def ShadowData(user):
## Open User's Plist Data
data = open('/var/db/dslocal/nodes/Default/users/%s.plist' % user, 'r')
## Read and buffer the user's Plist Data
plistData = buffer(data.read())
data.close
## Convert the Plist Data into a Dictionary
(userPlist, _, _) = (NSPropertyListSerialization.propertyListWithData_options_format_error_(plistData, NSPropertyListXMLFormat_v1_0, None, None))
## Read and buffer the user's ShadowHashData
userShadowHashData = buffer(userPlist['ShadowHashData'][0])
## Convert the ShadowHashData Data into a Dictionary
(userShadowHashPlist, _, _) = (NSPropertyListSerialization.propertyListWithData_options_format_error_(userShadowHashData, NSPropertyListXMLFormat_v1_0, None, None))
## Remove unsecured hash types
del userShadowHashPlist['CRAM-MD5']
del userShadowHashPlist['NT']
## Convert the ShadowHashData back to data
(userShadowHashData, _) = (NSPropertyListSerialization.dataWithPropertyList_format_options_error_(userShadowHashPlist, NSPropertyListBinaryFormat_v1_0, 0, None))
return str(userShadowHashData).encode('hex')
def writeHash(username, userHash):
bashCommand(['dscacheutil', '-flushcache'])
time.sleep(2)
## Open User's Plist Data
data = open('/var/db/dslocal/nodes/Default/users/%s.plist' % username, 'r')
## Read and buffer the user's Plist Data
plistData = buffer(data.read())
data.close
## Convert the Plist Data into a Dictionary
(userPlist, _, _) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(plistData, NSPropertyListXMLFormat_v1_0,
None, None))
## Read and buffer the new ShadowHashData
userShadowHashData = buffer(userHash.decode('hex'))
## Convert the ShadowHashData into a Dictionary
(userShadowHashPlist, _, _) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(userShadowHashData,
NSPropertyListXMLFormat_v1_0, None, None))
## Remove unsecured hash types
del userShadowHashPlist['CRAM-MD5']
del userShadowHashPlist['NT']
## Convert the ShadowHashData back to data
(userShadowHashData, _) = (
NSPropertyListSerialization.dataWithPropertyList_format_options_error_(userShadowHashPlist,
NSPropertyListBinaryFormat_v1_0, 0, None))
## Insert the new ShadowHashData into the User's Plist Dictionary
userPlist['ShadowHashData'][0] = userShadowHashData
## Convert the UserPlist back to data
(plistData, _) = (
NSPropertyListSerialization.dataWithPropertyList_format_options_error_(userPlist, NSPropertyListBinaryFormat_v1_0,
0, None))
## Write user's updated plist to disk
stream = io.open('/var/db/dslocal/nodes/Default/users/%s.plist' % username, 'bw')
stream.write(plistData)
stream.close
bashCommand(['dscacheutil', '-flushcache'])
time.sleep(2)
print '[+] User ['+username+'] new hash injected'
def writeHash(username, userHash):
bashCommand(['dscacheutil', '-flushcache'])
time.sleep(2)
## Open User's Plist Data
data = open('/var/db/dslocal/nodes/Default/users/%s.plist' % username, 'r')
## Read and buffer the user's Plist Data
plistData = buffer(data.read())
data.close
## Convert the Plist Data into a Dictionary
(userPlist, _, _) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(
plistData, NSPropertyListXMLFormat_v1_0, None, None))
## Read and buffer the new ShadowHashData
userShadowHashData = buffer(userHash.decode('hex'))
## Convert the ShadowHashData into a Dictionary
(userShadowHashPlist, _, _) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(
userShadowHashData, NSPropertyListXMLFormat_v1_0, None, None))
## Remove unsecured hash types
del userShadowHashPlist['CRAM-MD5']
del userShadowHashPlist['NT']
## Convert the ShadowHashData back to data
(userShadowHashData, _) = (
NSPropertyListSerialization.dataWithPropertyList_format_options_error_(
userShadowHashPlist, NSPropertyListBinaryFormat_v1_0, 0, None))
## Insert the new ShadowHashData into the User's Plist Dictionary
userPlist['ShadowHashData'][0] = userShadowHashData
## Convert the UserPlist back to data
(plistData, _) = (
NSPropertyListSerialization.dataWithPropertyList_format_options_error_(
userPlist, NSPropertyListBinaryFormat_v1_0, 0, None))
## Write user's updated plist to disk
stream = io.open('/var/db/dslocal/nodes/Default/users/%s.plist' % username,
'bw')
stream.write(plistData)
stream.close
bashCommand(['dscacheutil', '-flushcache'])
time.sleep(2)
def bin2str(token_bplist, account_bplist=None):
# Convert the decrypted binary plist to an NSData object that can be read.
bin_list = NSData.dataWithBytes_length_(token_bplist, len(token_bplist))
# Convert the binary NSData object into a dictionary object.
token_plist = NSPropertyListSerialization.propertyListWithData_options_format_error_(
bin_list, 0, None, None)[0]
# Accounts DB cache
if "$objects" in token_plist:
# Because it is accounts db cache, we should also have been passed
# account_bplist.
bin_list = NSData.dataWithBytes_length_(account_bplist,
len(account_bplist))
dsid_plist = NSPropertyListSerialization.propertyListWithData_options_format_error_(
bin_list, 0, None, None)[0]
for obj in dsid_plist["$objects"]:
if "{}".format(obj).startswith("urn:ds:"):
dsid = obj.replace("urn:ds:", "")
token_dict = {"dsid": dsid}
# Do some parsing to get the data out because it is not stored
# in a format that is easy to process with stdlibs
token_l = [
x.strip().replace(",", "")
for x in "{}".format(token_plist["$objects"]).splitlines()
]
pos_start = token_l.index("mmeBTMMInfiniteToken")
pos_end = (token_l.index("cloudKitToken") - pos_start + 1) * 2
token_short = token_l[pos_start:pos_start + pos_end]
zipped = zip(token_short[:len(token_short) / 2],
token_short[len(token_short) / 2:])
for token_type, token_value in zipped:
# Attempt to get generation time
# this parsing is a little hacky, but it seems to be the best way
# to handle all different kinds of iCloud tokens (new and old)
gen_time = get_generation_time(token_value)
token_dict[token_type] = (token_value, gen_time)
return token_dict
else:
return token_plist
def _dataToPlist(data):
"""low-level function that parses a data object into a propertyList object"""
darwin_vers = int(os.uname()[2].split(".")[0])
if darwin_vers > 10:
(
plistObject,
plistFormat,
error,
) = NSPropertyListSerialization.propertyListWithData_options_format_error_(
data, NSPropertyListMutableContainersAndLeaves, None, None
)
else:
# 10.5 doesn't support propertyListWithData:options:format:error:
# 10.6's PyObjC wrapper for propertyListWithData:options:format:error:
# is broken
# so use the older NSPropertyListSerialization function
(
plistObject,
plistFormat,
error,
) = NSPropertyListSerialization.propertyListFromData_mutabilityOption_format_errorDescription_(
data, NSPropertyListMutableContainersAndLeaves, None, None
)
if plistObject is None:
if error is None:
error = "Plist data is invalid and could not be deserialized."
raise NSPropertyListSerializationException(error)
else:
return plistObject
def read_file(self, path):
"""Replace internal XML dict with data from plist at path.
Args:
path: String path to a plist file.
Raises:
PlistParseError: Error in reading plist file.
"""
# pylint: disable=unused-variable
(
info,
pformat,
error,
) = NSPropertyListSerialization.propertyListWithData_options_format_error_(
NSData.dataWithContentsOfFile_(os.path.expanduser(path)),
NSPropertyListMutableContainersAndLeaves,
None,
None,
)
# pylint: enable=unused-variable
if info is None:
if error is None:
error = "Invalid plist file."
raise PlistParseError("Can't read %s: %s" % (path, error))
return info
def readPlistFromString(data):
'''Read a plist data from a string. Return the root object.'''
plistData = buffer(data)
(dataObject, plistFormat, error) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(
plistData, NSPropertyListMutableContainersAndLeaves, None, None))
if error:
raise NSPropertyListSerializationException(error)
else:
return dataObject
def readPlistFromString(data):
'''Read a plist data from a string. Return the root object.'''
plistData = buffer(data)
(dataObject, plistFormat, error) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(
plistData, NSPropertyListMutableContainersAndLeaves, None, None))
if error:
raise NSPropertyListSerializationException(error)
else:
return dataObject
def readPlist(filepath):
'''Read a .plist file from filepath. Return the unpacked root object
(which is usually a dictionary).'''
plistData = NSData.dataWithContentsOfFile_(filepath)
(dataObject, plistFormat, error) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(
plistData, NSPropertyListMutableContainersAndLeaves, None, None))
if error:
errmsg = u"%s in file %s" % (error, filepath)
raise NSPropertyListSerializationException(errmsg)
else:
return dataObject
def readPlist(filepath):
'''Read a .plist file from filepath. Return the unpacked root object
(which is usually a dictionary).'''
plistData = NSData.dataWithContentsOfFile_(filepath)
(dataObject, plistFormat, error) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(
plistData, NSPropertyListMutableContainersAndLeaves, None, None))
if error:
errmsg = u"%s in file %s" % (error, filepath)
raise NSPropertyListSerializationException(errmsg)
else:
return dataObject
def read_recipe(self, path):
"""Read a recipe into a dict."""
path = os.path.expanduser(path)
if not (os.path.isfile(path)):
raise Exception("File does not exist: %s" % path)
info, pformat, error = \
NSPropertyListSerialization.propertyListWithData_options_format_error_(
NSData.dataWithContentsOfFile_(path),
NSPropertyListMutableContainers,
None,
None
)
if error:
raise Exception("Can't read %s: %s" % (path, error))
self._xml = info
def read_recipe(self, path):
"""Read a recipe into a dict."""
path = os.path.expanduser(path)
if not (os.path.isfile(path)):
raise Exception("File does not exist: %s" % path)
info, pformat, error = \
NSPropertyListSerialization.propertyListWithData_options_format_error_(
NSData.dataWithContentsOfFile_(path),
NSPropertyListMutableContainers,
None,
None
)
if error:
raise Exception("Can't read %s: %s" % (path, error))
self._xml = info
def read(plist_path: str) -> Dict:
"""Read a plist file and return its contents as a dictionary."""
exc.raise_if_falsy(plist_path=plist_path)
data, error = NSData.dataWithContentsOfFile_options_error_(
plist_path, 0, objc.nil)
if not data:
msg = 'Failed to load plist file at path: {}'.format(plist_path)
_raise_ioerror_from_nserror(error, msg)
contents, dummy, error = NSPropertyListSerialization.propertyListWithData_options_format_error_(
data, NSPropertyListMutableContainersAndLeaves, objc.nil, objc.nil)
if not contents:
msg = 'Failed to deserialize plist at path: {}'.format(plist_path)
_raise_ioerror_from_nserror(error, msg)
return contents
def retrieve_account_identifiers():
path = NSSearchPathForDirectoriesInDomains(NSLibraryDirectory,
NSUserDomainMask,
True).firstObject()
path = os.path.join(path, 'Group Containers',
'Q8B696Y8U4.com.ddeville.spillo', 'Library',
'Preferences', 'Q8B696Y8U4.com.ddeville.spillo.plist')
data = NSData.dataWithContentsOfFile_(path)
if data is None:
return None
defaults = NSPropertyListSerialization.propertyListWithData_options_format_error_(
data, 0, None, None)[0]
if defaults is None:
return None
accounts = defaults.get("accounts")
if accounts is None:
return None
return accounts.valueForKey_("identifier")
def _dataToPlist(data):
'''low-level function that parses a data object into a propertyList object'''
darwin_vers = int(os.uname()[2].split('.')[0])
if darwin_vers > 10:
(plistObject, plistFormat, error) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(
data, NSPropertyListMutableContainersAndLeaves, None, None))
else:
# 10.5 doesn't support propertyListWithData:options:format:error:
# 10.6's PyObjC wrapper for propertyListWithData:options:format:error:
# is broken
# so use the older NSPropertyListSerialization function
(plistObject, plistFormat, error) = (
NSPropertyListSerialization.propertyListFromData_mutabilityOption_format_errorDescription_(
data, NSPropertyListMutableContainersAndLeaves, None, None
)
)
if plistObject is None:
if error is None:
error = "Plist data is invalid and could not be deserialized."
raise NSPropertyListSerializationException(error)
else:
return plistObject
def read_file(self, path):
"""Replace internal XML dict with data from plist at path.
Args:
path: String path to a plist file.
Raises:
PlistParseError: Error in reading plist file.
"""
# pylint: disable=unused-variable
info, pformat, error = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(
NSData.dataWithContentsOfFile_(os.path.expanduser(path)),
NSPropertyListMutableContainersAndLeaves,
None,
None
))
# pylint: enable=unused-variable
if info is None:
if error is None:
error = "Invalid plist file."
raise PlistParseError("Can't read %s: %s" % (path, error))
return info
def unplist(s):
from Foundation import NSData, NSPropertyListSerialization
d = NSData.dataWithBytes_length_(s, len(s))
return NSPropertyListSerialization.propertyListWithData_options_format_error_(
d, 0, None, None)
def unplist(s):
from Foundation import NSData, NSPropertyListSerialization
d = NSData.dataWithBytes_length_(s, len(s))
return NSPropertyListSerialization.propertyListWithData_options_format_error_(d, 0, None, None)
sys.exit()
msg = base64.b64decode(icloud_key)
key = "t9s\"lx^awe.580Gj%'ld+0LG<#9xa?>vb)-fkwb92[}" # Constant key used for hashing Hmac on all versions of macOS.
# Create Hmac with this key and icloud_key using MD5
hashed = hmac.new(key, msg, digestmod=hashlib.md5).digest()
hexed_key = binascii.hexlify(hashed) # Turn into hex for openssl subprocess
IV = 16 * '0'
mme_token_file = glob.glob("%s/Library/Application Support/iCloud/Accounts/*" % os.path.expanduser("~"))
for x in mme_token_file:
try:
int(x.split("/")[-1]) # If we can cast to int we have the DSID / account file.
mme_token_file = x
except ValueError:
continue
if not isinstance(mme_token_file, str):
print "Failed to find MMeTokenFile."
sys.exit()
# Perform decryption with zero dependencies by using openssl binary
decrypted_binary = subprocess.check_output(
"openssl enc -d -aes-128-cbc -iv '%s' -K %s < '%s'" % (IV, hexed_key, mme_token_file), shell=True)
# Convert the decrypted binary plist to an NSData object that can be read
bin_to_plist = NSData.dataWithBytes_length_(decrypted_binary, len(decrypted_binary))
# Convert the binary NSData object into a dictionary object
token_plist = NSPropertyListSerialization.propertyListWithData_options_format_error_(bin_to_plist, 0, None, None)[0]
print_tokens_json(token_plist)
def parse_plist(info_plist_string): # Use PyObjC, pre-installed in Apple's Python dist. data = NSData.dataWithBytes_length_(info_plist_string, len(info_plist_string)) return NSPropertyListSerialization.propertyListWithData_options_format_error_(data, 0, None, None)
def parse_plist(info_plist_string):
# Use PyObjC, pre-installed in Apple's Python dist.
data = NSData.dataWithBytes_length_(info_plist_string,
len(info_plist_string))
return NSPropertyListSerialization.propertyListWithData_options_format_error_(
data, 0, None, None)
# https://developer.apple.com/library/mac/documentation/cocoa/conceptual/PropertyLists/Introduction/Introduction.html
from Foundation import NSData
from Foundation import NSPropertyListSerialization
from Foundation import NSPropertyListMutableContainersAndLeaves
filename = "/Library/Preferences/com.apple.loginwindow.plist"
plist_data = NSData.dataWithContentsOfFile_(filename)
(dataObject, plistFormat, error) = (
NSPropertyListSerialization.propertyListWithData_options_format_error_(
plist_data, NSPropertyListMutableContainersAndLeaves, None, None))
print dataObject
