Decrypting DPAPI (aspnet_setreg) stored credentials

I came across a problem at work where I needed to recover credentials that had been stored in the registry using .Net’s DPAPI (aspnet_setreg). Thankfully the open source NCrypto library came to the rescue.

Here’s a simple bit of code making use of the NCrypto.Security.Cryptography assembly to decrypt the data:

<%@ Page Language="C#" Debug="true" %>
<script language="C#" runat="Server">
protected void Page_Load(object sender, System.EventArgs e)
{
byte[] regUsername;
byte[] regPassword;
string strUsername;
string strPassword;
Microsoft.Win32.RegistryKey reg;


reg = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\NWtraders\Login\ASPNET_SETREG");


regUsername = (byte[])reg.GetValue("username");
regPassword = (byte[])reg.GetValue("password");


strUsername = Encoding.Unicode.GetString( NCrypto.Security.Cryptography.ProtectedData.Unprotect( regUsername ) );
strPassword = Encoding.Unicode.GetString( NCrypto.Security.Cryptography.ProtectedData.Unprotect( regPassword ) );


System.Web.HttpContext.Current.Response.Write( strUsername );
System.Web.HttpContext.Current.Response.Write( strPassword );
}
</script>

Throw the .dll in your bin folder or GAC and you’re good to go. Make sure you’ve got access to the relevant registry keys used though.

Comments

• Jon says:

  Nice piece of code. Worked great. Thank you!
  Jon

  Reply
• Mike says:

  Thanks, worked great as I was in the same situation!

  Reply

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Δ