f
tl: 26 fb: --H-FL-- lb: 0x0 cc: 3
col 0: [12] 4a 6f 6e 68 20 4b 65 6e 6e 65 64 79
col 1: [ 4] 31 39 36 31
col 2: [ 4] 31 39 36 33
tab 0, row 2, @0x1f44
tl: 27 fb: --HDFL-- lb: 0x1 cc: 3
col 0: [13] 52 69 63 68 61 72 64 20 4e 69 78 6f 6e
col 1: [ 4] 31 39 36 39
col 2: [ 4] 31 39 37 34
end_of_block_dump
.....省略.....
定位数据块
BBED> set dba 4,2218 offset 0
DBA 0x010008aa (16779434 4,2218)
OFFSET 0
查找被删除数据
BBED> find /c Nixon
BBED-00212: search string not found
BBED> set dba 4,2219 offset 0
DBA 0x010008ab (16779435 4,2219)
OFFSET 0
dump 数据块内容
BBED> d /v dba 4,2223 offset 8116
File: /u01/app/oracle/oradata/oracle/users01.dbf (4)
Block: 2223 Offsets: 8116 to 8191 Dba:0x010008af
-------------------------------------------------------
4e69786f 6e043139 36390431 3937342c l Nixon.1969.1974,
00030c4a 6f6e6820 4b656e6e 65647904 l ...Jonh Kennedy.
31393631 04313936 332c0003 11456973 l 1961.1963,...Eis
6e687420 4569736e 65686f77 65720431 l nht Eisnehower.1
39353304 31393631 0206d148 l 953.1961..?H
根据下面内容可以得出:一个偏移量两个字节,而“4e69786f”是 8 个字节,所以一次想
跳 8 个字节,offset 一次偏移 4
BBED> d /v dba 4,2223 offset 8116
File: /u01/app/oracle/oradata/oracle/users01.dbf (4)
Block: 2223 Offsets: 8116 to 8191 Dba:0x010008af
-------------------------------------------------------
4e69786f 6e043139 36390431 3937342c l Nixon.1969.1974,
00030c4a 6f6e6820 4b656e6e 65647904 l ...Jonh Kennedy.
31393631 04313936 332c0003 11456973 l 1961.1963,...Eis
6e687420 4569736e 65686f77 65720431 l nht Eisnehower.1
39353304 31393631 0206d148 l 953.1961..?H
找到块头
BBED> d /v dba 4,2223 offset 8104
File: /u01/app/oracle/oradata/oracle/users01.dbf (4)
Block: 2223 Offsets: 8104 to 8191 Dba:0x010008af
-------------------------------------------------------
3c02030d 52696368 61726420 4e69786f l <...Richard Nixo
6e043139 36390431 3937342c 00030c4a l n.1969.1974,...J
6f6e6820 4b656e6e 65647904 31393631 l onh Kennedy.1961
04313936 332c0003 11456973 6e687420 l .1963,...Eisnht
4569736e 65686f77 65720431 39353304 l Eisnehower.1953.
31393631 0206d148 l 1961..?H
再次确认被删除数据位置
BBED> p kdbr
sb2 kdbr[0] @118 8057
sb2 kdbr[1] @120 8031
sb2 kdbr[2] @122 8004
BBED> p *kdbr[0]
rowdata[53]
-----------
ub1 rowdata[53] @8157 0x2c
BBED> p *kdbr[1]
rowdata[27]
-----------
ub1 rowdata[27] @8131 0x2c
BBED> p *kdbr[2]
rowdata[0]
----------
ub1 rowdata[0] @8104 0x3c
恢复删除数据
BBED> modify /x 2c offset 8104
Warning: contents of previous BIFILE will be lost. Proceed? (Y/N) y
File: /u01/app/oracle/oradata/oracle/users01.dbf (4)
Block: 2223 Offsets: 8104 to 8191 Dba:0x010008af
------------------------------------------------------------------------
2c02030d 52696368 61726420 4e69786f 6e043139 36390431 3937342c 00030c4a
6f6e6820 4b656e6e 65647904 31393631 04313936 332c0003 11456973 6e687420
4569736e 65686f77 65720431 39353304 31393631 0206d148
生效恢复
BBED> sum dba 4,2223
Check value for File 4, Block 2223:
current = 0xcfd0, required = 0xcfc0
再次 dump 数据块确认成功
BBED> d /v dba 4,2223 offset 8104
File: /u01/app/oracle/oradata/oracle/users01.dbf (4)
Block: 2223 Offsets: 8104 to 8191 Dba:0x010008af
-------------------------------------------------------
2c02030d 52696368 61726420 4e69786f l ,...Richard Nixo
6e043139 36390431 3937342c 00030c4a l n.1969.1974,...J
6f6e6820 4b656e6e 65647904 31393631 l onh Kennedy.1961
04313936 332c0003 11456973 6e687420 l .1963,...Eisnht
4569736e 65686f77 65720431 39353304 l Eisnehower.1953.
31393631 0206d148 l 1961..?H
查询表,数据成功恢复
SQL> alter system flush buffer_cache;
System altered.