like http://play.golang.org/p/fD7mx2k4Yc
window rdp password encrypted http://www.remkoweijnen.nl/blog/2007/10/18/how-rdp-passwords-are-encrypted/
package main
import (
"fmt"
"log"
"syscall"
"unsafe"
)
const (
CRYPTPROTECT_UI_FORBIDDEN = 0x1
)
var (
dllcrypt32 = syscall.NewLazyDLL("Crypt32.dll")
dllkernel32 = syscall.NewLazyDLL("Kernel32.dll")
procEncryptData = dllcrypt32.NewProc("CryptProtectData")
procDecryptData = dllcrypt32.NewProc("CryptUnprotectData")
procLocalFree = dllkernel32.NewProc("LocalFree")
)
type DATA_BLOB struct {
cbData uint32
pbData *byte
}
func NewBlob(d []byte) *DATA_BLOB {
if len(d) == 0 {
return &DATA_BLOB{}
}
return &DATA_BLOB{
pbData: &d[0],
cbData: uint32(len(d)),
}
}
func (b *DATA_BLOB) ToByteArray() []byte {
d := make([]byte, b.cbData)
copy(d, (*[1 << 30]byte)(unsafe.Pointer(b.pbData))[:])
return d
}
func Encrypt(data []byte) ([]byte, error) {
var outblob DATA_BLOB
r, _, err := procEncryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outblob)))
if r == 0 {
return nil, err
}
defer procLocalFree.Call(uintptr(unsafe.Pointer(outblob.pbData)))
return outblob.ToByteArray(), nil
}
func Decrypt(data []byte) ([]byte, error) {
var outblob DATA_BLOB
r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outblob)))
if r == 0 {
return nil, err
}
defer procLocalFree.Call(uintptr(unsafe.Pointer(outblob.pbData)))
return outblob.ToByteArray(), nil
}
func main() {
const secret = "MYpasswd"
enc, err := Encrypt([]byte(secret))
if err != nil {
log.Fatalf("Encrypt failed: %v", err)
}
dec, err := Decrypt(enc)
if err != nil {
log.Fatalf("Decrypt failed: %v", err)
}
if string(dec) != secret {
log.Fatalf("decrypted secret \"%s\" does not match to \"%s\".", dec, secret)
}
fmt.Println(fmt.Sprintf("%x", enc))
fmt.Println(string(dec))
}
out: 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000de7c90fbe3c9854381f0a0ffe1d496f3000000000200000000001066000000010000200000000790b641e1a9d4bfe54d81966c4d7aaeabf19b63c36dff42668e3b256edbeed8000000000e8000000002000020000000d6385d3352d5a4b011e171ab25b30271e73a4ddc0b9f9bfb8ecd13f230362a0110000000da71663217c163d7ab77231282e7d8d64000000025fbcbb72efcdc711f3a74c38bddbf0b71538f0ffe27d133c0c5cd2434f88d55d924f598ac2f94758d66a448682ed841fb56ce8c9de38601dcce6bd42aa41fbb
MYpasswd
create tmp.rdp
screen mode id:i:1
....
winposstr:s:0,1,153,64,953,664
username:s:{{username}}
domain:s:
password 51:b:01000000d08c9ddf0115d1118c7a00c04fc297eb0100000............
disable wallpaper:i:1
disable full window drag:i:1
final: mstsc.exe tmp.rdp
But Login failed
python "win32crypt.CryptProtectData" is work.
pwdHash = win32crypt.CryptProtectData(u"MYpasswd", u'pws', None, None, None, 0)
enc_password = binascii.hexlify(pwdHash)
The issue has been solved.
secret = "MYpasswd"
string must use UTF-16LE encode.
make an addition for the not-detailed answer above. According @Fuqiang's answer, just transfer the encoding of the plain string to UTF-16LE before encrypting, and it finally works. So it looks like this:
....
func convertToUTF16LittleEndianBytes(s string) []byte {
u := utf16.Encode([]rune(s))
b := make([]byte, 2*len(u))
for index, value := range u {
binary.LittleEndian.PutUint16(b[index*2:], value)
}
return b
}
func main() {
const secret = "MYpasswd"
s := convertToUTF16LittleEndianBytes(secret)
enc, err := Encrypt(s)
if err != nil {
log.Fatalf("Encrypt failed: %v", err)
}
...
}
And after decrypting, you have to decode the decrypted string from utf-16le before you comparing or using it, don't directly transfer the utf-16le char to string by string(dec).