mremotedec

README

mremotedec

A simple tool to decrypt mRemoteNG connection files (.xml).

mremotedec started as a side idea while solving a VulnLab machine. After fighting with clunky tooling for long enough, I decided to write my own — minimal, clean, and built the way I wanted it to work.

Big shoutout to x4nt0n for solving the "Lock" together with me 💖

🧰 Features

• Supports CBC and GCM decryption modes.
• Handles Full File Encryption.
• Output in human-readable format or CSV.
• Written in Go for easy portability.

🛠️ Installation

📦 Binary Releases

Pre-compiled binaries for Linux, Windows, and macOS are available on the Releases page.

🐹Using Go

You can install mremotedec directly using go install:

go install github.com/qrxnz/mremotedec@latest

🏗️ Build from Source

To build from source, you need to have Go installed.

git clone https://github.com/qrxnz/mremotedec.git
cd mremotedec
go build -o mremotedec .

Alternatively, if you have Task installed, you can use:

task build

❄️ Using Nix

• Run without installing

nix run github:qrxnz/mremotedec

• Add to a Nix Flake

Add input in your flake like:

{
 inputs = {
   mremotedec = {
     url = "github:qrxnz/mremotedec";
     inputs.nixpkgs.follows = "nixpkgs";
   };
 };
}

With the input added you can reference it directly:

{ inputs, system, ... }:
{
  # NixOS
  environment.systemPackages = [ inputs.mremotedec.packages.${pkgs.system}.default ];
  # home-manager
  home.packages = [ inputs.mremotedec.packages.${pkgs.system}.default ];
}

• Install imperatively

nix profile install github:qrxnz/mremotedec

📖 Usage

⊹ ࣪ ˖ Basic Usage

Decrypt a standard confCons.xml file using the default mRemoteNG password (mR3m):

mremotedec confCons.xml

🔐 Custom Password

If you set a custom password in mRemoteNG, use the -p or -password flag:

mremotedec -p "your_custom_password" confCons.xml

🧾 CSV Output

Export the decrypted connections to a CSV file:

mremotedec -csv confCons.xml > connections.csv

❓ How it works

mRemoteNG uses different encryption methods based on its configuration:

• Legacy (CBC): Uses AES-CBC with an MD5-hashed password.
• Modern (GCM): Uses AES-GCM with PBKDF2 (SHA1) key derivation.

mremotedec automatically detects the encryption mode from the XML attributes (BlockCipherMode) and attempts to decrypt accordingly.

🗒️ Credits

🎨 Inspiration

I was inspired by:

• gquere/mRemoteNG_password_decrypt

📜 License

This project is licensed under the MIT License - see the LICENSE file for details.