How to copy wincmd.key to registry KeyPath=$

[Rein de Jong]

Hi,

I tried to store the wincmd.key in the registry so the key can't be stolen away from my machine. It must be stored binary, but how to pass the contents of wincmd.key to the registry?

Can it also be placed in HKLM\Software\Ghisler\Total Commander?

[CoolWater]

2Rein de Jong

since it is quite difficult to manage this task by hand, I've written a vb script for you:

Code: Select all

If WScript.Arguments.Count > 0 Then
	Dim strFileIn

	strFileIn = ReadFile(WScript.Arguments.Item(0))

	strFileIn = "REGEDIT4" & Chr(10) & Chr(13) & Chr(10) & Chr(13) & _
			      "[HKEY_CURRENT_USER\Software\Ghisler\Total Commander]" & Chr(10) & Chr(13) & _
			       Chr(34) & "key" & Chr(34) & "=hex:" & strFileIn

	WriteFile WScript.Arguments.Item(0) & ".reg", strFileIn
End If
    
Function ReadFile(FileName)
    Dim Stream
    Dim byteFile
    Dim strHex
    Dim I
    
    Set Stream = CreateObject("ADODB.Stream")
    Stream.Type = 1 ' Binary
    Stream.Open
    Stream.LoadFromFile FileName
    byteFile = Stream.Read
    Stream.Close

    For I = 1 To LenB(byteFile)
        strHex = strHex & Hex(AscB(MidB(byteFile, I, 1)))
        
        If I < LenB(byteFile) Then
            strHex = strHex & ","
        End if
    Next
    
    ReadFile = strHex
End Function

Sub WriteFile(FileName, Content)
    Dim myFSO, WriteStuff

    Set myFSO = CreateObject("Scripting.FileSystemObject")
    Set WriteStuff = myFSO.OpenTextFile(FileName, 2, True)
    WriteStuff.WriteLine(Content)
    WriteStuff.Close
    SET WriteStuff = Nothing
    SET myFSO = Nothing
    
    MsgBox "'" & FileName & "' has been written.", 64, "Wincmd.key RegFile Maker"
End Sub

Save this as vbs file, i.e. wincmdkey2reg.vbs, then call it giving the path and file to wincmd.key, i.e. wincmdkey2reg.vbs "c:\path\to\totalcmd\wincmd.key"

Then double-click the generated reg-file and it will be written to registry.

You can write the key to HKLM, change the script to your needs

HTH,
CoolWater

[Rein de Jong]

2Coolwater

Thnxs. This is convenient!
I think you helped a lot of folks.

Steeling the key isn't that easy anymore!
When the user is logged on as normal user it should be impossible now!

[MVV]

When the user is logged on as normal user it should be impossible now!

Why, interesting...
HKLM is not read-protected, its only write-protected for regular user.
Everyone may export key from registry to .reg file (using regedit manually or simple batch file that will call reg/regedit) and use as usual key on disk.

[ghisler(Author)]

Indeed since Total Commander needs to be able to read the key, so can the user...

[Rein de Jong]

HKLM is not read-protected, its only write-protected for regular user.
Everyone may export key from registry to .reg file (using regedit manually or simple batch file that will call reg/regedit) and use as usual key on disk.

Yes off course. Silly me

I wonder if there is a way to prevent the key from hijacking. This will hide it better than the file, but its not fullproof.

[ghisler(Author)]

There is no way as long as the key is stored on the local server. I have thought of a quite complex client server scheme, but this would work only as long as the computer can contact the license server. And if the key from the license server gets stolen, anyone could setup such a server somewhere on the Internet...

[Balderstrom]

Couldn't the key be kept in a password protected zip/rar?

• On initial launch you would need to enter the password to start TC, or
• After entering the password once, TC creates a DLL that contains the salted/encrypted pass along with Hardware specific information.

Upon any successive startup's TC uses the DLL to access the password-protected zip/rar, and verifies the Hardware specific info is the same.
Which should prevent said DLL from being used on another machine for most intents and purposes.

[ghisler(Author)]

1. If you need to enter the password every time, you could as well press one of the 1-2-3 buttons, it would be faster.
2. If TC can decrypt it, the key must be stored somewhere, so any other program/troyan could decrypt it too...

[Rein de Jong]

In our specific case I suppose its wiser to keep the keys in the safe and lend the PC's with the 1,2,3 jukebox.
Knowing we have the licenses is enough I suppose.

[Eddict]

hi CoolWater,

thanks for this 'old' post, it was exactly what i needed!
very useful if you don't want to put the key into the application folder for security reasons.

there was only one small issue i had to deal with, as in my current environment registry editing is disabled by policy, so the importing of .REG files is also blocked.

that's why i've made this small code change, to write the key directly to the registry, instead of via a .REG file.
hopefully it can be useful to others as well!

regards Eddict

Code: Select all

Dim strRegHive
Dim FileIn

    If WScript.Arguments.Count = 1 Then
        strRegHive = "HKCU" 'change this to "HKLM" if that's the preferred location
        FileIn = ReadFile(WScript.Arguments.Item(0))
        Call WriteRegistry(strRegHive, FileIn)
    End If

Private Function ReadFile(FileName)
Dim Stream
Dim byteFile
Dim strHex
Dim I

    Set Stream = CreateObject("ADODB.Stream")
    With Stream
        .Type = 1 'Binary
        Call .Open
        Call .LoadFromFile(FileName)
        byteFile = .Read
        Call .Close
    End With
    Set Stream = Nothing

    For I = 1 To LenB(byteFile)
        strHex = strHex & AscB(MidB(byteFile, I, 1))
        If I < LenB(byteFile) Then
            strHex = strHex & ","
        End If
    Next

    ReadFile = Split(strHex, ",")
End Function

Private Sub WriteRegistry(RegHive, Content)
Const HKCU = &H80000001
Const HKLM = &H80000002
Const RegPath = "Software\Ghisler\Total Commander"
Const RegKey = "key"
Dim HK
Dim myReg

    'cannot use WshShell.RegWrite method because our REG_BINARY value is larger than one DWORD
    Set myReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
    Select Case UCase(RegHive)
        Case "HKCU", "HKEY_CURRENT_USER": HK = HKCU
        Case "HKLM", "HKEY_LOCAL_MACHINE": HK = HKLM
        Case Else: Exit Sub
    End Select
    Call myReg.SetBinaryValue(HK, RegPath, RegKey, Content)
    Set myReg = Nothing

    MsgBox "'" & RegHive & "\" & RegPath & "\" & RegKey & "' has been written.", 64, "Wincmd.key copy to Registry"
End Sub

don't forget to add KeyPath=$ in wincmd.ini to make sure TC will look in the registry for the key...

[LogicDaemon]

I ended up protecting my key by encrypting it with standard NTFS method (EFS)

imgur com qhdLJfW

If administrator haven't added recovery agent(s), this file can only be read by user encrypted it. If an admin will add recovery agent later, file will need to be "touched" first to update its encryption key before it will be readable by recovery agents.

If that user' password will be reset, noone will be able to read the file (but if user changes his password, file will still be accessible).

If you're the only admin, and no one else knows your password, this method can be considered safe.

(EFS encryption not available on home/starter versions of Windows)