GregThompson Posted August 15, 2007 Share Posted August 15, 2007 OK, so Didier Stevens has a cool little program that decrypts the UserAssist hive for the current user, and ports it into a nifty little GUI. He doesn't have command-line support at this time though, and that's what I need. His program is located here. http://didierstevens.wordpress.com/programs/userassist/Does anyone know of a way to decrpyt the UserAssist key, which is in ROT13, and port it to a csv file, or something like that? Or maybe some way to run his script, and execute the save option all hidden from a logged on user? Link to comment Share on other sites More sharing options...
Paulie Posted August 15, 2007 Share Posted August 15, 2007 Why on earth would you want to run a monitoring program without the user having knowledge? Sounds iffy to me.... Link to comment Share on other sites More sharing options...
GregThompson Posted August 15, 2007 Author Share Posted August 15, 2007 Why on earth would you want to run a monitoring program without the user having knowledge? Sounds iffy to me....The company I work for is getting hit with licensing fee's for Reflections software that is installed on several thousand machines. So, because we don't know exactly who is using the program and who isn't, we came up with this idea to determine how often the program is being run on every machine company-wide. If the date of the last use is not within the last 30 days, we'll automatically uninstall the software from the machine. Link to comment Share on other sites More sharing options...
PsaltyDS Posted August 15, 2007 Share Posted August 15, 2007 (edited) The company I work for is getting hit with licensing fee's for Reflections software that is installed on several thousand machines. So, because we don't know exactly who is using the program and who isn't, we came up with this idea to determine how often the program is being run on every machine company-wide. If the date of the last use is not within the last 30 days, we'll automatically uninstall the software from the machine.But what you are decrypting is user specific, not machine specific... 1. You could just check the 'Last Accessed' date on the Reflections executable2. You could configure Auditing on the executable3. You could make the executable accessible by a shortcut that performed some logging before running it.4. Etc., etc...There are so many easy ways to achieve that without cracking anything -- I think Paulie is right to be a little suspicious. Edit: ROT-13 is more like 'encoding' than encrypting, so 'cracking' is probably too strong a term for this. Edited August 15, 2007 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
GregThompson Posted August 15, 2007 Author Share Posted August 15, 2007 I agree with you guys that this is a hugely complicated way to go about getting some paltry data, but I'm not the guy that came up with the idea. PSalty, I like yours about the exe's last accessed, I'm going to recommend that instead. The other issue with the UserAssist is what you stated, that it's user specific, and we'd have to open/parse the HKEY_USER hives to make sure the machines that have multiple users are included, and that gets SO much more complicated. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now