Luigi Auriemma

Hey,
The adresses for the steampwd.exe exist by vista not. And i search the adress for vista.
Aluigi Can you me help.
_______________________________________________________________

Sorry for my bad english

uhmmm probably you refer to the old version of steampwd, the actual one doesn't use offsets

The reg keys exist by me not

I don't have vista so I can't verify it, anyway it's strange since the registry key names should not change from XP to Vista

Since I have a Vista box, I looked into it and found that the ProductId value is not located at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId" on Vista. Instead it is located here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId

The other two values appear to be in the same places. (Though for some reason my "io" value was empty, but it's probably because I told Steam not to save my password.)

the problem is that "Windows NT" doesn't exist in steam.dll (the registry keys are hardcoded in the dll), so are you 100% sure that on Vista the encryption key includes the ProductId too?

I mean, if you save your Steam password on Windows Vista can you recover it with the actual version of steampwd?

so?

I do not think this tool is working correctly on Vista (Ultimate x64 Edition). Here is the output:

For some reason, it's not getting the MachineGuid field, even though it does exist on Vista.

Even if I manually feed it the MachineGuid value, it still does not work.

I figured it out: Instead of using those, I guess if it doesn't find the ProductId (I'm guessing), it will automatically use "NoMachineSpecificPassphraseAvailable" as the key instead (which I think is how the Linux version encrypts passwords too).

So I guess this proves that Steam on Vista is insecure, since you can decrypt the passwords from any machine with it without needing access to the registry from the source machine. It should also prove that's it is insecure on Linux too, when you're saving the password with the Steam client.

excellent job AnonymousCoward, moreover the conlusion.

Can you test if the following beta works fine on Vista?

http://mirror.aluigi.org/beta/steampwd.zip

Thanx

Verified on:
- Windows Vista Ultimate x64 SP1
- Windows XP Professional SP3

I haven't tested it on Vista 32-bit, but it will probably work as well.

Also, this should probably be tested on Windows XP x64. Because I think the 64-bit registry is causing problems with your implementation. I believe this issue is caused because your application is a 32-bit application and it's trying to access the 32-bit registry (which is not the same as the 64-bit registry). To fix this, I think you can pass "KEY_WOW64_64KEY" to RegOpenKeyEx. I'm pretty sure this is ignored if you use this flag on a 32-bit operating system.

However, my above assumption could be completely wrong (it's possible it fails in Steam also and uses that default key).

uhmmm the 64 bit thing of the registry seems too much strange, M$ has no reason to add this big complication to a so widely used thing as the registry.
usually this is all trasparent for the user.

thanx for the tests, I release that version of steampwd

Does that work?

Having the same problem.

do you mean the problem on Windows 64 bit or on Vista?

vista

can you try the following beta version?

http://aluigi.org/beta/steampwd.zip

uhmmm seems that high6 is in vacation :)