Decrypt password from Remote Desktop Connection Manager (RDCMan)

Posted on January 27, 2017 by Sam

I often use Remote Desktop Connection Manager (RDCMan) to connect to various servers at work and at home.  It has a very handy feature of saving the login credentials either per server or better; per server grouping.  The password is stored in the .rdg file that is saved out by the application in an encrypted format so that the password can’t be easily read.

After enough time goes by I tend to forget what the password is and inevitably I will run into a situation where I want to find out what it is.  For example maybe I want to connect via remote desktop on another computer and want to set up the remote server configurations again in a remote desktop app other than RDCMan.

Opening the .rdg file shows that it’s stored in XML format.  Look for a <password> element e.g.

Take note and/or copy the encrpyted string value.  We will use this in the next step.

Decryption

RDCMan.exe contains a DecryptString method which isn’t exposed in the application but can be called externally if the application is referenced as a library from another application.

If you have RDCMan installed on your Windows system it should be located here:

C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager\RDCMan.exe
  1. Copy the .exe file to another location (perhaps on your Desktop) and rename the file to be “RDCMan.dll”
  2. Open up Visual Studio (using 2015 at the time of this writing) and create a new Unit Test or Console app project.
  3. Copy the DLL file into your project and add a reference to it.
  4. Then either in your console app’s main method or in a unit test class copy in this code:
var settings = new RdcMan.EncryptionSettings(); 
// TODO: Place your password into this string. 
var encryptedPassword = ""; 
var clearPassword = RdcMan.Encryption.DecryptString(encryptedPassword, settings); 
Console.WriteLine(clearPassword);

5. Build your project and run it and you should be able to get your clear password back out.

Example Unit Test project is available here https://github.com/swinter2/RDCManTest

Comments

  • Dar says:

    If you create domain on test environment with the same domain name and a user on another computer with the username being identical, is it possible to retrieve the password? Let’s say I have access to someone’s rdg file and I try to crack the PW, will it work if I create an environment having the same domain name and username?

    • Sam says:

      I don’t know if domain and user name are the only variables involved in the hash. So I am unsure if that would work. That would be a good experiment though.

  • SHAWN GORDON says:

    Thanks a million, I just did a simple console application but you saved me a tons.

  • John says:

    I am not getting the password, maybe I am doing something wrong, not a VS expert. 🙂

    I am getting this message but no password:
    1>—— Build started: Project: RDCManTest, Configuration: Debug Any CPU ——
    1> RDCManTest -> C:\Temp\Something\RDCManTest-master\RDCManTest-master\RDCManTest\bin\Debug\RDCManTest.dll
    ========== Build: 1 succeeded, 0 failed, 0 up-to-date, 0 skipped ==========

    • Sam says:

      Hi John: You will need to Run the project in addition to the Build step that you performed. Actually if you Run it will Build automatically for you.

Leave a Reply

Your email address will not be published. Required fields are marked *