Utility to dump stored packed CIK (Content Integrity Key) data for MSIXVC packages from the registry. Additionally leverages emulation to derive your device encryption key to decrypt the CIKs for normal usage.
Warning: All keys derived and decrypted by this tool are sensitive information. You should never share a derived key with anyone, especially not your unique device key. This tool is for educational and research purposes only.
The derived device key will be printed to the console, and will also be saved to deviceKey.txt in the app directory. Decrypted CIKs will be saved in the Cik subfolder.
USAGE:
CikExtractor.exe [OPTIONS]
OPTIONS:
DEFAULT
-h, --help Prints help information
-c, --export-cik-path Cik Folder to extract CIKs into
-d, --device-key-path deviceKey.txt File to read/write device key from/into
-r, --reg-hive Path to an already exported registry hive exported by the 'export-hive' command
COMMANDS:
dump Derives the device key and decrypts all CIKs stored in the registry. Default command.
export-hive <path> Export the registry hive containing the CIKs into a file.
export-params <path> Export the parameters needed to derive a device key.
Useful if you want to run the key derivation on another device.
derive <path> Derives a device key from the exported parameters of the 'export-params' command.You can use the generated Cik directory and the keys within with xvdtool, by emoose. Example command:
// To decrypt (Note: will in-place-decrypt, so replacing the existing file):
./xvdtool.exe -nd -eu -cik "<cik-guid-here>" -cikfile "<path-to-.cik-file>" <path-to-msixvc-file>
// Then, to extract the files within:
./xvdtool.exe -nd -xf "<path-to-output-folder>" <path-to-decrypted-msixvc-file>The keys can also be used with XvdTool.Streaming.
You can also use the derived device key to decrypt local XML licenses that contain keys directly, but that is not currently implemented.