PowerShell Encoding Citrix Passwords

应用服务 12/23 阅读 464 views次 人气 0

Citrix ICA文件可以包含用于验证连接的密码。

Here are two PowerShell functions that can perform the required encryption and decryption.

I’ve made these functions so that I can programmatically create a whole bunch of ICA files which I can then use to connect to all my servers without having to type the password when I connect (or manually change all the files when my password changes).

function Citrix-Encode {
    param ($s = "", $k = $null)
    if ($k -eq $null) {
        $k = Get-Random 256
    $p = $k -bxor ($k -bor [int][char]'C')
    $e = ($s.Length + 1).ToString("x4") + $k.ToString("x2")
    $s.ToCharArray() |% {
        $c = $_ -bxor $p -bxor $k
        $e += $c.ToString("x2")
        $p = $c
    return $e
function Citrix-Decode {
    param ($s = $null)
    $l = [regex]::split($s, '(?<=\G.{2})')
    $n = [convert]::toint16($l[0]+$l[1],16) + 1
    $k = [convert]::toint16($l[2],16)
    $p = $k -bxor ($k -bor [int][char]'C')
    $d = ""
    $l[3..$n] |% {
        $c = [convert]::toint16($_,16)
        $d += [char]($c -bxor $p -bxor $k)
        $p = $c
    return $d

Example of use:

PS> Citrix-Encode "abcd1234"



PS> Citrix-Decode "0009aa8a428b45de46df41"


The obfuscation that Citrix uses is shown to be relatively simple – just using an initial key and then some simple XOR stuff. The decode function does not do any validation of it’s input, it just assumes that it will be fed a valid hex string.