Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Wireless Profile Password Decryption using CryptUnProtectData

1,303 views
Skip to first unread message

arunsrk

unread,
Nov 21, 2007, 7:31:12 AM11/21/07
to
I am using CryptUnProtectData function to decrypt Wireless Access Password
from a Wireless Connection Profile.

Even though I am able to decrypt the password on a Windows Vista PC, I am
not able to do this on a Windows XP Machine. I am calling CryptUnProtectData
inside a windows service application.

Is it possible to decrypt the wireless connection password using
CryptUnProtectData on a Windows XP PC ?

This is the code i am using to decrypt the password, this works on a Vista
PC provided i have run the code inside a service, for xp this is giving error
number 183 on Get Last Error

DATA_BLOB DataOut;
DATA_BLOB DataVerify;
LPWSTR pDescrOut = NULL;

/*
Encrypted Key Material
this is obtained from Wirless Connection Pfroile
*/

char
pwd[]={"8C474C112FD7947F8C4C2C4B77F0683240B77972E9A524A1723298B8CFFED9F3"};

/* Convert String to Bin */
ConvertStringToBin(pwd, &DataOut);

res = CryptUnprotectData(
&DataOut,
&pDescrOut,
NULL, // Optional entropy
NULL, // Reserved
NULL, // Here, the optional
// prompt structure is not used
0,
&DataVerify);

if (res)
{
LOG("KEY UNENCRYPTED SUCCESSFULLY");
strcpy_s(pwd, 999, (char *)DataVerify.pbData);
}
else
{
strcpy_s(pwd, 999, "error");
LOG("ERROR IN KEY UNENCRYPTION");
LOG(GetLastError());
}

Alex Radutskiy [MSFT]

unread,
Nov 21, 2007, 5:38:01 PM11/21/07
to
Since you are saying that this works on Vista, I will assume that the basic
usage of the API is correct and the string that you're passing as the first
parameter to CryptUnprotectData was generated by a previous call to
CryptProtectData. Do you perform encrypt and decrypt operation on the same
machine? Which account is your service is running on? Also, are you running
on XP SP2?

Also, the eror you give is very strange? Are you sure you're not masking it
in your code somewhere? Specifically inside the LOG function/macros. Can you
record the GetLastError return right after the call to CryptUnprotectData()
in a variable?

Thank you,

Alex Radutskiy [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

arunsrk

unread,
Nov 22, 2007, 12:11:01 AM11/22/07
to

Thank you very much for the response, Please see the requested details below.

- I am running the service in Local System Account.
- I am using Windows XP SP2.
- I am getting the encrypted key from "WlanGetProfile" Call. According to
this MSDN link i should be able to decrypt the data using CryptUnProtectData.

http://msdn2.microsoft.com/en-us/library/ms706738.aspx

I have tried to log the error using OutputDebugString() and captured the
error using DebugView.exe. Now i am getting ther error number 13 "Error
Invalid Data". Now my code look like this.

char
pwd[]={"8C474C112FD7947F8C4C2C4B77F0683240B77972E9A524A1723298B8CFFED9F3"};

/* Convert String to Bin */
ConvertStringToBin(pwd, &DataOut);

res = CryptUnprotectData(
&DataOut,
&pDescrOut,
NULL, // Optional entropy
NULL, // Reserved
NULL, // Here, the optional
// prompt structure is not used
0,
&DataVerify);

if (res)
{
strcpy(pwd,(char *)DataVerify.pbData);
OutputDebugString(pwd);
}
else
{
strcpy(pwd,"error");
char str[256];
sprintf(str,"CryptUnProtectData Error %d\n",GetLastError());
OutputDebugString(str);
}


Additional Information: The same code works perfect for Vista, but the
difference is that i am getting a big string as encrypted password from the
"WlanGetProfile" call. The string is given below.

["01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E6C7AA98BD16D48A7D32EB9726E52A30000000002000000000003660000A80000001000000086D08FCE40D1C01D2A4AE85728FCB52D0000000004800000A0000000100000007938683BBFA3E03D508FA07C65F9D76E1000000057609D7BECA4FBEBF8CB4B3DBC1082FA1400000031BCD27A197F6F26FF840CA29502E98E7EC9C41A"]

Thanks,
Arun Krishnan

Alex Radutskiy [MSFT]

unread,
Nov 26, 2007, 1:43:01 PM11/26/07
to
Arun, now this error code makes more sense. If the data in your example is
what you get from the WlanGetProfile API, it is definitely looks too small so
the API rejects it correctly. To summarize your problem is not with the
CryptUnprotectData API, but with WlanGetProfile API. I will forward this post
to somebody on the wireless team to take a look.

Alex Radutskiy [MSFT]

unread,
Nov 26, 2007, 2:36:08 PM11/26/07
to
Arun, I've talked to our wireless team and they said that on XP the password
is not encrypted so the call to CryptUnprotectData is unnecessary. See
Remarks section on http://msdn2.microsoft.com/en-us/library/ms706738.aspx.

Thank you,

Alex Radutskiy [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

atulkuma...@gmail.com

unread,
Dec 4, 2007, 12:07:36 PM12/4/07
to
On Nov 27, 12:36 am, Alex Radutskiy [MSFT]

<AlexRadutskiyM...@discussions.microsoft.com> wrote:
> Arun, I've talked to our wireless team and they said that on XP the password
> is not encrypted so the call toCryptUnprotectDatais unnecessary. See
> Remarks section onhttp://msdn2.microsoft.com/en-us/library/ms706738.aspx.

>
> Thank you,
>
> Alex Radutskiy [MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> "Alex Radutskiy [MSFT]" wrote:
> > Arun, now this error code makes more sense. If the data in your example is
> > what you get from the WlanGetProfile API, it is definitely looks too small so
> > the API rejects it correctly. To summarize your problem is not with the
> >CryptUnprotectDataAPI, but with WlanGetProfile API. I will forward this post
> > > sprintf(str,"CryptUnProtectDataError %d\n",GetLastError());

> > > OutputDebugString(str);
> > > }
>
> > > Additional Information: The same code works perfect for Vista, but the
> > > difference is that i am getting a big string as encrypted password from the
> > > "WlanGetProfile" call. The string is given below.
>
> > > ["01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E6C7AA98BD16D48A7D32EB97-26E52A30000000002000000000003660000A80000001000000086D08FCE40D1C01D2A4AE857-28FCB52D0000000004800000A0000000100000007938683BBFA3E03D508FA07C65F9D76E100-0000057609D7BECA4FBEBF8CB4B3DBC1082FA1400000031BCD27A197F6F26FF840CA29502E9-8E7EC9C41A"]

>
> > > Thanks,
> > > Arun Krishnan
>
> > > "Alex Radutskiy [MSFT]" wrote:
>
> > > > Since you are saying that this works on Vista, I will assume that the basic
> > > > usage of the API is correct and the string that you're passing as the first
> > > > parameter toCryptUnprotectDatawas generated by a previous call to

> > > > CryptProtectData. Do you perform encrypt and decrypt operation on the same
> > > > machine? Which account is your service is running on? Also, are you running
> > > > on XP SP2?
>
> > > > Also, the eror you give is very strange? Are you sure you're not masking it
> > > > in your code somewhere? Specifically inside the LOG function/macros. Can you
> > > > record the GetLastError return right after the call toCryptUnprotectData()
> > > > in a variable?
>
> > > > Thank you,
>
> > > > Alex Radutskiy [MSFT]
>
> > > > This posting is provided "AS IS" with no warranties, and confers no rights.
>
> > > > "arunsrk" wrote:
>
> > > > > I am usingCryptUnProtectDatafunction to decrypt Wireless Access Password

> > > > > from a Wireless Connection Profile.
>
> > > > > Even though I am able to decrypt the password on a Windows Vista PC, I am
> > > > > not able to do this on a Windows XP Machine. I am callingCryptUnProtectData
> > > > > inside a windows service application.
>
> > > > > Is it possible to decrypt the wireless connection password using
> > > > >CryptUnProtectDataon a Windows XP PC ?
> > > > > }- Hide quoted text -
>
> - Show quoted text -

I tried the decryption on Vista but it fails to decrypt the key. I
simple parse the profile and get the Key Material, create the Data
Bolb and pass it to the CryptUnprotectData it fails and GetLastError
returns the error code 13.

I am missing something in this, can anyone suggest.

Thanks in advance..
Atul

atulkuma...@gmail.com

unread,
Dec 6, 2007, 2:37:11 AM12/6/07
to
> I tried the decryption on Vista but it fails to decrypt the key. I
> simple parse the profile and get the Key Material, create the Data
> Bolb and pass it to theCryptUnprotectDatait fails and GetLastError

> returns the error code 13.
>
> I am missing something in this, can anyone suggest.
>
> Thanks in advance..
> Atul- Hide quoted text -

>
> - Show quoted text -

Moving forward, Know I am getting the error 0x8009000b, means "Key not
valid for use in specified state." I had observed that key is of
length 292 ASCII, where as key specified by Arun is bit bigger so I
need to append some thing or I miss something more.

Thanks,
Atul

atulkuma...@gmail.com

unread,
Dec 6, 2007, 3:43:20 AM12/6/07
to
> > > > ["01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E6C7AA98BD16D48A7D32EB97--26E52A30000000002000000000003660000A80000001000000086D08FCE40D1C01D2A4AE85-7-28FCB52D0000000004800000A0000000100000007938683BBFA3E03D508FA07C65F9D76E1-00-0000057609D7BECA4FBEBF8CB4B3DBC1082FA1400000031BCD27A197F6F26FF840CA2950-2E9-8E7EC9C41A"]
> Atul- Hide quoted text -

>
> - Show quoted text -

I had updated the code, Know I am getting the error code 0x8009000B


means Key not valid for use in specified state.

Steps getting the key material from profile and convering it to binary
data and then create the data blob. Pass this blob to
CryptUnprotectData. it fails to decrypt.

Am I doing something worng or still missing....

Any Idea.

Thanks.
Atul

stefanydavid

unread,
May 25, 2010, 1:44:00 PM5/25/10
to
I am trying to decrypt Wireless Access Password from a Wireless Connection Profile on Vista with VB.


I use CryptProtectData function and then CryptUnProtectData function : encrypt and decrypt is ok.

Then I use CryptUnProtectData function to decrypt Key Material (obtained from Wireless Connection Profile).
The function returned "cl? non valide pour l'utilisation dans l'?tat sp?cifi?".

This is my code:
cipherblob as data_blob
entropy as data_blob = new byte(0) {}
textblob as data_blob
CryptUnProtectData(cipherblob,nothing, entropy,0,0,5,textblob)

Do you see if parameters are wrong, if entropy is required or may you meet the same error ?


arunsr wrote:

Wireless Profile Password Decryption using CryptUnProtectData
21-Nov-07

char
pwd[]={"8C474C112FD7947F8C4C2C4B77F0683240B77972E9A524A1723298B8CFFED9F3"};

Previous Posts In This Thread:

On Wednesday, November 21, 2007 7:31 AM
arunsr wrote:

Wireless Profile Password Decryption using CryptUnProtectData

char
pwd[]={"8C474C112FD7947F8C4C2C4B77F0683240B77972E9A524A1723298B8CFFED9F3"};

On Wednesday, November 21, 2007 5:38 PM
AlexRadutskiyMSF wrote:

Since you are saying that this works on Vista, I will assume that the basic
Since you are saying that this works on Vista, I will assume that the basic
usage of the API is correct and the string that you're passing as the first

parameter to CryptUnprotectData was generated by a previous call to

CryptProtectData. Do you perform encrypt and decrypt operation on the same
machine? Which account is your service is running on? Also, are you running
on XP SP2?

Also, the eror you give is very strange? Are you sure you're not masking it
in your code somewhere? Specifically inside the LOG function/macros. Can you
record the GetLastError return right after the call to CryptUnprotectData()
in a variable?

Thank you,

Alex Radutskiy [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.


"arunsrk" wrote:

On Thursday, November 22, 2007 12:11 AM
arunsr wrote:

Thank you very much for the response, Please see the requested details below.
Thank you very much for the response, Please see the requested details below.

- I am running the service in Local System Account.
- I am using Windows XP SP2.
- I am getting the encrypted key from "WlanGetProfile" Call. According to
this MSDN link i should be able to decrypt the data using CryptUnProtectData.

http://msdn2.microsoft.com/en-us/library/ms706738.aspx

I have tried to log the error using OutputDebugString() and captured the
error using DebugView.exe. Now i am getting ther error number 13 "Error
Invalid Data". Now my code look like this.

char
pwd[]={"8C474C112FD7947F8C4C2C4B77F0683240B77972E9A524A1723298B8CFFED9F3"};

/* Convert String to Bin */
ConvertStringToBin(pwd, &DataOut);

res = CryptUnprotectData(
&DataOut,
&pDescrOut,
NULL, // Optional entropy
NULL, // Reserved
NULL, // Here, the optional
// prompt structure is not used
0,
&DataVerify);

if (res)
{

strcpy(pwd,(char *)DataVerify.pbData);
OutputDebugString(pwd);
}
else
{
strcpy(pwd,"error");
char str[256];

sprintf(str,"CryptUnProtectData Error %d\n",GetLastError());
OutputDebugString(str);
}


Additional Information: The same code works perfect for Vista, but the
difference is that i am getting a big string as encrypted password from the
"WlanGetProfile" call. The string is given below.

["01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E6C7AA98BD16D48A7D32EB9726E52A30000000002000000000003660000A80000001000000086D08FCE40D1C01D2A4AE85728FCB52D0000000004800000A0000000100000007938683BBFA3E03D508FA07C65F9D76E1000000057609D7BECA4FBEBF8CB4B3DBC1082FA1400000031BCD27A197F6F26FF840CA29502E98E7EC9C41A"]

Thanks,
Arun Krishnan


"Alex Radutskiy [MSFT]" wrote:

On Monday, November 26, 2007 1:43 PM
AlexRadutskiyMSF wrote:

Arun, now this error code makes more sense.
Arun, now this error code makes more sense. If the data in your example is
what you get from the WlanGetProfile API, it is definitely looks too small so
the API rejects it correctly. To summarize your problem is not with the

CryptUnprotectData API, but with WlanGetProfile API. I will forward this post

to somebody on the wireless team to take a look.

Thank you,

Alex Radutskiy [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.


"arunsrk" wrote:

On Monday, November 26, 2007 2:36 PM
AlexRadutskiyMSF wrote:

Arun, I've talked to our wireless team and they said that on XP the password
Arun, I've talked to our wireless team and they said that on XP the password

is not encrypted so the call to CryptUnprotectData is unnecessary. See

Remarks section on http://msdn2.microsoft.com/en-us/library/ms706738.aspx.

Thank you,

Alex Radutskiy [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

"Alex Radutskiy [MSFT]" wrote:

On Wednesday, December 05, 2007 3:53 AM
atulkumardwived wrote:

Re: Wireless Profile Password Decryption using CryptUnProtectData

Thanks in advance..
Atul

On Saturday, December 08, 2007 2:19 AM
atulkumardwived wrote:

Moving forward, Know I am getting the error 0x8009000b, means "Key notvalid


Moving forward, Know I am getting the error 0x8009000b, means "Key not
valid for use in specified state." I had observed that key is of
length 292 ASCII, where as key specified by Arun is bit bigger so I
need to append some thing or I miss something more.

Thanks,
Atul

On Saturday, December 08, 2007 2:19 AM
atulkumardwived wrote:

Re: Wireless Profile Password Decryption using CryptUnProtectData

Any Idea.

Thanks.
Atul


Submitted via EggHeadCafe - Software Developer Portal of Choice
Entity Framework 4.0 and the AJAX Autocomplete Extender.
http://www.eggheadcafe.com/tutorials/aspnet/77429274-e89f-49c2-a93a-b290f013f649/entity-framework-40-and.aspx

Akere

unread,
Jun 5, 2012, 7:09:46 PM6/5/12
to aru...@discussions.microsoft.com
Hi there,

You've said you had decrypted a wireless password on Vista using VB?
Could you please contact me in private about this issue?
0 new messages