#98041 - 2001-11-28 01:10 PM
UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
[Moderator (Sealeopard): Moved thread from 'Scripts' to General' forum]
Please see the last messages in this thread for full update information.
Get the small (20 Kb) executable kixcrypt.exe from here.
Get the small (20 Kb) console-less executable wkixcrpt.exe from here.
17 January 2003 Version 2.16b released
Phew, less than a month and another feature release. This release adds the second most requested feature - multiple file inclusion. This means that you can now bundle the KiXtart interpreter, ini files, registry dumps, additional scripts or whatever you fancy with the main script.
Changes
- Bug fix: A variable scope error meant that files created in a temporary directory using the "-t" feature would not be deleted in some cases.
- New feature: You may include any number of arbitrary files by using the "-f filename" option. You may repeat the "-f" option as many times as you like, up to a limit of 255 files.
- New feature: Three environment variables are created when the script is decrypted. These are detailed in a later post.
18 December 2002 Version 2.14b releasedActually, it was released a few days ago, but the board has been down ![[Frown]](images/icons/frown.gif) It's amazing how much a part of my daily life monitoring the KiXtart BB has become!
Changes- A bug in memory allocation causing a failure on Windows XP has been solved. Note, I could not replicate the failure, but testing at the site where the failure occurred suggests it has been resolved. Let me know if it hasn't. Many thanks to ElegantSol for his help in resolving this.
- The first "cannot find self" error message is no longer displayed. It wasn't particularly useful and would appear on systems which don't expand the command line to include the command extension, such as most NT+ systems.
- In DEBUG mode non-ASCII characters present on the command line are reported, with their values.
- Well, you asked for it, now you've got it. Oe of the most popular requests has been for a method of setting the directory that the temporary file is created in. There is now a "-t path" option when you decrypt which will create the temporary file in "path"
Additional Info
The API which retrieves the command line parameters cannot handle 8-bit characters. If you supply an 8-bit character the actual value I get is undetermined.
This restriction has been in place in all version of KiXcrypt, but I have only recently received an email on the subject.
In practice this means that you must stick to 7-bit ASCII characters on the command line. Note, non-printable characters such as the BEL (control-G) or the escape character are fine, so long as you work out a way of passing them on a command line.
7-bit ASCII characters are characters with a decimal value below 128.
The only exception is NULL (Chr(0)), which is an end-of-string terminator. You may have trouble typing CR and LF characters, and the DOS end-of-file mark (control-Z) may cause some oddities as well.
27 March 2002 Version 2.12b released
Changes- Feature: The temporary file now overwrites itself before deleting, to avoid exposing the script with undelete utilities.
- A warning message is issues if the temporary script file does not delete itself, then the file is overwritten and deleted by the controlling program. If the "-k" option has been used the file is overwritten and deleted silently.
5 February 2002 Version 2.10b released
Changes- Bug fix: "-s" trojan detection worked ok but didn't exit due to debug code left enabled (Spotter: Roberto M.)
1 February 2002 Version 2.08b releasedChanges- Bug fix: Fixed the "Cannot find self" bug. Again.
- Added "-v" option to display version and full amendment history.
- Added code to detect and avoid the "Russ Exploit" security issue.
- Release status changed to beta
7th December Version 2.06a releasedChanges- Bug fix: Lazy coding using "realloc()" caused garbage in the command line under Windows XP
- New option "-c" added. This inhibits "%COMSPEC% /C" being pre-pended to the command.
Thanks go to Peter van der Struis who found the bug and helped in fixing it. The "-c" option was his idea too.
5 December Version 2.04a ReleasedChanges- Code now stable enough to optimise
![[Wink]](images/icons/wink.gif) Compiled with -O2 means is faster, and smaller (back down to 12KB). - -p GPF fixed.
- Temporary file name is now entirely random and changes every time crypted.exe is run. Crypted.exe will attempt 1000 different random file names before giving up.
- A directory which matches the temporary file name will no longer cause crypted.exe to exit.
30 November Version 2.02a Released- Changed references of KixTart->KiXtart, and KixCrypt->KiXcrypt
- Fixed schoolboy error causing "Cannot open self" bug
- Added alternative syntax "^s" for file name "%s" to avoid environment variable expansion
- Added "-d" debug flag to output previously private debugging information
- Added salt to improve encryption algorithm and deny password attacks.
29 November - "Cannot open self" work-aroundThere is a small bug which means that on some version of windows you may get a "Cannot open self" error, after which the program aborts. The work-around is to use the full program name including the ".exe" extension.
Thanks to KTS for spotting this.
Fixed 30 November
SIMPLE USAGE
The simplest way to use it is:
code:
kixcrypt.exe myscript.kix
This will create an executable called "crypted.exe" in your current directory which contains the encrypted script. NB if there is already a crypted.exe file it will be overwritten without warning. You may rename crypted.exe if you wish. To run the encrypted script, just run crypted.exe. In this mode a random password it used to encrypt the script.
PASSWORD CONTROLLED ACCESS "-p"
If you want to force the user to enter a password to run the script use this form:
code:
kixcrypt -p password myscript.kix
The password is not stored in encrypted.exe.
To run the script use
code:
crypted.exe -p password
The "-p" is optional here so you may just run
code:
crypted.exe password
NB if the wrong password is entered there is no error, but the script which is decrypted will contain garbage.
INHIBIT KIXTART SCRIPT DELETE "-k"
The crypted.exe executable will add KiX script commands to force the file to delete itself when it starts to improve security. If you don't want this feature, use the "-k" switch:
code:
kixcrypt.exe -k myscript.kix
CHANGING THE INTERPRETER COMMAND LINE
By default "kix32.exe" is used to run the script. You may change this by appending a command line to the kixcrypt command. You must include a "%s" on the command line which is replaced with the unencrypted script file name when crypted.exe is run.
You may also want to replace the default command line to pick up KiXtart from a specific directory or share to improve security, or to add KiXtart variables that you don't want to be visible in the script. The command line is encrypted in the binary.
Examples:
1) To avoid trojans, run the version of KiXtart from the logon server:
code:
kixcrypt.exe myscript.kix \\MYLOGONSERVER\NETLOGON\kix32.exe %s
2) Pass the password to the script in case someone grabs the temporary script file:
code:
kixcrypt.exe myscript.kix \\MYLOGONSERVER\NETLOGON\kix32.exe %s "$PASSWORD=OpenSesame"
USING FILES OTHER THAN KIX FILES
Some of you have probably already spotted that kixcrypt can be used to distribute any file, not just KiXtart scripts. Don't forget to use the "-k" switch to stop crypted.exe adding the KiXtart file delete commands. The temprary file will be created with the same suffix as the original file. The command is executed as a "%COMSPEC% /C", so you can use DOS builtins.
Examples:
1) Execute a batch file:
code:
kixcrypt.exe -k mybatch.bat %s
2) Display an html page using the local file association:
code:
kixcrypt.exe -k index.html start %s
3) Distribute a password encrypted update:
code:
kixcrypt.exe -p installpassword -k myprog.exe copy %s myprog.exe
USER DEFINED STARTUP MESSAGE "-m"
If you don't like the startup message displayed by crypted you may define your own using the "-m" option. You may specify the following variables in the text:
$v = KiXcrypt version.
$s = The path of crypted.exe, including the correct name if you have renamed it.
$n = A new line.
Examples:
code:
kixcrypt.exe -m "$s$n$nThis script encrypted with version $v of KiXcrypt" myscript.kix
kixcrypt.exe -m "" myscript.kix
The second example produces no startup message.
CHECKSUM SECURITY "-s"
Ok, so what if you cannot specify the path to a known executable but are worried about someone copying "notepad.exe" to "kix32.exe" and getting access to your script contents?
The "-s" option calculates a checksum for the kix32.exe (or other interpreter) that you would use to execute the script. If you have included a full path for the command line it uses that specific binary, if not it uses the first one it finds in your path. When the "crypted.exe" binary is executed it calculates the checksum for the environment running it and will not decrypt the script if the checksums do not match.
The benefit is that you can be pretty sure that the script is not being run through a trojan, the drawback is that you will need to create a new crypted.exe for each version of KiXtart you want to run it with.
Example:
1) Use the checksum of the first instance of kix32.exe as security:
code:
kixcrypt.exe -s myscript.kix
2) High security - specific executable path and checksum:
code:
kixcrypt.exe -s myscript.kix \\LOGONSERVER\NETLOGON\kix32.exe %s
The first version of this utility had odd problems with platforms other than Win95, but I believe I've made this one portable. Have a go and let me know how you get on.
BUGS
Spaces in script names and paths may cause problems, so avoid them where possible.
Some versions of Windows may produce a "Cannot open self" error - the workaround is to use the full program name with extension i.e. "kixcrypt.exe" rather than just "kixcrypt". Fixed 30 November
Updated BUG and instructions for "kixcrypt.exe" kludge
Changed references from KixTart to KiXtart
Updated for version 2.02a
Updated for version 2.04a
Updated for version 2.06a
Updated for version 2.08b
Updated for version 2.10b
Updated for version 2.12b
[ 27. January 2003, 17:00: Message edited by: sealeopard ]
|
|
Top
|
|
|
|
|
#98043 - 2001-11-28 04:26 PM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
|
|
Top
|
|
|
|
|
#98044 - 2001-11-29 04:52 AM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Tan Bandradi
Fresh Scripter
Registered: 2001-04-17
Posts: 31
|
It sound very nice, but I could not successfuly create the encrypted file.I try: kixcrypt kixtart.kix
and the error returned: kixcrypt: Cannot open self!
kixcrypt: Trying with extension...
kixcrypt: Still cannot open self!
kixcrypt: Bailing out. I try: kixcrypt d:\kixcrypt\kixtart.kix
and the error returned: kixcrypt: Cannot open self!
kixcrypt: Trying with extension...
kixcrypt: Still cannot open self!
kixcrypt: Bailing out. I try: kixcrypt -p password kixtart.kix
and the error returned: kixcrypt: Cannot open self!
kixcrypt: Trying with extension...
kixcrypt: Still cannot open self!
kixcrypt: Bailing out. wow!!! 
|
|
Top
|
|
|
|
|
#98046 - 2001-11-29 03:17 PM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
Richard,I initailially got the same message here. This is what I had to do to get kixcrypt running on my Windows 2000 box: I created a shortcut called encrypt.lnk with the following specifics: shortcut->target: c:\kixcrypt.exe c:\test.kix then I simply started the link from the DOS command prompt. This created an executable called crypted.exe in the root of C:. Hopes this gives you a clue as to waht might be happening ! -Shawn [ 29 November 2001: Message edited by: Shawn ]
|
|
Top
|
|
|
|
|
#98047 - 2001-11-29 03:33 PM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Anonymous
Anonymous
Unregistered
|
I had the same Problems creating the encrypted KIX-File like Tan Bandradi.I think the Problem is the call of the Program !!
When you call the program without the extension ".exe"
e.g. "kixcrypt c:\test.kix"
i get an error !! But when you call the Programm with itīs own extension, like
"kixcrypt.exe c:\test.kix" it works !!
Hope i could help !! KST
|
|
Top
|
|
|
|
#98050 - 2001-11-30 04:05 AM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Tan Bandradi
Fresh Scripter
Registered: 2001-04-17
Posts: 31
|
Yes, it works fine now, big thanks!
The encrypted executable file also need to include the .exe extension filename in order to run it.I need to test it further more on my environment, but actually this is very good, awesome utility and I think this is the more practical and efficient KiXtart script encryption utility, ever! Tan
|
|
Top
|
|
|
|
|
#98051 - 2001-11-30 10:31 AM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Tan Bandradi
Fresh Scripter
Registered: 2001-04-17
Posts: 31
|
Hi,
I have couple things that I want to share it with you regarding to this utility, on the following condition:- KixTart is not installed or copied on all clients and KixTart script extension is not associated to run with Kix32.exe
- All necessary KixTart executable and dll files are copied to netlogon share folder on all DC's, with KXRPC installed.
- I am using Kix 3.63
- All users run KixTart logon script from these DC's, as it is set on User Profile using User Manager. I set my account to run the executable encrypted file for testing. These are the result according how do I use the kixcrypt command line switchs: - kixcrypt.exe kixtart.kix
It works fine on WinNT, but I received: 'Bad command or filename' error on Win9x during logon. - kixcrypt.exe kixtart.kix \\\netlogon\kix32.exe %s
It works fine on Win9x, but I received: 'Script error: failed to find/open script!' on WinNT, it runs kix32.exe but it couldn't find the extracted script.- kixcrypt.exe kixtart.kix kix32.exe %s
It works on WinNT, but 'Bad command or filename' on Win9x. Finally, I found out this command line that works on those both Win32's:
kixcrypt.exe kixtart.kix \\\netlogon\kix32.exe kc000000.kixKC000000.kix is the extracted file of kixtart.kix from the encrypted executable file. Tan
|
|
Top
|
|
|
|
|
#98053 - 2001-11-30 01:23 PM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Anonymous
Anonymous
Unregistered
|
Dear Richard !!Now it looks pretty good
Iīll stay on testing !!
Have a nice Weekend !! KST
|
|
Top
|
|
|
|
|
#98055 - 2001-12-02 08:17 PM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Lofgren
Lurker
Registered: 2001-12-02
Posts: 1
|
I would just like to comment that this was very impressive work as well.
|
|
Top
|
|
|
|
|
#98057 - 2001-12-03 08:00 AM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Tan Bandradi
Fresh Scripter
Registered: 2001-04-17
Posts: 31
|
Richard,
Now the new version works fine, I use ".\%%s" parameter to specify the script filename.Thanks!
Tan
|
|
Top
|
|
|
|
|
#98058 - 2001-12-03 08:14 PM
Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
|
Anonymous
Anonymous
Unregistered
|
You're great!!
I'm work on a highschool and this really solved the problem that students discover how I set up some policies.
KiXcrypt forever!
|
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
1 registered
(Allen)
and 2145 anonymous users online.
|
|
|
