Jump to content
Sign in to follow this  
JohnJohnson

Register Value Decrypting

Recommended Posts

JohnJohnson

Hi all, 

I am fairly new to AutoIt and still experimenting with it. Now I've learned a lot by just surfing the forums and Google for the things I could not cipher out myself. 

But now I really need help on something. Let me explain the situation.

I've wrote a script that encrypts a string and then writes it in the register. Now I want to read that entry and decrypt it. With _Crypt_DecryptData this does not work.

Local $regread          = RegRead("HKCU\Software\Example", "VALUE")
        Local $sUserKey         = "YourPasswordHere"
        Local $decrypted        = _Crypt_DecryptData(String($sData), $sUserKey, $CALG_AES_256)
        Local $Value            = BinaryToString($decrypted)    
        Local $ValueCode        = "YourOriginalValueHere"
        If $Value = $ValueCode Then
                   MsgBox( 64, "Correct!", "The values are identical!")

                Else 
                   MsgBox( 64, "Fail", "The values are not identical! Error:"&@error&"")

Could you point me to the right directions? Or maybe tell me what I am doing wrong. Or help me out of my dreams and tell me this is impossible! 

Thanx in advance!

Share this post


Link to post
Share on other sites
Unc3nZureD

maybe

_Crypt_DecryptData($regread, $sUserKey, $CALG_AES_256)

?

Since $sData isn't even declared (probably you forgot to change it)

Share this post


Link to post
Share on other sites
JohnJohnson

Right, maybe i typed it wrongly in the example script. But even as the way you describe it, It doesnt decrypt right.

I've also tested if i change the $regread to $regread = RegRead(), it gives the same output as $regread = RegRead("HKCUSoftwareExample", "Value"). So it looks like the function _Crypt_DecryptData reads $regread as RegRead() and that isn't working within the function. 
 

But to store the value in a ini file or put it in the code, beats my intention of reading the register in the first place. So maybe someone has a better idea?

Share this post


Link to post
Share on other sites
Unc3nZureD

Areyou sure that the registry you want to read exists?

Share this post


Link to post
Share on other sites
JohnJohnson

Positive, if i let the script write it in a ini file the right value is displayed in the ini file. Does it work for you then? Because i thought maybe it has something to do with admin rights, but that is not the case either. Because if that was the case then the right value would not be written in the ini file, or what file soever.

[btw, with the right value, i mean the value that is displayed in the register.]

Edited by JohnJohnson

Share this post


Link to post
Share on other sites
0xdefea7

Your code is horribly formatted for this post, looks like a snippet of a much larger script. Also, it is not even able to run. You really should provide a reproducible script for others to help with. Here is working code, you should use _Crypt_DeriveKey():

#include <Crypt.au3>

_Crypt_Startup()
$sPassword = _Crypt_DeriveKey("YourPasswordHere", $CALG_AES_256)
RegWrite("HKCU\Software\Example", "VALUE", "REG_SZ", _Crypt_EncryptData("YourOriginalValueHere", $sPassword, $CALG_AES_256))
_Crypt_DestroyKey($sPassword)

DecryptData()

Func DecryptData()
    Local $regread = RegRead("HKCU\Software\Example", "VALUE")
    Local $sUserKey = _Crypt_DeriveKey("YourPasswordHere", $CALG_AES_256)
    Local $decrypted = _Crypt_DecryptData($regread, $sUserKey, $CALG_AES_256)
    Local $Value = BinaryToString($decrypted)
    Local $ValueCode = "YourOriginalValueHere"
    If $Value = $ValueCode Then
        MsgBox(64, "Correct!", "The values are identical!")
    Else
        MsgBox(64, "Fail", "The values are not identical! Error: " & @error)
    EndIf
EndFunc   ;==>DecryptData

Share this post


Link to post
Share on other sites
JohnJohnson

Im sorry, I will do that the next time. Thanks for the tip! I will try your code right now and get back to this thread when it is solved for me or not. Thnx in advance

Share this post


Link to post
Share on other sites
JohnJohnson

For some reason, everytime I use a variable within the function _Crypt_decryptData() it is not working, but if i put in the right values within brackets it is working.. I have to do this with the value that needs to be decrypted and the password that is used to decrypt it. Anyone has a clue why this is?

Share this post


Link to post
Share on other sites
0xdefea7

The code I posted works just fine. If you adjust your code to match, it should work correctly. Would you please post your updated code that you are having trouble with?

Share this post


Link to post
Share on other sites
JohnJohnson

I have copy-pasted your code and tested it, but i get the

MsgBox(64, "Fail", "The values are not identical! Error: " & @error)

so, maybe a problem of Windows 8?

Share this post


Link to post
Share on other sites
JohnJohnson

So i've made a work-around to ensure it will be fixed! 

 

#include <Crypt.au3>

_Crypt_Startup()

$sPassword = "YourPasswordHere"
RegWrite("HKCU\Software\Example", "VALUE", "REG_SZ", _Crypt_EncryptData("YourOriginalValueHere", $sPassword, $CALG_AES_256))
_Crypt_DestroyKey($sPassword)

DecryptData()

Func DecryptData()
    local $temp = RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "AppData")
    Local $regread = RegRead("HKCU\Software\Example", "VALUE")
    IniWrite(""&$temp&"\789869654790", "5678", "09346", $regread)
    local $regvalue = IniRead(""&$temp&"\789869654790", "5678", "09346", "89023857639300")
    Local $sUserKey = "YourPasswordHere"
    Local $decrypted = _Crypt_DecryptData($regvalue, $sUserKey, $CALG_AES_256)
    Local $Value = BinaryToString($decrypted)
    Local $ValueCode = "YourOriginalValueHere"
    _Crypt_DestroyKey($sUserKey)
    If $Value = $ValueCode Then
        FileDelete(""&$temp&"\789869654790")
        MsgBox(64, "Correct!", "The values are identical!")
    Else
        MsgBox(64, "Fail", "The values are not identical! Error: " & @error)
        FileDelete(""&$temp&"\789869654790")
    EndIf
EndFunc   ;==>DecryptData

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×