Win10 profile changes (Unicode strings, username/domain signature)

[PDX-Chuck]

Ash,
Some apparent changes in Win10 WiFi profile formats is preventing things from working now:

1. The SearchForUsername signature has changed. In the successfully SYSTEM decrypted Stage2 file I see lots more 0x00 intervening bytes in the signature (i.e., 00,04,00,00,00,00,00,00,00,00,00,00,00,20,00,00,00,00,00,00).
2. Username seems to be in Unicode now (terminated by two zeros now instead of one)
3. Password also appears to be Unicode. Stage 3 finds and decrypts the blob, but nothing prints because of the Unicode (finds 0x00 immediately).

I'm pretty rusty at coding these days (don't even have VS installed). Is this something you have time to look at? Thanks!

[mkaraki]

Hi PDX-Chuck.
I don't know if that problem were solved. So I'll write my environment's information.

I'm using Windows 10 20H2 but I can export passwords correctly. And I think this is depend on your (or my) environment.

I think you enabled Windows 10's UTF-8 support in settings (Control Panel > Region > Administrative > Change system locale). And I think you can get data correctly if you disable this feature.

I'm sorry for my bad English. I'm hope that this information will help you.