Hey everyone,
I am almost finished with this, does anyone (or if you are reading this, Laszlo) think Laszlo will mind if I use one of his encryption algorithms. I have already adapted it into this script I am working on, but I didn't want to post it until I got his permission.
Thanks,
Eddie
Login Script With Encrypted Registry Keys
Started by
ehagood
, Jul 28 2006 04:01 PM
4 replies to this topic
#1
-
Posted 28 July 2006 - 04:01 PM
Everything I post in this forum is in the public domain (that is, you got permission to do with the scripts whatever you want). If you give me credit in the header, that is fine, if you don't, that is OK, too.
#2
-
Posted 28 July 2006 - 04:08 PM
Thanks Laszlo,
Here is my script. I'm sure there may be a bug or two in it. Basically on the primary run, if it doesn't find the predetermined registry key (at least the Admin string) it will prompt you to enter a Admin password. It will encrypt it and store it into the registry. When you log into the Admin account, you are automatically directed to create a new user. From this point on it will read the registry to find all users there and decrypt their passwords. It allows three attempts then closes.
I'm sure it needs more documentation, but I hope someone can find it useful. Let me know what you guys think.
Here is my script. I'm sure there may be a bug or two in it. Basically on the primary run, if it doesn't find the predetermined registry key (at least the Admin string) it will prompt you to enter a Admin password. It will encrypt it and store it into the registry. When you log into the Admin account, you are automatically directed to create a new user. From this point on it will read the registry to find all users there and decrypt their passwords. It allows three attempts then closes.
I'm sure it needs more documentation, but I hope someone can find it useful. Let me know what you guys think.
/* Login In With Encrypted Registry Password Script Date: 7/28/06 By: Eddie Hagood The following code is a GUI for logging in User Name Password combos. It basically sets up a primary Admin account, and anyone who logs into this account can in turn create other users. The UserName is saved as a key. The password is encrypted thanks to Laszlo's encryption algorithm. When the login screen loads it reads all values in the registry and loads the usernames into an array along with the decrypted passwords. It the allows three log in attempts before closing the program. */ ;Set all variables Attempts = 1 IntUser = 1 ;Variables for Laszlo's Encryption Code SetBatchLines -1 ; do it fast StringCaseSense Off AutoTrim Off Mark1 = _\ ; 2-char delimiters Mark2 = /_ k1 := 0x11111111 ; 128-bit secret key k2 := 0x22222222 ; hard coded or k3 := 0x33333333 ; could be user input k4 := 0x44444444 ;Begin Registry Lookup RegRead, OutputVar, HKEY_LOCAL_MACHINE, SOFTWARE\TestProgram, Admin if ErrorLevel > 0 { msgbox, 16,,This seems to be your first time running this program. We will now setup your admin account. Loop ;Loop until you have a password that has more than 7 characters { if strlen(StrAdminPassword) > 6 Break else inputbox, StrAdminPassword, Select an Admin Password, Please enter a password to be used as an Administration`nPassword. It is advantagous to select a password that uses letters and numbers.`n(Must be at least 7 characters in length) } T = %StrAdminPassword% gosub, Encrypt RegWrite, REG_SZ, HKEY_LOCAL_MACHINE, SOFTWARE\TestProgram, Admin, %L% msgbox, Administration Account Setup, Your Administration Account Has Now Been Activated.`nPlease login using it to set up accounts. } Loop, HKEY_LOCAL_MACHINE, SOFTWARE\TestProgram, 1, 1 ;Loop to read all registry entries { RegRead, value User%IntUser%_1 = %a_LoopRegName% T = %value% gosub, Decrypt User%IntUser%_2 = %L% if a_LoopRegName = Admin ;If it is the admin account, we will store this to see if it is used later StrAdminPassword = %L% IntUser += 1 } IntTotal = %IntUser% ;To set up loop later IntUser = 0 ;Create Gui Gui, Add, Text, x96 y20 w260 h30 , Please select UserName and enter Password loop %IntTotal% ;Append all UserNames to StrTotalName { IntUser += 1 StrTempName = % User%IntUser%_1 if IntUser = 1 StrTotalName = %StrTempName%| else StrTotalName = %StrTotalName%|%StrTempName% } Gui, Add, DropDownList, vMyDropDownList x139 y70 w170 h21 R%IntTotal% +AltSubmit, %StrTotalName% ;AltSubmit to Get Position instead of Text For GuiControlGet Gui, Add, Edit, vMyPasswordEdit x139 y120 w170 h20 +Password Gui, Add, Button, x236 y150 w70 h30 , OK Gui, Add, Button, x326 y150 w80 h30 , Cancel Gui, 2:Add, Text,x96 y20 w260 h30, Enter The New UserName and Password Gui, 2:Add, Text,x96 y50 w260 h30, ADMINISTRATION ACCOUNT Gui, 2:Add, Edit, x139 y70 w170 h21 vStrCreatedUser, Gui, 2:Add, Edit, x139 y120 w170 h20 vStrCreatedPassword, Gui, 2:Add, Button, x236 y150 w70 h30 gNewUserOK, OK Gui, 2:Add, Button, x326 y150 w80 h30 gNewUserCancel, Cancel Gui, Show, x109 y91 h196 w451, Please Enter Your UserName and Password Return ButtonOK: { ;Get User Input GuiControlGet, MyDropDownList GuiControlGet, MyPasswordEdit Attempts += 1 If Attempts > 3 ;Fail and Exit After Three Attempts { msgbox, 16, PASSWORD DENIED!!!! ,Sorry`, You failed to present the correct password after 3 attempts.`nLogin Failed exitapp Return } ;Test User Input If User%MyDropDownList%_2 = %MyPasswordEdit% { if StrAdminPassword = %MyPasswordEdit% ;Administration Account Has Been Logged Into { Gui,Destroy Gui, 2:Show, x109 y91 h196 w451, Please Enter NEW UserName and Password } else { Gui,Destroy SplashTextOn,400,100, ,Your Password Has Been Accepted And The Program Will Now Load.`nThank You. ;Setup Variables and Guis Here Sleep, 2000 Splashtextoff goto, Main Return } } else { msgbox, 16, PASSWORD DENIED!!!!, Sorry`, The Password You Provided Is Not The Correct Password`nFor That Profile. Please Try Again. } Return } NewUserCancel: exitapp 2GuiClose: ExitApp NewUserOK: GuiControlGet, StrCreatedUser GuiControlGet, StrCreatedPassword msgbox, 4,New User Creation, You are going to create %StrCreatedUser% with Password: %StrCreatedPassword%`nDo You Want To Continue? IfMsgBox Yes T = %StrCreatedPassword% gosub, Encrypt RegWrite, REG_SZ, HKEY_LOCAL_MACHINE, SOFTWARE\TestProgram, %StrCreatedUser%, %L% msgbox, 4,New User Creation, Would You Like To Continue? ifMsgbox No ExitApp Gui, 2:Add, Edit, x139 y70 w170 h21 vStrCreatedUser, Gui, 2:Add, Edit, x139 y120 w170 h20 vStrCreatedPassword, Return ButtonCancel: ExitApp GuiClose: ExitApp Main: ;Here you will actually begin the Program Itself By Showing Any Guis Etc... msgbox, Main Program Code Will Go Here. exitapp ;Used to Simply Test Script. Will Be Removed By User For Actual Use ;This is Laszlo's Encryption Code - Used By Permission DECRYPT: StringMid p, T, 3, 8 StringTrimLeft T, T, 12 ; remove IV from text k5 = 0x%p% ; set new IV i = 9 ; pad-index, force restart p = 0 ; counter to be encrypted L = ; processed text Loop % StrLen(T) { i++ IfGreater i,8, { ; all 9 pad values exhausted u := p v := k5 ; another secret p++ ; increment counter TEA(u,v, k1,k2,k3,k4) Stream9(u,v) ; 9 pads from encrypted counter i = 0 } StringMid c, T, A_Index, 1 a := Asc(c) if a between 32 and 126 { ; chars > 126 or < 31 unchanged a -= s%i% IfLess a, 32, SetEnv, a, % a+95 c := Chr(a) } L = %L%%c% ; attach encrypted character } Return ENCRYPT: StringLeft k5, A_NowUTC, 8 ; current time StringRight v, A_NowUTC, 6 v := v*1000 + A_MSec ; in MSec SetFormat Integer, H TEA(k5,v, k1,k2,k3,k4) ; k5 = starting random counter value SetFormat Integer, D StringTrimLeft u, k5, 2 u = 0000000%u% StringRight IV, u, 8 ; 8-digit hex w/o 0x i = 9 ; pad-index, force restart p = 0 ; counter to be encrypted L = %Mark1%%IV%%Mark2% ; IV prepended to processed text Loop % StrLen(T) { i++ IfGreater i,8, { ; all 9 pad values exhausted u := p v := k5 ; IV p++ ; increment counter TEA(u,v, k1,k2,k3,k4) Stream9(u,v) ; 9 pads from encrypted counter i = 0 } StringMid c, T, A_Index, 1 a := Asc(c) if a between 32 and 126 { ; chars > 126 or < 31 unchanged a += s%i% IfGreater a, 126, SetEnv, a, % a-95 c := Chr(a) } L = %L%%c% ; attach encrypted character } Return TEA(ByRef y,ByRef z,k0,k1,k2,k3) ; (y,z) = 64-bit I/0 block { ; (k0,k1,k2,k3) = 128-bit key IntFormat = %A_FormatInteger% SetFormat Integer, D ; needed for decimal indices s := 0 d := 0x9E3779B9 Loop 32 { k := "k" . s & 3 ; indexing the key y := 0xFFFFFFFF & (y + ((z << 4 ^ z >> 5) + z ^ s + %k%)) s := 0xFFFFFFFF & (s + d) ; simulate 32 bit operations k := "k" . s >> 11 & 3 z := 0xFFFFFFFF & (z + ((y << 4 ^ y >> 5) + y ^ s + %k%)) } SetFormat Integer, %IntFormat% y += 0 z += 0 ; Convert to original ineger format } Stream9(x,y) ; Convert 2 32-bit words to 9 pad values { ; 0 <= s0, s1, ... s8 <= 94 Local z ; makes all s%i% global s0 := Floor(x*0.000000022118911147) ; 95/2**32 Loop 8 { z := (y << 25) + (x >> 7) & 0xFFFFFFFF y := (x << 25) + (y >> 7) & 0xFFFFFFFF x = %z% s%A_Index% := Floor(x*0.000000022118911147) } } ;End Laszlo's Encryption Algorithm
#3
-
Posted 28 July 2006 - 04:40 PM
Nice application!
It looks like you use the default encryption key 0x11111111,..0x44444444 for encryption. It was meant for tests only, an adversary could guess it. You should ask the user for an encryption key or derive one from the admin password.
In this application you know if a registry key is encrypted, you don't have to add Mark1 and Mark2 around the IV. They were there to help identifying encrypted texts.
It looks like you use the default encryption key 0x11111111,..0x44444444 for encryption. It was meant for tests only, an adversary could guess it. You should ask the user for an encryption key or derive one from the admin password.
In this application you know if a registry key is encrypted, you don't have to add Mark1 and Mark2 around the IV. They were there to help identifying encrypted texts.
#4
-
Posted 28 July 2006 - 07:45 PM
Thank you, I have to admit that I know very little about encryption. I have not really had the need to, so when I saw some of yours, I was really impressed. I obviously had to alter it a little to make it work with my script, but I was afraid to change too many things.
#5
-
Posted 29 July 2006 - 04:16 AM