how does the "hide sensitive data" item work? RRS feed

  • General discussion

  •     there is an item named "tool-> hide sensitive data" in Image configuration editor . as the document said ,it is used to let the ice hide the sensitive data or not, such as the localuser password. the document also said that it is not  encrypted, the original description is "This option only hides the passwords in an answer file and does not provide encryption or other security benefits. Consider answer files as sensitive data and be careful about authorizing access to your answer files."

        i have done some experiments to verify this option, so I created one answer file, and at no other packages, just the product package item created automatically. i found the "windows embedded edition->shell-setup-x86->useraccounts->localaccounts", and add one item "localaccount" by clicking right key, and input the password value "1234567890", make sure the option  "tool-> hide sensitive data" was ticked .at this time i saved this answer file and opened this answer file with notepad. i looked for the password item. the field showed content "MQAyADMANAA1ADYANwA4ADkAMABQAGEAcwBzAHcAbwByAGQA".  i doubted  how the ICE hide the password. and how to get back the password when opening in ICE.

          Then I changed the "MQAyADMANAA1ADYANwA4ADkAMABQAGEAcwBzAHcAbwByAGQA" to "11111111111111111111", saved answer file. i opened this answer file again in ICE, and looked for this password item, it also show "11111111111111111111".

          so what is the method the ICE hide this sensive data?

    Friday, April 9, 2010 10:42 AM

All replies

  • It looks like ICE just changes the data you entered when you save the answer file. It also looks like exact change gets passed on to the image that gets installed. Instead of the password you entered, it is the random change.


    www.sjjmicro.com / www.seanliming.com, Book Author - XP Embedded Advanced, XPe Supplemental Toolkit, WEPOS / POS for .NET Step-by-Step
    Friday, April 9, 2010 2:44 PM
  • Hide Sensitive Data runs a simple algorithm on certain fields of the answer file to make passwords difficult to read. It's called obfuscation. Whenever the answer file is consumed by IBW, the sensitive data is de-obfusticated, and the password you originally entered will be set as the user's password.

    The algorithm we use is not fully secure. You'll notice that if you enter 1234 as a password in two different answer files, you'll get the same string of letters genertated to hide the 1234 instead of a different string for each individual entry. This means that in theory, someone could write software to figure out how the obfustication algorithm works, and then decrypt your passwords.

    Hide Sensitive Data is meant to hide your data from simple viewing of the answer file. For example, if you generated an answer file with a user name and password, and then gave that AF to your friend to your co-worker to look at, you may be able to trust your co-worker enough to know they won't try to break your password, but you wouldn't want them to see the password in plain text.

    Note that if you expect that end users will have access to the device's hard drive contents, you may want to delete your C:\Windows\Panther directory after your installation is finished. This directory contains a copy of your answer file, so in theory, users could attempt to de-obfusticate the administrator passwords from here.

    Friday, April 9, 2010 4:29 PM