<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Decrypt on Remko's Blog</title><link>https://remkoweijnen.nl/blog/tags/decrypt/</link><description>Recent content in Decrypt on Remko's Blog</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Mon, 08 Apr 2013 11:53:32 +0000</lastBuildDate><atom:link href="https://remkoweijnen.nl/blog/tags/decrypt/index.xml" rel="self" type="application/rss+xml"/><item><title>Decrypting Dell vWorkspace .pit files</title><link>https://remkoweijnen.nl/blog/2013/04/08/decrypting-dell-vworkspace-pit-files/</link><pubDate>Mon, 08 Apr 2013 11:53:32 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2013/04/08/decrypting-dell-vworkspace-pit-files/</guid><description>&lt;p&gt;The Dell vWorkspace (previously Quest vWorkspace) Client can save a connection to a .pit file which is very similar to an .rdp file with one big difference: it is encrypted!&lt;/p&gt; &lt;p&gt;I am not sure why Dell/Quest have chosen to encrypt their files but a while ago I needed to know what was in a particular pit file so I could troubleshoot an issue.&lt;/p&gt; &lt;p&gt;I first created a test .pit file with the client (pntsc.exe version 7.6.305.791).&lt;/p&gt; &lt;p&gt;&lt;a class="glightbox thickbox" href="https://remkoweijnen.nl/blog/wp-content/uploads/2013/03/SNAGHTML6c0786d.webp" data-type="image" data-gallery="post-3171"&gt;&lt;img loading="lazy" decoding="async" style="display: inline" title="SNAGHTML6c0786d" alt="SNAGHTML6c0786d" src="https://remkoweijnen.nl/blog/wp-content/uploads/2013/03/SNAGHTML6c0786d_thumb.webp" width="200" height="240" /&gt;&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Decoding Citrix IMA Datastore Password</title><link>https://remkoweijnen.nl/blog/2012/05/29/decoding-citrix-ima-datastore-password/</link><pubDate>Tue, 29 May 2012 21:46:30 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2012/05/29/decoding-citrix-ima-datastore-password/</guid><description>&lt;p&gt;This morning &lt;a href="http://www.twitter.com/arbeijer/status/207398601066942464"&gt;Arjan Beijer&lt;/a&gt; sent me an interesting link to a &lt;a href="http://www.youtube.com/watch?v=Cb8-kvJkojY"&gt;youtube video&lt;/a&gt; about obtaining the Citrix IMA Datastore password using Windbg.&lt;/p&gt;
&lt;p&gt;The video shows a method, discovered by &lt;a href="https://twitter.com/#!/fdwl"&gt;Denis Gundarev&lt;/a&gt; to obtain the IMA Datastore password. Basically he uses DSMaint.exe and set&amp;rsquo;s a breakpoint on the call to &lt;a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa380882(v=vs.85).aspx"&gt;CryptUnprotectData&lt;/a&gt; and then reads the password from memory.&lt;/p&gt;
&lt;p&gt;I tried to call the CryptUnprotectData API with the data read from the registry directly but this failed with error NTE_BAD_KEY_STATE, this is defined in winerror.h and it means &amp;ldquo;Key not valid for use in specified state&amp;rdquo;.&lt;/p&gt;</description></item></channel></rss>