#98348 - 2003-02-11 02:58 PM
INFO: KiXcrypt version 3.00b - KiXtart packager/encryption utility
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
This is release version 3.00b of KiXcrypt.
There are some major differences with this version - the command line options have changed to simplify them and make them more consistant.
Change notes are available at the end of this post.
Please note that this is a major overhaul of the program, and most command line parameters have changed. Even if you have used a previous version of KiXcrypt please be sure to read the new manual (yes folks, there is documentation!)
You can download all the files including the documentation and the GUI interface from here
Information about the GUI interface is here
What is KiXcrypt?
KiXcrypt is a tool which is used to encrypt files to hide their content. The file(s) are compiled into an executable, and are decrypted when the file is run. The unencrypted file is then executed.
Where can I download it?
There are two versions. The first is console driven (a console is a "DOS" window). The second is console-less, and is used to hide the script processing, useful when creating GUI applications.
Note simply using the console-less version does not guarantee that a console will not appear. Read the documentation for more details on this subject. Both versions are quite small (about 25k).
You can download all the files including the documentation and the GUI interface from here
Why is it called KiXcrypt?
KiXcrypt can encrypt and execute any type of file, however it was originally developed specifically for the needs of a group of people who create scripts using the KiXtart script language. This script language is primarily used for creating login scripts, although it's features have expanded so that it is now used for far more powerful tasks.
Why would I want to encrypt a login script?
Quite often during the login process you may need to run jobs with higher privilege, attach password protected shares or otherwise perform tasks that you don't want your users to be able to see. As scripting languages use plain text files, anyone can peek at your netlogon share and see what you are up to during the logon process. Encrypting the file hides the information.
What else can I use KiXcrypt for?
You can use it as a simple packager/installer for an application, a method of password protecting files, a simple "readme" runtime which launches explorer or wordpad. Pretty much anything really.
How good is the encryption?
Hmm. The encryption itself is quite good because it is proprietary. Only I know how it works and I'm not telling. It is good because without knowing how it works it is hard to get started cracking it. At some point however, the file is left unencrypted on a file system for a period. This is when it is vulnerable. I have included as many ways of defeating people getting at the unencrypted file, but the possibility is there.
If you do manage to break the security and get access to the unencrypted file, please let me know first. You can help make KiXcrypt more secure, and you'll get a credit in the release notes ![[Smile]](images/icons/smile.gif)
How do I use it
Read the documentation. Go on. I know it's boring, but if you don't you may believe you have a secured product when you don't, and you will still need to read it when something doesn't work.
If you are still determined to run before you can walk, the command:
code:
kixcrypt.exe myscript.kix
will create an encrypted version of myscript.kix called "myscript.exe"
Release History
/* AMENDMENT HISTORY:
* 3 February 2003 Version 3.00b R. Howarth
* ***************
* *MAJOR CHANGES*
* ***************
* Command line has has a major overhaul. The command line is no longer compatible
* with previous versions, hence the major version revision. Some big changed in the
* internals as well.
*
* Change: All environment variables in command line are expanded during decrypt.
* Change: All environment variables in temporary directory path are expanded during decrypt.
* Change: Encrypted file name now based on source file, e.g. 'mylogon.kix' -> 'mylogon.exe'
* Removed: '%s' and '^s' are no longer supported in command line
* Removed: '-c' (no %COMSPEC%) option.
* This option is no longer required, as the command line is fully expanded.
* Change: Default command is now '%COMSPEC% /C kix32.exe %KIXCRYPTFILE%'
* Change: Default temporary directory is '%TEMP%', or '.' if '%TEMP%' not set.
* Added: '-t' on crypted creation.
* Added: '-t' ignored at decrypt if set on encrypt.
* Added: '-o' option to select name of output file.
* True console-less mode (Thanks to Frank Buzin)
* Now using CreateProcess() for process spawning, which allow console-less
* execution.
* Minor fix to usage messages, (Thanks to MightyR1)
* Fixed: '-f file' added to KiXcrypt usage message.
*
* 17 January 2003 Version 2.16b R. Howarth
* Added: '-f' to include arbitrary files.
* Added: %KIXCRYPTVER% environment variable pushed.
* Added: %KIXCRYPTDIR% environment variable pushed.
* Added: %KIXCRYPTFILE% environment variable pushed.
* Fixed: sFileName scope bug not supporting -t option.
* 12 December 2002 Version 2.14b R. Howarth
* Well you asked for it, and you got it:
* New option '-t path' to define directory for temporary file.
* Dropped realloc() for command line memory allocation.
* A 1024 byte buffer is allocated straight off to keep things simple.
* Fixes an XP problem reported by Stephen Shaw (ElegantSol)
* Dropped initial warning about not finding self - redundant and fugly.
* In debug mode display warning about non-printable characters in the
* command line, and display their ASCII values.
* 10 December 2002 Version 2.13b R. Howarth
* Internal version to debug ElegantSol's XP memory allocation problem.
* 27 March 2002 Version 2.12b R. Howarth
* Added code to overwrite file before deletion. This is to try and
* defeat 'undelete' utilities.
* 05 February 2002 Version 2.10b R. Howarth
* Fixed '-s' not working due to debug code (Spotter: Roberto M.)
* 01 February 2002 Version 2.08b R. Howarth
* Promoted to beta release, as it appears to be stable
* Fixed cannot find self bug. Again. Tch.
* Added detection and avoidance for Russ Exploit
* Added '-v' for version info
* Included my name and email address for support purposes. Honest!
* 06 December 2001 Version 2.06a R. Howarth
* (Possibly) fix Windows XP not zeroing realloced area.
* Added '-c' NOCOMSPEC option
* 05 December 2001 Version 2.04a R. Howarth
* Fixed GPF on -p password
* Temporary file is now entirely random (1000 attempts)
* 30 November 2001 Version 2.02a R. Howarth
* Fixed 'Cannot find self' bug.
* Added '-m' to messages.
* Added salt to peturb algorithm, to avoid password attacks.
* KixTart -> KiXtart
* 20 November 2001 Version 2.01a R. Howarth
* Password now assigned automatically
* Simplified output - script.kix -> crypted.exe
* Command line options allowed.
* 18 September 2001 RMH First public release
*/
[ 12. February 2003, 09:34: Message edited by: Richard H. ]
|
|
Top
|
|
|
|
#98349 - 2003-02-11 09:51 PM
Re: INFO: KiXcrypt version 3.00b - KiXtart packager/encryption utility
|
MCA
KiX Supporter
Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
|
Dear Richard,
First impression is: you did an impressive job. Also the GUI front-end.
We will update our site with it and we will use the new
link.
greetings.
|
|
Top
|
|
|
|
#98351 - 2003-02-15 08:48 AM
Re: INFO: KiXcrypt version 3.00b - KiXtart packager/encryption utility
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11629
Loc: CA
|
Richard,
I notice that there is no mention of the program wkixcrpt.exe here or in the documentation.
What is the version of wkixcrypt.exe and how is it used?
If you don't mind I'm going to put all of your files into a zip file and host them on my website as well at http://www.kixhelp.com
[ 17. February 2003, 03:06: Message edited by: NTDOC ]
|
|
Top
|
|
|
|
|
#98352 - 2003-02-17 04:24 AM
Re: INFO: KiXcrypt version 3.00b - KiXtart packager/encryption utility
|
MCA
KiX Supporter
Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
|
Dear,
On our site pages Home - Kix Tools or Summary of Site you find now two ZIP files.
kixcrypt216b.zip which includes kixcrypt.exe & wkixcrypt.exe
kixcrypt300b.zip which includes kcgen.kix, kixcrypt.doc, kixcrypt.exe & wkixcrypt.exe
greetings.
|
|
Top
|
|
|
|
|
#98353 - 2003-02-17 09:35 AM
Re: INFO: KiXcrypt version 3.00b - KiXtart packager/encryption utility
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
Wkixcrpt is mentioned in the final paragraph in the documentation, but there is a typo ![[Embarrassed]](images/icons/blush.gif)
I haven't documented it seperately, as it is identical in use.
Here is the final paragraph:
quote:
CONSOLE-LESS VERSION
If you are developing a windows-like application you may not want a console to display. In this case use "wkxcrypt" to generate the package. Note, if you do this you will not see debugging or error information, as this is sent to the console.
When creating console-less applications you must ensure that you do not generate a console yourself. For instance, using "CMD", "COMMAND" or "%COMSPEC%" will generate a console.
If you are creating a KiXtart package, use "wkix32.exe /i" as the command to execute the script (-e option). Again, the GUI "kcgen.kix" will sort this out for you.
Note, wkxcrypt should of course read wkixcrpt.exe
|
|
Top
|
|
|
|
|
#98358 - 2003-02-20 09:26 AM
Re: INFO: KiXcrypt version 3.00b - KiXtart packager/encryption utility
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
quote:
Is it possible to declare a kix variable in the commandline after the script has been encrypted??
Something like:
encryptedfile.exe $variable="Bla Bla"
Simply set an environment variable before you call the executable. This will then be available when the script runs.
If there is enough demand and I think it adds extra functionality it may make it in a later release, but unless there is a compelling reason why the enviroment variable route won't work I won't persue it.
KiXcrypt is already starting to suffer a little from feature creep ![[Wink]](images/icons/wink.gif)
|
|
Top
|
|
|
|
|
#98360 - 2003-02-20 09:37 AM
Re: INFO: KiXcrypt version 3.00b - KiXtart packager/encryption utility
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
quote:
Does anyone have this working in a secure fashion for VBS files?
I'd assume you'd need special code handles in the script itself, to delete itself once excuted. Does it work?
You can encrypt and execute any type of file. WHen the unencrypted file finishes executing all files extracted from the package will be automatically deleted by KiXcrypt.
You will need to create a custom execute command (the "-e" option") and switch off the KiXtart semantics (the -k option).
What KiXcrypt cannot do is tell when it is safe to delete the unencrypted file if it is still running. Not all interpreters will allow it, and the file may be held in use by the OS while it is running, in which case it won't get permission to delete it.
I can delete the KiXtart file because it is loaded into memory and executed there - as soon as the script starts to execute I know that the disk file is no longer needed.
If the same is true of the VBS file you can simply add your own delete routine to the script. The unpacked filename is in %KIXCRYPTFILE% - just delete this file when your script starts.
|
|
Top
|
|
|
|
|
#98365 - 2003-02-20 02:26 PM
Re: INFO: KiXcrypt version 3.00b - KiXtart packager/encryption utility
|
Tan Bandradi
Fresh Scripter
Registered: 2001-04-17
Posts: 31
|
Just wondering: if KiXcrypt can generate random filename for the unpacked primary file and had an option '-t dirpath' to define directory for unpacking file, can KiXcrypt unpack file(s) to temporary random generated directory name and delete it when finished?
At least, this can avoid KiXcrypt failure on unpacking file(s) because one or more files already exist.
Tan
|
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 811 anonymous users online.
|
|
|
