Get-DecryptInfoFromSideCarLogFiles no longer functional

Question

Get-DecryptInfoFromSideCarLogFiles no longer functional

pl4nty opened this issue 3 years ago · 4 comments

It seems that the Intune Management Extension no longer produces the logs necessary to determine the intunewin IV and key.

I suspect this is due to a recent update. If anyone has docs from the start of October or earlier, I'd love to take a look.

Answer 1 · 2021-11-13T06:05:00.000Z

I'm having the same issue. Any solution for this? Thanks!

Answer 2 · 2022-03-29T22:21:16.000Z

Stay tuned I found a way to get back the information. blog post is coming soon.

Answer 3 · 2022-09-29T05:15:06.000Z

I have completely rebuilt the IntuneWin decrypter in PowerShell so that it doesn't need any external dependencies.
I have also added a few extra features to it and more documentation.

Take a peek and tell me what you think:
https://github.com/elliot-huffman/Powershell-Doodads/blob/main/Apps/Endpoint%20Manager%20(Intune)/Unprotect-IntuneWin.ps1

Answer 4 · 2022-11-29T11:18:39.000Z

@elliot-huffman looks great! Might be worth PRing into https://github.com/MSEndpointMgr/IntuneWin32App.

Would be good to split into a few cmdlets eg Get-PackageDecryptInfo/Export-PackageFile, and an option to just export ParsedContentInfo to allow for devices with PowerShell CLM. Then the exporting could happen on a separate device with higher privileges (that may not have access to the same Intune apps, or even be Intune-managed at all).