Decryption the password of Rockwell Desklock - How to store a password?

Rockwell Desklock is a small, but useful program. It can ban some Windows features, like [CTRL]+[ALT]+[DEL], [ALT]+[TAB] and other method to switch between the windows or close a program.

This is very important in industrial environment, where the operator PC have to show only the SCADA system. Of course, there are situations, where a supervisor have to close the SCADA and have to use other programs. (For example during maintenance.)
In this case, he has to identify himself with a password, but here is a problem:
How can the Desklock store the password?

In Windows, you have two possibilities to store something (of course there are lots of methods, but this two are the most common.):

• In the Registry
• In a file

The Desklock stores its configurations (and the password) in a config file. [I wrote the method to decrypt the stored password, but I removed it. You don't need it to protect your system. By the way, if you are an engineer who has to restore a forgotten password, you will discover it yourself very easily.]

It's not a big problem. If Desklock is active, then you can't open the config file, because Desklock can be configured to start with Windows. But, if the attacker can reboot the computer, then he can start it in safe mode. (In safe mode, the autostart programs won't run automatically.) In this case, the attacker can steal the config file.

By the way, I never heard that this password handling was abused by an attacker. I discovered this, when I fixed an operator PC. I needed the password of Desklock, but the operator was unavailable. I checked the config file, had luck and finished with the fix just in time.

What have you to do, if you use Desklock?

1. You have to use a separate password for Windows and for Desklock. (It's an important rule: One application, one password.)
• Desklock can store the Windows password too, but it's in the same unsafe way. In my opinion, if you want to log in automatically, you don't need Desklock for this.  
2. You have to configure the Windows to ask password after boot.
3. You have to log all reboot.

What have you to do, if you are a developer, who want to create a software with locally stored password?

1. Don't store the password without an irreversible and secure hashing. (In most cases, you never have to decrypt the password.)
2. Even if you use some good hashing, you have to salt the password before it.
3. Use a hashing algorithm more thousand times. 
4. For more details, see this topic.

Greeting - Please read this first!

Dear guest,

You are in a blog, which will contain some information about hacking. First, I would like to cover two topics:

1. Hacking wireless protocols (especially ZigBee)
2. Hacking industrial controllers

My goal with this blog is to give you the knowledge to defending your system. I won't show you unexplored exploits, so if you read something new here, then your system is in great danger and you have to fix it very quickly.

You might ask, why this two topics? Because they are important, and they are my favorite.

The industrial wireless protocols (like ZigBee) are used in lots of factories. They controlling important actuators or monitoring critical systems. And there some well-known security issues in protocol level, which can used by an attacker. The users of this technology have to protect their applications.

And last but not least, the industrial controllers (I mean, the PLC-s) are controlling everything. (power plants, food factories, medical factories, ...) If you deploy a PLC, you have to protect it, or somebody will crash your system. I am working with Rockwell PLC and software so I can test their vulnerabilities very easily. Because of this, the security issues in Rockwell products will be strongly overrepresented. This doesn't mean, that the Rockwell PLC-s have more security problems, than any other type. Fortunately,  there are very small amount of known exploits and all have a fix or a good workaround, but you need to know about them.

The goal of this blog is to help to protecting your system. For this, I have to tell you, how can you take advantage of the bugs. If you don't understand the danger, then you can't protect properly.

With this knowledge, you can cause damage. This is against my will and it's rewarded with long time in prison. (For you, of course.)
Please believe me, if you read any new information in this blog, than you can't hide your identity if you will attack something. The police will hunt you down and you will go to jail for a long time.

Have a good read!