Sign in to follow this  
Followers 0
AutID

RegRead. Read saved credentianls from IE

14 posts in this topic

I was searching for a way to read all the saved credentials of IE. My goal is to back them all up.

Searching on internet I found that IE saves all the credentials here: "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerIntelliFormsStorage2"

and they are encrypted I suppose.

I am on Win 7 Ultimate 32bit and regread of that location returns me error -1

Here is a small reproducer.

Local $Credentials = RegRead("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2", "")
If @error Then
 ConsoleWrite("Error: " & @error & @LF)
Else
 ConsoleWrite($Credentials & @LF)
EndIf

Any ideas what is going on? Anyone has already done this before to give me some guides?

Share this post


Link to post
Share on other sites



Does your script use #RequireAdmin?


Get Scite to add a popup when you use a 3rd party UDF -> http://www.autoitscript.com/autoit3/scite/docs/SciTE4AutoIt3/user-calltip-manager.html

Share this post


Link to post
Share on other sites

What do you want with this information? How are you planning on using it once you've figured out how to get at it?


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

What do you want with this information? How are you planning on using it once you've figured out how to get at it?

What do you mean? As I am saying in the 1st post, I want to back them up. I am not understanding you, sorry.

Share this post


Link to post
Share on other sites

Why are you backing them up?


Snips & Scripts


My Snips: graphCPUTemp ~ getENVvars
My Scripts: Short-Order Encrypter - message and file encryption V1.6.1 ~ AuPad - Notepad written entirely in AutoIt V1.9.4

Feel free to use any of my code for your own use.                                                                                                                                                           Forum FAQ

 

Share this post


Link to post
Share on other sites

You could just backup the whole registry and you would be covered.


Get Scite to add a popup when you use a 3rd party UDF -> http://www.autoitscript.com/autoit3/scite/docs/SciTE4AutoIt3/user-calltip-manager.html

Share this post


Link to post
Share on other sites

Why am I backing them up? Why do you back up a file? Most of us do it in case we loose them. I have credentials such as bank account's, credentials on servers and more which if I loose them it would get me a lot of time to get them again. I live away from home and my wife keeps the cards. If I loose the credentials I will have to do a lot of kilometres to get them which is not pleasant.

Now that you learnt my sad story, can anybody concentrate on my problem if you are all really here to help?

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

I agree, no need to know why you want to, just that you're having issues.

Look at your last parameter, you have it blank.

Blank parameter returns the "Default" key/valuename.  If it returns -1 then there is no Default key in the list of keys.

You'll have to enum through the keys if you don't know which ones you want.

Edited by SmOke_N

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

I agree, no need to know why you want to, just that you're having issues.

Look at your last parameter, you have it blank.

Blank parameter returns the "Default" key/valuename.  If it returns -1 then there is no Default key in the list of keys.

You'll have to enum through the keys if you don't know which ones you want.

Got it right?

Local $sVar = ""
Local $sPath = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2"
Local $Credentials
For $i = 1 To 1000
 $sVar = RegEnumVal($sPath, $i)
 If @error <> 0 Then ExitLoop
 $Credentials = RegRead($sPath, $sVar)
 ConsoleWrite("Value Name  #" & $i & ": " &  $sVar & @LF)
 ConsoleWrite("Encrypted credential: " & $Credentials & @CRLF & @CRLF)
Next

Cheers mate.

Edited by AutID

Share this post


Link to post
Share on other sites

Good deal.

I just noticed there were some _winapi_reg* funcs.

I haven't gone through them all yet to find the RegRead() func, but I cheated with with this so you could get value name, integer type of data, and value/data.

#include <APIRegConstants.au3>
#include <Array.au3>
#include <WinAPIDiag.au3>
#include <WinAPIReg.au3>

Global $gsValName, $giType
Global $giCount = 0
Global $gaInfo[101][3]

Global $ghKey = _WinAPI_RegOpenKey($HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\IntelliForms\Storage2", $KEY_READ)
While 1
    $gsValName = _WinAPI_RegEnumValue($ghKey, $giCount)
    If @error Then ExitLoop
    $giType = @extended
    If Mod($giCount, 100) = 0 Then
        ReDim $gaInfo[$giCount + 100][3]
    EndIf
    $gaInfo[$giCount][0] = $gsValName
    $gaInfo[$giCount][1] = $giType
    $gaInfo[$giCount][2] = RegRead("HKCU\Software\Microsoft\Internet Explorer\IntelliForms\Storage2", $gsValName)
    $giCount += 1
WEnd
_WinAPI_RegCloseKey($ghKey)
ReDim $gaInfo[$giCount][3]
_ArrayDisplay($gaInfo)

Now, this may be even more interesting to you, and probably save you a ton of time.

Check out:

_WinAPI_RegSaveKey()


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

I just went through some of the _winapi_reg functions and it is interesting. Neither I could find the exact RegRead function but since we can combine it with the other winapi reg functions it is fine.

_WinAPI_RegSaveKey seems go to do the rest of the job.

Adapting you example and after some search I found out, not sure though, that the credentials are stored encrypted in triple des algorithm seeded with the users password.
I am not sure what "seeded with the users password" exactly means but this example didn't work. I don't have a user password.

#include <APIRegConstants.au3>
#include <Array.au3>
#include <WinAPIDiag.au3>
#include <WinAPIReg.au3>
#include <Crypt.au3>
Global $gsValName, $giType
Global $giCount = 0
Global $gaInfo[101][3]
Global $sPath = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2"
Global $aPath = "Software\Microsoft\Internet Explorer\IntelliForms\Storage2"
Global $ghKey = _WinAPI_RegOpenKey($HKEY_CURRENT_USER, $aPath, $KEY_READ)
While 1
    $gsValName = _WinAPI_RegEnumValue($ghKey, $giCount)
    If @error Then ExitLoop
    $giType = @extended
    If Mod($giCount, 100) = 0 Then
        ReDim $gaInfo[$giCount + 100][3]
    EndIf
    $gaInfo[$giCount][0] = $gsValName
    $gaInfo[$giCount][1] = $giType
    $gaInfo[$giCount][2] = BinaryToString(_Crypt_DecryptData(RegRead($sPath, $gsValName), "", $CALG_3DES)) ;$CALG_USERKEY
    $giCount += 1
WEnd
_WinAPI_RegCloseKey($ghKey)
ReDim $gaInfo[$giCount][3]
_ArrayDisplay($gaInfo)

My goal is to save them into an .ini file, from where they will be handled manually and changed if needed, and encrypted back again and rewrite the registry only if needed. This part is easy though,

However 3DES decryption didn't do the trick, nor the other algorithms. I cant find if there is a crypt key that is required.

Edit: Read more about this it seems more difficult than I thought it is.

Edited by AutID

Share this post


Link to post
Share on other sites

I just went through some of the _winapi_reg functions and it is interesting. Neither I could find the exact RegRead function but since we can combine it with the other winapi reg functions it is fine.

_WinAPI_RegSaveKey seems go to do the rest of the job.

Adapting you example and after some search I found out, not sure though, that the credentials are stored encrypted in triple des algorithm seeded with the users password.

I am not sure what "seeded with the users password" exactly means but this example didn't work. I don't have a user password.

#include <APIRegConstants.au3>
#include <Array.au3>
#include <WinAPIDiag.au3>
#include <WinAPIReg.au3>
#include <Crypt.au3>
Global $gsValName, $giType
Global $giCount = 0
Global $gaInfo[101][3]
Global $sPath = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2"
Global $aPath = "Software\Microsoft\Internet Explorer\IntelliForms\Storage2"
Global $ghKey = _WinAPI_RegOpenKey($HKEY_CURRENT_USER, $aPath, $KEY_READ)
While 1
    $gsValName = _WinAPI_RegEnumValue($ghKey, $giCount)
    If @error Then ExitLoop
    $giType = @extended
    If Mod($giCount, 100) = 0 Then
        ReDim $gaInfo[$giCount + 100][3]
    EndIf
    $gaInfo[$giCount][0] = $gsValName
    $gaInfo[$giCount][1] = $giType
    $gaInfo[$giCount][2] = BinaryToString(_Crypt_DecryptData(RegRead($sPath, $gsValName), "", $CALG_3DES)) ;$CALG_USERKEY
    $giCount += 1
WEnd
_WinAPI_RegCloseKey($ghKey)
ReDim $gaInfo[$giCount][3]
_ArrayDisplay($gaInfo)

My goal is to save them into an .ini file, from where they will be handled manually and changed if needed, and encrypted back again and rewrite the registry only if needed. This part is easy though,

However 3DES decryption didn't do the trick, nor the other algorithms. I cant find if there is a crypt key that is required.

Edit: Read more about this it seems more difficult than I thought it is.

Ahh, that's different than "backing up".  I didn't look into that.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Yes, that is what I am finding out. We should better leave this here before it gets too tricky.
I will use _WinAPI_RegSaveKey and save it as it is. It should be better so people who will see it will not mess with it. And will save me time from encryptions.

Cheers and Merry Christmas!!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0