I assume you are asking about the way that CAIN decrypts MS Terminal Services strong encryption? If so, the answer is much simpler than you think. MS embedded the key in a DLL file which CAIN simply grabs and uses for the decrypt. No magic here.