4

I'm rewriting an AutoIt script in PowerShell. A file on a share is generated daily (pw.jpg) by an AutoIt executable using:

_Crypt_EncryptFile(pw.txt, pw.jpg, "passphrase", algo)

AutoIt documentation references MSDN, I found identically named functions here. The password is decrypted using:

_Crypt_DecryptFile(pw.jpg, pw.txt, "passphrase", algo)

Algorithm is $CALG_AES_256 (maps to 0x00006610). How can I decrypt it using PowerShell? Anything I could find assumes encrypting and decrypting with same PowerShell functions only.

user4157124
  • 2,809
  • 13
  • 27
  • 42
Maximilian Burszley
  • 18,243
  • 4
  • 34
  • 63
  • 1
    I suggest starting by inspecting the source of `Crypt.au3`, which I believe is distributed as part of the AutoIt SDK. The syntax is a fairly straight-forward BASIC dialect, which you should be able to follow even if you aren't familiar with it. – Unsigned Jun 30 '17 at 17:39
  • 1
    Also to add on to what Unsigned says. According to what you provided it uses AES_256 but you will need to discover the ciphermode (CBC, CFB, or OFB), you will also need to get the IV size and where it is being slapped on at like is it in the password file or appended/prepended to the encrypted data. Last you will need to know the length of the passphrase needed and how they are using your clear text passphrase to convert to the correct passphrase length in bytes. I never used AutoIT before. Is it using steganography too to make that jpg? – Parrish Oct 03 '17 at 22:23

0 Answers0