January 13th, 2017

View passwords of wireless profiles without using netsh.exe

Doctor Scripto
Scripter

Ever since the GUI lost the ability to view the password of a wireless profile, I wanted to provide this functionality in PowerShell. A search of the Internet for how to view the password of a Wi-Fi profile returns numerous examples of how to use netsh.exe to accomplish this. I wrote a previous blog post about how to view Wi-Fi profiles, and the method I used returned objects, but still relied on netsh.exe. I had some free time, and I wanted to learn about p/invoke, so I wrote a PowerShell module to do this.

Let’s look at how to do this without netsh. If there isn’t a cmdlet or method in .NET to get what you want, the next step is to look at native (Win32) APIs. As luck would have it, there is a Native WiFi API that has a function for everything you need. Let me back up a bit. A native API is unmanaged code. PowerShell is managed code. For managed code to call unmanaged code, you need to leverage Platform Invocation Services or P/Invoke. This is easily done in PowerShell. All we need is a C# signature that defines a class that renames the C++ types to their C# equivalents and the Add-Type cmdlet.

The C# signatures can be obtained by using pinvoke.net as previously explained by Boe Prox. Here is the signature for the WlanGetProfile function.

Signature for the WlanGetProfile function

I found it very helpful to look at the MSDN documentation for the function that I wanted to use. MSDN explains the parameters of the function and how the function can be used. The MSDN documentation for WlanGetProfile function is very thorough.

Another note, in my experience some of the signature will work by just copying from pinvoke.net, and others needs some trial-and-error. However, after you understand the concept of a signature and how it’s used, you will be able to adapt it to your scenario. I often found myself searching for the C# equivalents of the C++ types because I would get an error that would say something like “cannot convert DWord to type of Foo”, or something along those lines. After you get a working signature and see your happy new type in the PowerShell console, you will smile.

Example of working signature

Here is the WiFiProfileManagement module in action. At the time of this blog writing, WifiProfileManagement as four cmdlets (Get, Set, New, and Remove-WiFiProfile). Let’s take a look at Get-WifiProfile. If I run Get-WiFiProfile without parameters, it will return all the WiFi profiles on my computer.

Get-WiFiProfile without parameters

The Password property is blank. If we want to look at the Password, we must use the ClearKey switch.

Example of Get-WiFiProfile with the -ClearKey switch

It’s a lot easier than using netsh.exe. You can review the WiFiProfileManagement in it’s entirety on Github.

Jason Walker Senior Consultant

Author

The "Scripting Guys" is a historical title passed from scripter to scripter. The current revision has morphed into our good friend Doctor Scripto who has been with us since the very beginning.

0 comments

Discussion are closed.