search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.67k stars 1.52k forks source link

DPAPI Simulation for every single box #2688

Open sepcnt opened 1 year ago

sepcnt commented 1 year ago

Is your feature request related to a problem or use case?

DPAPI use Windows User Identity Token and User Private Key to d/encrypt data. Some applications use DPAPI to salt their data, which make the sandbox no longer portable. Will it be beneficial to hook those relating APIs and add "User Identity Token Simulation" option for Sandboxie?

Describe the solution you'd like

APIs to hook:

Describe alternatives you've considered

No response

DavidXanatos commented 1 year ago

First Crypt(Un)ProtectMemory is irrelevant as it only affects memory paging to my knowledge

About Crypt(Un)ProtectData I don't know if it is a good idea to offer that level of portability, credentials should not be that easy to access, and a proper implementation would need to make sandman ask for a password when needed and save the data encrypted in the box.

Also we would probably need to manipulate the protected storage to have the data stored there also portable.

Sounds like a lot of work for a rather fringe use case.

Do other users want such a functionality?

bastik-1001 commented 1 year ago

Doesn't this also allow separating sandboxes from each other even further? If so, it appears to be a good thing, the question is just under what cost.