Click here to Skip to main content
Click here to Skip to main content

Decrypt Remote Desktop Mobile password

By , 19 Feb 2010
Rate this:
Please Sign up or sign in to vote.

Introduction

I found the article about decrypting saved RDP passwords at http://www.jaysonragasa.net/post/EncryptDecrypt-RDP-Password.aspx and http://www.remkoweijnen.nl/blog/2008/03/02/how-rdp-passwords-are-encrypted-2/.

Fortunately, decrypting a saved Windows Mobile password is not as complicated as on Desktop PCs. There is no entropy (???) etc.

As soon as you start RemoteDesktopMobile (RDM) and click connect and RDM gets a connection, it saves a \Windows\default.rdp file. If [] Save Password was checked, the RDP file will have the encrypted password inside:

SavePassword:i:1
UserName:s:rdesktop
ServerName:s:192.168.0.2
Password:b:0200000000000000000000000000000000000000000000000800000072006400
700000000E66000010000000100000004CFEE422373E146637825EE7851B71FC00000000048
000001000000010000000B2FA8F5915DFCAEB13259CE40170B7CB20000000586A82315B38AA
75F0A05282F96C377EE2BBEA10303F444610DA12778ECEB5BD14000000D00E0D0662873F436
D21EF7D1C50F2FADF0CB7C8

You will also find all other optional settings from the connect and options dialog in the file.

In contrast to DesktopPC, the encryption always uses only the number of bytes needed for the password and is NOT filled up to 512 bytes. Secondly, there is no real user management on Windows Mobile and so you only need one flag (CRYPTPROTECT_UI_FORBIDDEN) during encrypt and decrypt. The description string for CryptProtectData is always “rdp”.

DATA_BLOB blobIn, blobOut;
blobIn.cbData = pSizeIn;
blobIn.pbData = (PBYTE )pByteTemp;// szPass;
blobOut.cbData = 0;
blobOut.pbData = NULL;
if (!CryptProtectData(&blobIn, L"rdp", NULL, NULL, NULL, 
	CRYPTPROTECT_UI_FORBIDDEN, &blobOut))
{
...
DATA_BLOB blobIn, blobOut;
blobIn.cbData = nBytes;
blobIn.pbData = pPassBytes;
blobOut.cbData = 0;
blobOut.pbData = NULL;
if (!CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL, 
	CRYPTPROTECT_UI_FORBIDDEN, &blobOut))
{
...

The only hard problem (for me) was the converting of hex strings back to byte array and reading the rdp file into a string.

The attached sample apps (MINOR ERROR CHECKING!) show how to decrypt and encrypt RDP passwords. When you click [Start], the sample app will open an existing default.rdp file and show you the unencrypted password.

For encrypt, the unicode (!) string is used including the terminating \0! When you decrypt the byte array getting back from CryptUnprotectData(), the terminating \0 of the Unicode string is included.

As with rdp files on desktop PC, you cannot use the default.rdp created on one device on another device. The decryption will only work correctly on the same device!

BTW: If you try to port this to C#: CryptProtectData and CryptUnprotectData are available in CoreDll.DLL, there is no separate crypt32.dll on Windows Mobile 5/6.

<!-- Social Bookmarks BEGIN --> <!-- Social Bookmarks END -->

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

hjgode

Germany Germany
No Biography provided

Comments and Discussions

 
QuestionVERY GOOD Pinmembery_boy5-Jul-11 20:08 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.140415.2 | Last Updated 19 Feb 2010
Article Copyright 2010 by hjgode
Everything else Copyright © CodeProject, 1999-2014
Terms of Use
Layout: fixed | fluid