Encoding Citrix passwords with PowerShell

Citrix ICA files can optionally contain the password used to authenticate the connection.

Here are two PowerShell functions that can perform the required encryption and decryption.
I’ve made these functions so that I can programmatically create a whole bunch of ICA files which I can then use to connect to all my servers without having to type the password when I connect (or manually change all the files when my password changes).

function Citrix-Encode {

    param ($s = "", $k = $null)

    if ($k -eq $null) {
        $k = Get-Random 256
    }

    $p = $k -bxor ($k -bor [int][char]'C')

    $e = ($s.Length + 1).ToString("x4") + $k.ToString("x2")

    $s.ToCharArray() |% {
        $c = $_ -bxor $p -bxor $k
        $e += $c.ToString("x2")
        $p = $c
    }

    return $e
}

function Citrix-Decode {

    param ($s = $null)

    $l = [regex]::split($s, '(?<=\G.{2})')

    $n = [convert]::toint16($l[0]+$l[1],16) + 1
    $k = [convert]::toint16($l[2],16)

    $p = $k -bxor ($k -bor [int][char]'C')
    $d = ""

    $l[3..$n] |% {
        $c = [convert]::toint16($_,16)
        $d += [char]($c -bxor $p -bxor $k)
        $p = $c
    }

    return $d
}

Example of use:

PS> Citrix-Encode "abcd1234"
0009aa8a428b45de46df41

PS> Citrix-Decode "0009aa8a428b45de46df41"
abcd1234

The obfuscation that Citrix uses is shown to be relatively simple – just using an initial key and then some simple XOR stuff. The decode function does not do any validation of it’s input, it just assumes that it will be fed a valid hex string.

This code also needs way more comments …

Bri

Advertisements
3 comments
  1. Kirk Smith said:

    Thank you!! This is exactly what I have been looking for!

    • Bri said:

      [haven’t checked in here for a while]
      Glad you find it useful!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: