Jump to content

Decrypt Registry BLOB with Java?


Opa114
 Share

Recommended Posts

Hi,

did someone know how i could decrypt a BLOB-Data from the Windows Registry? For Example there is a digital certificate stored which looks like it is encrypted. Now i want to decrypt it with java and native call the crypt32.dll (function: cryptUnprotectData()) with JNA.

i tried it, but i get data invalid error. the function could have many arguments, but i did not found out which i have to use exactly.

here is my little peace of code - maybe it helps..

byte[] byteArray = (byte[]) Advapi32Util.registryGetValue(WinReg.HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\02FAF3E291435468607857694DF5E45B68851868", "Blob");
    	
byte[] protectedData = Crypt32Util.cryptProtectData(byteArray);

String test = new String(protectedData);
System.out.println(test);

When i run this code i get: Data invalid - win32 exception. so i think something wrong with the input data. Maybe the data was not encrypted with dpapi? or i need to use some of the arguments (see here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa380882%28v=vs.85%29.aspx)?

Hope someone could help me :) thnx!

Link to comment
Share on other sites

I'd print that byte array once you've gotten it from the registry, make sure it in fact contains the data you expected to get.

I also don't understand how the cryptProtectData function can do its thing using only a byte array. If it's to decrypt something, the name is shit and you'd expect a lot more parameters (algo to use, passwd to use, possible seed value, etc).

Link to comment
Share on other sites

yes i print it out. so data is the right. problem is. was this data encrypted with MS DPAPI or in another way? second question is: have i to use some of the parameters (see link above mdsn) to decrypt it and i don't know what values the parameters should have.

i tried to find out the information from Microsoft, but i did not get them, so i hope some of you know anything about this.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...