Page 2 of 5 <12345>
Topic Options
#98061 - 2001-12-04 10:56 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Thanks for all the comments guys.

Shawn I never bothered to convert the date math stuff as the functionality is duplicated in the ScriptLogic SerialDate() UDF.

Peter you should be able to run any command as the interpreter. To ensure that the options are not used by KiXcrypt enclose the command in speech marks. Something like:

code:
kixcrypt myscript.kix "wkix32.exe -i .\%%s"

should work. If you are having trouble with the command line use the "-d" flag to generate crypted.exe. When you run crypted.exe it will display the command line it is using.

cj I considered including the kix32 executable earlier on but decided against it. It didn't really add anything so I didn't bother. Having said that it would be very simple to have an option to include the binary (any binary for that matter). For KiXtart specifically there are a couple of issues:
1) Win9x clients will need to have the DLLs present.
2) After all his good works I really don't want to undermine Ruuds "CareWare" policy, and a tool that allows a hidden distribution of KiXtart, however benign, would make me uneasy. Maybe I'm being too sensitive, I dunno. Ruud, if you are following this thread maybe you'd like to comment.

I'm in two minds about it. If there is enough interest and no objections I'll add the functionality and leave it to the user's conscience.

[ 04 December 2001: Message edited by: Richard Howarth ]

Top
#98062 - 2001-12-06 12:17 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
MCA Offline
KiX Supporter
*****

Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
Dear Richard,

A very nice upgrade and an excellent job. The first version which doesn't
need a temporary file to past kixtart code to the kix32 binary. The file
is very hard (possible impossible) to catch.
It works fast and is very flexible.
Also the way of passing the password to the script is very nice. Possible
by this one-way encryption method. Encrypting and decrypting program aren't
the same and it is also possible to use all other kind of files/information
to encrypt.
Also a possible security leak with kix32.exe can be catch with the
checksum security -s switch.

Some points:

  • we doesn't get a error message when we want to encrypt a file.
    an example:
    - we have the file "code"
    - 'kixcrypt code' creates the file 'crypted.exe'
    and 'crypted.exe' returns the message 'Script error : failed to find/open script !'
    - 'kixcrypt code.' createsalso the file 'crypted.exe'
    and 'crypted.exe' runs like we expected. no error messages.
  • by using the -d switch the 'crypted.exe' run will also display
    debug information, which can't be stopped.
    is this the wanted result?
  • we get an error when we are using following script with a password
    code:

    ? "kix @kix @build"


    the call are 'kixcrypt -p password script.' and 'crypted password'.
    the output on the screen is:
    code:

    CRYPTED caused a divide error in module CRYPTED.EXE at 014f:00402fe1.
    Registers:
    EAX=00000000 CS=014f EIP=00402fe1 EFLGS=00010246
    EBX=00530000 SS=0157 ESP=0073fc10 EBP=0073fd58
    ECX=78037ca8 DS=0157 ESI=816096fc FS=3a97
    EDX=00000000 ES=0157 EDI=00000000 GS=0000
    Bytes at CS:EIP:
    f7 3d a0 50 40 00 89 d6 89 35 a4 50 40 00 a1 00
    Stack dump:
    00530000 816096fc 815e723c 815bc000 8160de40
    0008160e 000000c0 8160de40 00000010 bff782c8
    815bc000 8160de50 000000c0 00000000 8160de40
    815bc000


    f.e. the same problem we have by encrypted our os.kix of our
    site. without using the -p option we doesn't have any problem.
    we have verify it on a windows95 system for you.
  • we get another error when f.e. the filename 'kc000000' is a directory.
    the message was:
    code:

    Cannot open temp file for writing kc000000.
    Could not open an output script file - aborting


    questions:
    - is it possible to use a random filename, which also check for
    already existing (directory)names.
    - what will happen when the user doesn't have write access to the
    directory for creation of 'kc000000' file.

A nice issue can be the usage of environment variables which can't
prevent running the crypted.exe file in other environments. Specifi-
cations like:
- kixcrypt -p %domain% script.kix
- kixcrypt script.kix \\mylogonserver\netlogon\kix32.exe %s
will always decrypt the script. In the first situation you can simple
enter the another (= required) domain name to bypass it.

we are waiting for an upgrade.
greetings.


btw:
we like to publish your program on our site. let me know what you
think of that idea.

_________________________
email scripting@wanadoo.nl homepage scripting@wanadoo.nl | Links | Summary of Site Site KiXforms FAQ kixtart.org library collection mirror MCA | FAQ & UDF help file UDF kixtart.org library collection mirror MCA | mirror USA | mirror europe UDF scriptlogic library collection UDFs | mirror MCA

Top
#98063 - 2001-12-05 03:28 PM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
5th December 2001 - Version 2.04a released
New version available here.

Changes

  • Code now stable enough to optimise Compiled with -O2 means is faster, and smaller (back down to 12KB).
  • -p GPF fixed.
  • Temporary file name is now entirely random and changes every time crypted.exe is run. Crypted.exe will attempt 1000 different random file names before giving up.
  • A directory which matches the temporary file name will no longer cause crypted.exe to exit.

Top
#98064 - 2001-12-05 04:04 PM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Hi MCA,
Thanks for your comments, and for doing the quality control testing I should have done before releasing the code

To answer your points:

  • KiXtart script with no suffix.
    The "'Script error : failed to find/open script !" error is a feature (bug?) of KiXtart.
    You will find that "kix32.exe code" will also produce this error, and that "kix32.exe code." will work.
  • -d produces output in crypted.exe
    This is by design. The idea is that you can create a debug version for testing. When you are ready to release to your users you don't use the "-d" flag. NB For security reasons you cannot used the "-d" flag with "crypted.exe" - it has to be set on when you run kixcrypt.exe.
  • -p password causes divide zero error
    Fixed in version 2.04a
  • Temporary file names.
    As of version 2.04a the numbered file name is not used, so cannot easily be guessed. A file name of 8 random upper case letters is used. 1000 of these are tried before the program gives up. Each time crypted.exe is tun the random file names will be different.
  • kc000000 directory.
    As of version 2.04a a directory with the same name as the temporary file will not cause crypted.exe to exit.

The crypted.exe has to create a temporary file because KiXtart cannot accept piped input. The current directory is always used and I probably won't be changing that simply because it would mean a lot of work for very little benefit.
If the directory is not writable by the user you will get the "Cannot open temp file for writing" error.

If you need to redirect the temporary file to another direcectory then "CD" to it before running crypted.exe

You (and anyone else) are more than welcome to publish the KixCrypt utility on your site.

I hope that answers all your questions.

Top
#98065 - 2001-12-06 07:54 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
MCA Offline
KiX Supporter
*****

Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
Dear Richard,

We will give it a try.
Soon we will inform you also about the publication of it on our site.
Please inform me when new version will be released.
greetings.

_________________________
email scripting@wanadoo.nl homepage scripting@wanadoo.nl | Links | Summary of Site Site KiXforms FAQ kixtart.org library collection mirror MCA | FAQ & UDF help file UDF kixtart.org library collection mirror MCA | mirror USA | mirror europe UDF scriptlogic library collection UDFs | mirror MCA

Top
#98066 - 2001-12-06 05:12 PM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
masken Offline
MM club member
*****

Registered: 2000-11-27
Posts: 1222
Loc: Gothenburg, Sweden
This looks great!

..but I feel really dumb here, since I can't figure out the end use of it..?

How do I use this to, for example, make an encrypted script, and then call this script from with in a KiX logonscript? We've got no KiXtart extensions on the clients, and are running v.3.63.

For example, I want to store the password for SU in an encrypted script, and then be able to call it from within my logonscript (and of course it should work with all Win32 clients..)?

It's the calling from within a running script that I don't quite get...

I know i'm [Confused] [Roll Eyes] , but spare with me here [Wink]

Great work btw Richard!

[Moderator disabled malfunctioning link to image]

[ 18. December 2002, 15:52: Message edited by: masken ]
_________________________
The tart is out there

Top
#98067 - 2001-12-07 04:28 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
MCA Offline
KiX Supporter
*****

Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
Dear Richard,

We have verify your latest 2.04 version and it works like a charm.
We put it as a Kixtart tool on our site. The general name
will be kixcrypt.exe.
We hope that our description covers your tool.

Symbol on our homepage has been linked to your related http://kixtart.org topic.

Please let me know when a new version is released.
Other input or comment is also welcome.
greetings.

_________________________
email scripting@wanadoo.nl homepage scripting@wanadoo.nl | Links | Summary of Site Site KiXforms FAQ kixtart.org library collection mirror MCA | FAQ & UDF help file UDF kixtart.org library collection mirror MCA | mirror USA | mirror europe UDF scriptlogic library collection UDFs | mirror MCA

Top
#98068 - 2001-12-07 11:21 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
7th December Version 2.06a released
Changes
  • Bug fix: Lazy coding using "realloc()" caused garbage in the command line under Windows XP
  • New option "-c" added. This inhibits "%COMSPEC% /C" being pre-pended to the command.

Thanks go to Peter van der Struis who found the bug and helped in fixing it. The "-c" option was his idea too.

[ 07 December 2001: Message edited by: Richard Howarth ]

Top
#98069 - 2001-12-07 02:59 PM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
7th December: Console-less version

My, the updates are coming thick and fast.

I've compiled a console-less version "wkixcrpt.exe". See the first post of this topic for the URL.

You should be able to use:

code:
wkixcrpt myscript.kix -m "" -c "wkix32.exe -i .\%%s"


To keep the console-less operation. I think.
The '-m ""' is required to stop the startup message being displayed, and '-c' executes the command directly without "%COMSPEC% /C".

wkixcrpt.exe is only available from version 2.06a

Top
#98070 - 2001-12-07 03:28 PM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
klunde Offline
Lurker

Registered: 2001-12-07
Posts: 2
I've just tried out version 002.06 and find it very usefull except for the fact that the temp file is created in the same directory. Is it possible to specify %temp% or something to change this into a path where users have write access?

I want to use this to encrypt my SU script so that users can install programs under admin account, but now I must create a batch file that moves the users to his/hers temp dir and then fire up the encrypted .exe file

_________________________
// (,) ./)> ./<, Morten

Top
#98071 - 2002-02-01 03:43 PM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
1 February 2002 Version 2.08b released
Changes
  • Bug fix: Fixed the "Cannot find self" bug. Again.
  • Added "-v" option to display version and amendment history.
  • Added code to detect and avoid the "Russ Exploit" security issue.

Full amendment history (from "kixcrypt -v"):

quote:
Version 002.08b
KiXcrypt author: Richard Howarth (rhowarth@sgb.co.uk)

/* AMENDMENT HISTORY:
* 01 February 2002 Version 2.08b R. Howarth
* Promoted to beta release, as it appears to be stable
* Fixed cannot find self bug. Again. Tch.
* Added detection and avoidance for Russ Exploit
* Added '-v' for version info
* Included my name and email address for support purposes. Honest!
* 06 December 2001 Version 2.06a R. Howarth
* (Possibly) fix Windows XP not zeroing realloced area.
* Added '-c' NOCOMSPEC option
* 05 December 2001 Version 2.04a R. Howarth
* Fixed GPF on -p password
* Temporary file is now entirely random (1000 attempts)
* 30 November 2001 Version 2.02a R. Howarth
* Fixed 'Cannot find self' bug.
* Added '-m' to messages.
* Added salt to peturb algorithm, to avoid password attacks.
* KixTart -> KiXtart
* 20 November 2001 Version 2.01a R. Howarth
* Password now assigned automatically
* Simplified output - script.kix -> script.exe
* Command line options allowed.
* 18 September 2001 RMH First public release
*/



Top
#98072 - 2002-02-08 05:24 PM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
5 February 2002 Version 2.10b released
Changes
  • Bug fix: "-s" trojan detection worked ok but didn't exit due to debug code left enabled (Spotter Roberto M.)

Top
#98073 - 2002-03-27 11:22 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
27 March 2002 Version 2.12b released
Changes
  • Feature: The temporary file now overwrites itself before deleting, to avoid exposing the script with undelete utilities.
  • A warning message is issues if the temporary script file does not delete itself, then the file is overwritten and deleted by the controlling program. If the "-k" option has been used the file is overwritten and deleted silently.

Top
#98074 - 2002-03-27 11:29 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
richard, still affraid about the temp-file...
scares like shit.
why you use it when you can crack the piping?
_________________________
!

download KiXnet

Top
#98075 - 2002-03-27 11:38 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
If (when?) KiXtart supports piped input I'll include a switch to avoid the temporary file entirely.

I need to confirm that popen() works with the compiler (MINGW) I'm using and all versions of windows, as I seem to recall that I had some problems with fork() and similar calls.

Top
#98076 - 2002-03-28 12:07 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
what about pipe script.
like a hack...

call kix with script that has gets $x in it
then that $x is executed with
$=execute($x)

that somewhat does the trick of piping.
what you think?
_________________________
!

download KiXnet

Top
#98077 - 2002-03-28 12:16 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Ahh, there are a couple of problems with the GetS() and Execute() solution.

The first is that I've no idea how KiXtart will manage variable scopes, functions and subroutines when the script is being executed that way. Not to mention loops, conditional structures and so-on. It would work for a strictly linear monolithic script, but I suspect anything more complicated is doomed to failure.

The other more simple problem is what to do when your script has a "Get()" or "GetS()" in it! If you execute them they will pick up the next bit of decrypted script as input [Eek!]

Top
#98078 - 2002-03-28 12:23 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
yeah...
good point. I thougt that too, but if you parse the code fully to memory and then put it in?
it may (just may) have string limitation...
don't remember what kind of length limitation gets might have?
_________________________
!

download KiXnet

Top
#98079 - 2002-03-28 12:27 AM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
and if script has gets in it...
may want to use 2 kix processes.
say, change lines to open other console for user input/output.
_________________________
!

download KiXnet

Top
#98080 - 2002-03-27 01:58 PM Re: UTILITY: KiXcrypt 2.16b - KiXtart encryption
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
I've been playing with this a bit, and it doesn't work very well.

Popen() opens KiXtart and can pipe stuff into GetS, but there is no way of detaching, and it doesn't handle the pipe closeing very well.

What I really need is:
1) A switch for KiX32.exe which will cause it to read the script from stdin rather than a file.
2) When stdin closes, reattach to the tty or console device so that Get and GetS will work.

Top
Page 2 of 5 <12345>


Moderator:  Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.076 seconds in which 0.026 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org