douduan5086 2015-11-04 07:29
浏览 309
已采纳

Windows在Golang中加密的rdp密码

like http://play.golang.org/p/fD7mx2k4Yc

window rdp password encrypted http://www.remkoweijnen.nl/blog/2007/10/18/how-rdp-passwords-are-encrypted/

   package main

    import (
        "fmt"
        "log"
        "syscall"
        "unsafe"
    )

    const (
        CRYPTPROTECT_UI_FORBIDDEN = 0x1
    )

    var (
        dllcrypt32  = syscall.NewLazyDLL("Crypt32.dll")
        dllkernel32 = syscall.NewLazyDLL("Kernel32.dll")

        procEncryptData = dllcrypt32.NewProc("CryptProtectData")
        procDecryptData = dllcrypt32.NewProc("CryptUnprotectData")
        procLocalFree   = dllkernel32.NewProc("LocalFree")
    )

    type DATA_BLOB struct {
        cbData uint32
        pbData *byte
    }

    func NewBlob(d []byte) *DATA_BLOB {
        if len(d) == 0 {
            return &DATA_BLOB{}
        }
        return &DATA_BLOB{
            pbData: &d[0],
            cbData: uint32(len(d)),
        }
    }

    func (b *DATA_BLOB) ToByteArray() []byte {
        d := make([]byte, b.cbData)
        copy(d, (*[1 << 30]byte)(unsafe.Pointer(b.pbData))[:])
        return d
    }

    func Encrypt(data []byte) ([]byte, error) {
        var outblob DATA_BLOB
        r, _, err := procEncryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outblob)))
        if r == 0 {
            return nil, err
        }
        defer procLocalFree.Call(uintptr(unsafe.Pointer(outblob.pbData)))
        return outblob.ToByteArray(), nil
    }

    func Decrypt(data []byte) ([]byte, error) {
        var outblob DATA_BLOB
        r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outblob)))
        if r == 0 {
            return nil, err
        }
        defer procLocalFree.Call(uintptr(unsafe.Pointer(outblob.pbData)))
        return outblob.ToByteArray(), nil
    }

    func main() {
        const secret = "MYpasswd"
        enc, err := Encrypt([]byte(secret))
        if err != nil {
            log.Fatalf("Encrypt failed: %v", err)
        }
        dec, err := Decrypt(enc)
        if err != nil {
            log.Fatalf("Decrypt failed: %v", err)
        }
        if string(dec) != secret {
            log.Fatalf("decrypted secret \"%s\" does not match to \"%s\".", dec, secret)
        }
        fmt.Println(fmt.Sprintf("%x", enc))
        fmt.Println(string(dec))
    }

out: 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000de7c90fbe3c9854381f0a0ffe1d496f3000000000200000000001066000000010000200000000790b641e1a9d4bfe54d81966c4d7aaeabf19b63c36dff42668e3b256edbeed8000000000e8000000002000020000000d6385d3352d5a4b011e171ab25b30271e73a4ddc0b9f9bfb8ecd13f230362a0110000000da71663217c163d7ab77231282e7d8d64000000025fbcbb72efcdc711f3a74c38bddbf0b71538f0ffe27d133c0c5cd2434f88d55d924f598ac2f94758d66a448682ed841fb56ce8c9de38601dcce6bd42aa41fbb

MYpasswd

create tmp.rdp 

screen mode id:i:1
....
winposstr:s:0,1,153,64,953,664
username:s:{{username}}
domain:s:
password 51:b:01000000d08c9ddf0115d1118c7a00c04fc297eb0100000............
disable wallpaper:i:1
disable full window drag:i:1

final: mstsc.exe tmp.rdp

But Login failed

python "win32crypt.CryptProtectData" is work.

    pwdHash = win32crypt.CryptProtectData(u"MYpasswd", u'pws', None, None, None, 0)
    enc_password = binascii.hexlify(pwdHash)
  • 写回答

2条回答 默认 最新

  • doutan1875 2015-11-06 08:18
    关注

    The issue has been solved.

    secret = "MYpasswd"

    string must use UTF-16LE encode.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?