PEAP保存无线配置 - 小众知识


2013年01月27日 14:18:05 苏内容

Is there any way to replicate the functionality of "Save credentials" button in the "802.1x settings" menu using Windows API? Or some other way to permanently save the PEAP credentials for the wireless profile.

I've tried the WlanSetProfileEapXmlUserData function to set MsChapV2:Username and MsChapV2:Password. It caches the credentials but does not save them permanently.

UPD: Managed to locate the userdata stored in HKLM\SOFTWARE\Microsoft\Wlansvc\UserData\Profiles\{GUID} but it is encrypted. I guess CryptProtectData is used to encrypt it. If only I knew what kind of salt is used.

HKLM\SOFTWARE\Microsoft\Wlansvc\UserData\Profiles\{GUID}\MSMUserData contains the data related to PEAP credentials. It is encrypted with CryptProtectData. Decryption gave us a binary blob which is luckily easy to understand. It contains username and possibly logon domain in plain text. Password info is encrypted again with CryptProtectData function and placed towards the end of the blob.

Encryption is done without LOCAL_MACHINE flag so only Local System user can generate new credentials data. After you place it into the registry key, Windows thinks that you have a saved set of credentials and will never ask for them even in case of failed authentication.

You can find more information on WPA2-Enterprise credentials encryption scheme of MSMUserData in my answer to the "How can I find Protected EAP credentials of a wireless network stored on Windows 7?" question. In particular, the "unreadable characters" (note that them begin with 01 00 00 00 d0 8c 9d df ...) following the username in the decrypted MSMUserData are the encrypted password so you need to decrypt again using CryptProtectData.