Evil Client Documentation

Installation

To use the Evil Client you need to follow these simple steps:

1. Install the Cisco VPN Client and make sure it is working
2. Install the Evil Client and adapt the settings to fit your needs. Make sure you set the correct profiles path!
3. From now on you only need to start the Evil Client to connect to your VPN (though you must not uninstall the Cisco Client, see FAQ below)

Settings

1. Here you need to specify the path where all your Cisco VPN Client profiles are located. Make sure that all profiles have the file extension pcf.
2. The second option allows you to execute a command as soon as the VPN connection is established or terminated. Don't forget to include quotes if the path contains white spaces. Moreover you can control whether the new process is started hidden or visible.
3. Setting 3b controls the password storage mechanism and gives you two options to choose from.
• Save passwords using secure storage - this means that all login credentials will be stored encrypted in the Evil Client configuration file (%APPDATA%\EvilClient\ECConfig.ini). You need to set a master password (3a in the image) which needs to be entered upon startup of the Evil Client
• Save passwords in Cisco profiles - when this option is used, all login credentials are saved in the original Cisco profile files. You don't need to enter a password here in this case. If you use this method, you should keep in mind that everyone with access to your profile files is able to decrypt your login passwords.
4. The Evil Client keeps a flag for each profile indicating whether the saved login credentials for this profile are assumed to be correct. This flag can be reset with this button, so the Evil Client will ask you on the next connection attempt for the login data. This is useful when you receive connection errors or your login credentials have been changed outside of the EC. (One reason why we need the aforementioned flag is that the Cisco Service doesn't provide a way to check for wrong group passwords)
5. Controls whether the Evil Client should keep the VPN connection online all the time. Besides, you can force the Evil Client to wait a few seconds before a new connection attempt is made. Setting this value to zero causes immediate reconnects.
6. If checked and the Evil Client is closed by the user, a possibly existing VPN connection will be disconnected.
7. This settings lets you control if the Evil Client should try to acquire an IP upon connection, which hasn't been used before for a given amount of minutes. Assume you want to download some files, but the download service always blocks your IP for 60 minutes. If you now enter 60 here, the Evil Client will keep on reconnecting until a new IP is acquired which hasn't been used in the last 60 minutes.
8. After a given amount of time has elapsed, the Evil Client will automatically force a reconnection

FAQ

Q: What about the Cisco VPN Client? Do I still have to start it?

A: The Evil Client replaces the Cisco VPN Client GUI, so you only need to start the Evil Client.
It's not necessary to start the original Cisco Client anymore.

Q: Since I don't need the Cisco Client GUI, can I just uninstall the Cisco Client?

A: No, because the Evil Client communicates with the background service in order to control the VPN driver.

Q: I just want my connection to be up 24/7! What options do I have to set?

A: Basically the out of the box configuration does exactly what you want. Make sure that "Automatically reconnect on disconnection" is enabled and that your profiles path in the options dialog is correct.

Q: Whenever I want to connect, the Evil Client says "Bad Password" and I have to re-enter my password to establish a connection. What's wrong?

A: Actually this should never happen, but if you upgraded from an older version or changed the login credentials via the original Cisco Client, this error shows up. To solve this issue go to the options dialog and press the button "Invalidate all passwords". Upon the next connection attempt, you will have to enter the respective login credentials again.
The Evil Client manages an internal flag for every profile which indicates whether the saved password is known to be correct for the respective profile. This is necessary because the Cisco Client itself offers no way to distinguish between the "disconnected" state and the "wrong password" state (try to connect with a wrong group password with the original client - it just disconnects because it cannot differentiate between "disconnected" and "wrong password").

Q: How does the Evil Client work? How is it related to the Cisco Client?

A: The Cisco VPN system consists of 3 components:

• Cisco Client GUI
• background service
• kernel mode driver

Whenever a new connection is initiated, the GUI process passes the connect command to the background service, which in turn uses the kernel mode driver to actually establish the VPN tunnel.
The protocol used between GUI and background service has been reverse engineered and is employed by the Evil Client in order to control the background service in a more intelligent way than the original client, i.e. the Evil Client is able to trigger a reconnection upon disconnection of the VPN tunnel.
On the other hand this also means that in the case the Cisco Client doesn't work with your system configuration, neither will the Evil Client. That said, the Evil Client fully replaces the Cisco Client GUI.