Register Value Decrypting

[JohnJohnson]

Hi all, 

I am fairly new to AutoIt and still experimenting with it. Now I've learned a lot by just surfing the forums and Google for the things I could not cipher out myself. 

But now I really need help on something. Let me explain the situation.

I've wrote a script that encrypts a string and then writes it in the register. Now I want to read that entry and decrypt it. With _Crypt_DecryptData this does not work.

Local $regread          = RegRead("HKCU\Software\Example", "VALUE")
        Local $sUserKey         = "YourPasswordHere"
        Local $decrypted        = _Crypt_DecryptData(String($sData), $sUserKey, $CALG_AES_256)
        Local $Value            = BinaryToString($decrypted)    
        Local $ValueCode        = "YourOriginalValueHere"
        If $Value = $ValueCode Then
                   MsgBox( 64, "Correct!", "The values are identical!")

                Else 
                   MsgBox( 64, "Fail", "The values are not identical! Error:"&@error&"")

Could you point me to the right directions? Or maybe tell me what I am doing wrong. Or help me out of my dreams and tell me this is impossible! 

Thanx in advance!

[Unc3nZureD]

maybe

_Crypt_DecryptData($regread, $sUserKey, $CALG_AES_256)

?

Since $sData isn't even declared (probably you forgot to change it)

[JohnJohnson]

Right, maybe i typed it wrongly in the example script. But even as the way you describe it, It doesnt decrypt right.

I've also tested if i change the $regread to $regread = RegRead(), it gives the same output as $regread = RegRead("HKCUSoftwareExample", "Value"). So it looks like the function _Crypt_DecryptData reads $regread as RegRead() and that isn't working within the function. 
 

But to store the value in a ini file or put it in the code, beats my intention of reading the register in the first place. So maybe someone has a better idea?

[Unc3nZureD]

Areyou sure that the registry you want to read exists?

[JohnJohnson]

Positive, if i let the script write it in a ini file the right value is displayed in the ini file. Does it work for you then? Because i thought maybe it has something to do with admin rights, but that is not the case either. Because if that was the case then the right value would not be written in the ini file, or what file soever.

[btw, with the right value, i mean the value that is displayed in the register.]

Edited August 21, 2013 by JohnJohnson

[0xdefea7]

Your code is horribly formatted for this post, looks like a snippet of a much larger script. Also, it is not even able to run. You really should provide a reproducible script for others to help with. Here is working code, you should use _Crypt_DeriveKey():

#include <Crypt.au3>

_Crypt_Startup()
$sPassword = _Crypt_DeriveKey("YourPasswordHere", $CALG_AES_256)
RegWrite("HKCU\Software\Example", "VALUE", "REG_SZ", _Crypt_EncryptData("YourOriginalValueHere", $sPassword, $CALG_AES_256))
_Crypt_DestroyKey($sPassword)

DecryptData()

Func DecryptData()
    Local $regread = RegRead("HKCU\Software\Example", "VALUE")
    Local $sUserKey = _Crypt_DeriveKey("YourPasswordHere", $CALG_AES_256)
    Local $decrypted = _Crypt_DecryptData($regread, $sUserKey, $CALG_AES_256)
    Local $Value = BinaryToString($decrypted)
    Local $ValueCode = "YourOriginalValueHere"
    If $Value = $ValueCode Then
        MsgBox(64, "Correct!", "The values are identical!")
    Else
        MsgBox(64, "Fail", "The values are not identical! Error: " & @error)
    EndIf
EndFunc   ;==>DecryptData

[JohnJohnson]

Im sorry, I will do that the next time. Thanks for the tip! I will try your code right now and get back to this thread when it is solved for me or not. Thnx in advance

[JohnJohnson]

For some reason, everytime I use a variable within the function _Crypt_decryptData() it is not working, but if i put in the right values within brackets it is working.. I have to do this with the value that needs to be decrypted and the password that is used to decrypt it. Anyone has a clue why this is?

[0xdefea7]

The code I posted works just fine. If you adjust your code to match, it should work correctly. Would you please post your updated code that you are having trouble with?

[JohnJohnson]

I have copy-pasted your code and tested it, but i get the

MsgBox(64, "Fail", "The values are not identical! Error: " & @error)

so, maybe a problem of Windows 8?

[JohnJohnson]

So i've made a work-around to ensure it will be fixed! 

 

#include <Crypt.au3>

_Crypt_Startup()

$sPassword = "YourPasswordHere"
RegWrite("HKCU\Software\Example", "VALUE", "REG_SZ", _Crypt_EncryptData("YourOriginalValueHere", $sPassword, $CALG_AES_256))
_Crypt_DestroyKey($sPassword)

DecryptData()

Func DecryptData()
    local $temp = RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "AppData")
    Local $regread = RegRead("HKCU\Software\Example", "VALUE")
    IniWrite(""&$temp&"\789869654790", "5678", "09346", $regread)
    local $regvalue = IniRead(""&$temp&"\789869654790", "5678", "09346", "89023857639300")
    Local $sUserKey = "YourPasswordHere"
    Local $decrypted = _Crypt_DecryptData($regvalue, $sUserKey, $CALG_AES_256)
    Local $Value = BinaryToString($decrypted)
    Local $ValueCode = "YourOriginalValueHere"
    _Crypt_DestroyKey($sUserKey)
    If $Value = $ValueCode Then
        FileDelete(""&$temp&"\789869654790")
        MsgBox(64, "Correct!", "The values are identical!")
    Else
        MsgBox(64, "Fail", "The values are not identical! Error: " & @error)
        FileDelete(""&$temp&"\789869654790")
    EndIf
EndFunc   ;==>DecryptData