AutID Posted December 23, 2014 Share Posted December 23, 2014 I was searching for a way to read all the saved credentials of IE. My goal is to back them all up. Searching on internet I found that IE saves all the credentials here: "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerIntelliFormsStorage2" and they are encrypted I suppose. I am on Win 7 Ultimate 32bit and regread of that location returns me error -1 Here is a small reproducer. Local $Credentials = RegRead("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2", "") If @error Then ConsoleWrite("Error: " & @error & @LF) Else ConsoleWrite($Credentials & @LF) EndIf Any ideas what is going on? Anyone has already done this before to give me some guides? https://iblockify.wordpress.com/ Link to comment Share on other sites More sharing options...
computergroove Posted December 23, 2014 Share Posted December 23, 2014 Does your script use #RequireAdmin? Get Scite to add a popup when you use a 3rd party UDF -> http://www.autoitscript.com/autoit3/scite/docs/SciTE4AutoIt3/user-calltip-manager.html Link to comment Share on other sites More sharing options...
AutID Posted December 23, 2014 Author Share Posted December 23, 2014 Yes, I always run scite as admin. https://iblockify.wordpress.com/ Link to comment Share on other sites More sharing options...
BrewManNH Posted December 23, 2014 Share Posted December 23, 2014 What do you want with this information? How are you planning on using it once you've figured out how to get at it? If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
AutID Posted December 23, 2014 Author Share Posted December 23, 2014 What do you want with this information? How are you planning on using it once you've figured out how to get at it? What do you mean? As I am saying in the 1st post, I want to back them up. I am not understanding you, sorry. https://iblockify.wordpress.com/ Link to comment Share on other sites More sharing options...
MikahS Posted December 23, 2014 Share Posted December 23, 2014 Why are you backing them up? Snips & Scripts My Snips: graphCPUTemp ~ getENVvarsMy Scripts: Short-Order Encrypter - message and file encryption V1.6.1 ~ AuPad - Notepad written entirely in AutoIt V1.9.4 Feel free to use any of my code for your own use. Forum FAQ Link to comment Share on other sites More sharing options...
computergroove Posted December 23, 2014 Share Posted December 23, 2014 You could just backup the whole registry and you would be covered. Get Scite to add a popup when you use a 3rd party UDF -> http://www.autoitscript.com/autoit3/scite/docs/SciTE4AutoIt3/user-calltip-manager.html Link to comment Share on other sites More sharing options...
AutID Posted December 23, 2014 Author Share Posted December 23, 2014 Why am I backing them up? Why do you back up a file? Most of us do it in case we loose them. I have credentials such as bank account's, credentials on servers and more which if I loose them it would get me a lot of time to get them again. I live away from home and my wife keeps the cards. If I loose the credentials I will have to do a lot of kilometres to get them which is not pleasant. Now that you learnt my sad story, can anybody concentrate on my problem if you are all really here to help? https://iblockify.wordpress.com/ Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 23, 2014 Moderators Share Posted December 23, 2014 (edited) I agree, no need to know why you want to, just that you're having issues. Look at your last parameter, you have it blank. Blank parameter returns the "Default" key/valuename. If it returns -1 then there is no Default key in the list of keys. You'll have to enum through the keys if you don't know which ones you want. Edited December 23, 2014 by SmOke_N Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
AutID Posted December 23, 2014 Author Share Posted December 23, 2014 (edited) I agree, no need to know why you want to, just that you're having issues. Look at your last parameter, you have it blank. Blank parameter returns the "Default" key/valuename. If it returns -1 then there is no Default key in the list of keys. You'll have to enum through the keys if you don't know which ones you want. Got it right? Local $sVar = "" Local $sPath = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2" Local $Credentials For $i = 1 To 1000 $sVar = RegEnumVal($sPath, $i) If @error <> 0 Then ExitLoop $Credentials = RegRead($sPath, $sVar) ConsoleWrite("Value Name #" & $i & ": " & $sVar & @LF) ConsoleWrite("Encrypted credential: " & $Credentials & @CRLF & @CRLF) Next Cheers mate. Edited December 23, 2014 by AutID https://iblockify.wordpress.com/ Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 23, 2014 Moderators Share Posted December 23, 2014 Good deal. I just noticed there were some _winapi_reg* funcs. I haven't gone through them all yet to find the RegRead() func, but I cheated with with this so you could get value name, integer type of data, and value/data. #include <APIRegConstants.au3> #include <Array.au3> #include <WinAPIDiag.au3> #include <WinAPIReg.au3> Global $gsValName, $giType Global $giCount = 0 Global $gaInfo[101][3] Global $ghKey = _WinAPI_RegOpenKey($HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\IntelliForms\Storage2", $KEY_READ) While 1 $gsValName = _WinAPI_RegEnumValue($ghKey, $giCount) If @error Then ExitLoop $giType = @extended If Mod($giCount, 100) = 0 Then ReDim $gaInfo[$giCount + 100][3] EndIf $gaInfo[$giCount][0] = $gsValName $gaInfo[$giCount][1] = $giType $gaInfo[$giCount][2] = RegRead("HKCU\Software\Microsoft\Internet Explorer\IntelliForms\Storage2", $gsValName) $giCount += 1 WEnd _WinAPI_RegCloseKey($ghKey) ReDim $gaInfo[$giCount][3] _ArrayDisplay($gaInfo) Now, this may be even more interesting to you, and probably save you a ton of time. Check out: _WinAPI_RegSaveKey() Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
AutID Posted December 24, 2014 Author Share Posted December 24, 2014 (edited) I just went through some of the _winapi_reg functions and it is interesting. Neither I could find the exact RegRead function but since we can combine it with the other winapi reg functions it is fine. _WinAPI_RegSaveKey seems go to do the rest of the job. Adapting you example and after some search I found out, not sure though, that the credentials are stored encrypted in triple des algorithm seeded with the users password. I am not sure what "seeded with the users password" exactly means but this example didn't work. I don't have a user password. #include <APIRegConstants.au3> #include <Array.au3> #include <WinAPIDiag.au3> #include <WinAPIReg.au3> #include <Crypt.au3> Global $gsValName, $giType Global $giCount = 0 Global $gaInfo[101][3] Global $sPath = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2" Global $aPath = "Software\Microsoft\Internet Explorer\IntelliForms\Storage2" Global $ghKey = _WinAPI_RegOpenKey($HKEY_CURRENT_USER, $aPath, $KEY_READ) While 1 $gsValName = _WinAPI_RegEnumValue($ghKey, $giCount) If @error Then ExitLoop $giType = @extended If Mod($giCount, 100) = 0 Then ReDim $gaInfo[$giCount + 100][3] EndIf $gaInfo[$giCount][0] = $gsValName $gaInfo[$giCount][1] = $giType $gaInfo[$giCount][2] = BinaryToString(_Crypt_DecryptData(RegRead($sPath, $gsValName), "", $CALG_3DES)) ;$CALG_USERKEY $giCount += 1 WEnd _WinAPI_RegCloseKey($ghKey) ReDim $gaInfo[$giCount][3] _ArrayDisplay($gaInfo) My goal is to save them into an .ini file, from where they will be handled manually and changed if needed, and encrypted back again and rewrite the registry only if needed. This part is easy though, However 3DES decryption didn't do the trick, nor the other algorithms. I cant find if there is a crypt key that is required. Edit: Read more about this it seems more difficult than I thought it is. Edited December 24, 2014 by AutID https://iblockify.wordpress.com/ Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 24, 2014 Moderators Share Posted December 24, 2014 I just went through some of the _winapi_reg functions and it is interesting. Neither I could find the exact RegRead function but since we can combine it with the other winapi reg functions it is fine. _WinAPI_RegSaveKey seems go to do the rest of the job. Adapting you example and after some search I found out, not sure though, that the credentials are stored encrypted in triple des algorithm seeded with the users password. I am not sure what "seeded with the users password" exactly means but this example didn't work. I don't have a user password. #include <APIRegConstants.au3> #include <Array.au3> #include <WinAPIDiag.au3> #include <WinAPIReg.au3> #include <Crypt.au3> Global $gsValName, $giType Global $giCount = 0 Global $gaInfo[101][3] Global $sPath = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2" Global $aPath = "Software\Microsoft\Internet Explorer\IntelliForms\Storage2" Global $ghKey = _WinAPI_RegOpenKey($HKEY_CURRENT_USER, $aPath, $KEY_READ) While 1 $gsValName = _WinAPI_RegEnumValue($ghKey, $giCount) If @error Then ExitLoop $giType = @extended If Mod($giCount, 100) = 0 Then ReDim $gaInfo[$giCount + 100][3] EndIf $gaInfo[$giCount][0] = $gsValName $gaInfo[$giCount][1] = $giType $gaInfo[$giCount][2] = BinaryToString(_Crypt_DecryptData(RegRead($sPath, $gsValName), "", $CALG_3DES)) ;$CALG_USERKEY $giCount += 1 WEnd _WinAPI_RegCloseKey($ghKey) ReDim $gaInfo[$giCount][3] _ArrayDisplay($gaInfo) My goal is to save them into an .ini file, from where they will be handled manually and changed if needed, and encrypted back again and rewrite the registry only if needed. This part is easy though, However 3DES decryption didn't do the trick, nor the other algorithms. I cant find if there is a crypt key that is required. Edit: Read more about this it seems more difficult than I thought it is. Ahh, that's different than "backing up". I didn't look into that. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
AutID Posted December 24, 2014 Author Share Posted December 24, 2014 Yes, that is what I am finding out. We should better leave this here before it gets too tricky. I will use _WinAPI_RegSaveKey and save it as it is. It should be better so people who will see it will not mess with it. And will save me time from encryptions. Cheers and Merry Christmas!!! https://iblockify.wordpress.com/ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now