I want the setup to read the password from a HTTP GET request instead of directly from the user. Is there any way to bypass the password box and do this?
Asked
Active
Viewed 707 times
1
Martin Prikryl
- 188,800
- 56
- 490
- 992
user9754399
- 11
- 1
1 Answers
3
Read the key using WinHttpRequest object, insert it to the password box and submit the Password page:
[Setup]
Password=123
Encryption=yes
[Code]
procedure ExitProcess(uExitCode: Integer);
external 'ExitProcess@kernel32.dll stdcall';
const
BN_CLICKED = 0;
WM_COMMAND = $0111;
CN_BASE = $BC00;
CN_COMMAND = CN_BASE + WM_COMMAND;
procedure CurPageChanged(CurPageID: Integer);
var
WinHttpReq: Variant;
Error: string;
Param: LongInt;
begin
if CurPageID = wpPassword then
begin
WinHttpReq := CreateOleObject('WinHttp.WinHttpRequest.5.1');
WinHttpReq.Open('GET', 'https://www.example.com/password.txt', False);
WinHttpReq.Send('');
if WinHttpReq.Status <> 200 then
begin
Error :=
'Error checking for decryption key: ' +
IntToStr(WinHttpReq.Status) + ' ' + WinHttpReq.StatusText;
MsgBox(Error, mbError, MB_OK);
ExitProcess(1);
end
else
begin
WizardForm.PasswordEdit.Text := Trim(WinHttpReq.ResponseText);
Param := 0 or BN_CLICKED shl 16;
// post the click notification message to the next button
PostMessage(WizardForm.NextButton.Handle, CN_COMMAND, Param, 0);
end;
end;
end;
With use of code from:
- How to skip all the wizard pages and go directly to the installation process?
- Exit from Inno Setup installation from [Code]
- Inno Setup - HTTP request - Get www/web content
Note that it is not difficult to extract the URL from the installer and find out the password. See Disassembling strings from Inno Setup [Code].
Martin Prikryl
- 188,800
- 56
- 490
- 992