def sid_to_key(sid):
s1 = b""
s1 += chr_or_byte(sid & 0xFF)
s1 += chr_or_byte((sid >> 8) & 0xFF)
s1 += chr_or_byte((sid >> 16) & 0xFF)
s1 += chr_or_byte((sid >> 24) & 0xFF)
s1 += int_or_bytes(s1[0])
s1 += int_or_bytes(s1[1])
s1 += int_or_bytes(s1[2])
s2 = int_or_bytes(s1[3]) + int_or_bytes(s1[0]) + int_or_bytes(s1[1]) + int_or_bytes(s1[2])
s2 += int_or_bytes(s2[0]) + int_or_bytes(s2[1]) + int_or_bytes(s2[2])
return str_to_key(s1), str_to_key(s2)
def __init__(self):
self.banner = '''
|====================================================================|
| |
| The LaZagne Project |
| |
| ! BANG BANG ! |
| |
|====================================================================|
'''
self.FILTER = b''.join([((len(repr(chr_or_byte(x))) == 3 and python_version == 2) or
(len(repr(chr_or_byte(x))) == 4 and python_version == 3))
and chr_or_byte(x) or b'.' for x in range(256)])
def CryptDeriveKey(h, cipherAlgo, hashAlgo):
"""
Internal use. Mimics the corresponding native Microsoft function
"""
if len(h) > hashAlgo.blockSize:
h = hashlib.new(hashAlgo.name, h).digest()
if len(h) >= cipherAlgo.keyLength:
return h
h += b"\x00" * int(hashAlgo.blockSize)
ipad = b"".join(chr_or_byte(char_to_int(h[i]) ^ 0x36) for i in range(int(hashAlgo.blockSize)))
opad = b"".join(chr_or_byte(char_to_int(h[i]) ^ 0x5c) for i in range(int(hashAlgo.blockSize)))
k = hashlib.new(hashAlgo.name, ipad).digest() + hashlib.new(hashAlgo.name, opad).digest()
k = k[:cipherAlgo.keyLength]
k = cipherAlgo.do_fixup_key(k)
return k
def CryptSessionKeyXP(masterkey,
nonce,
hashAlgo,
entropy=None,
strongPassword=None,
verifBlob=None):
"""
Computes the decryption key for XP DPAPI blob, given the masterkey and optional information.
This implementation relies on a faulty implementation from Microsoft that does not respect the HMAC RFC.
Instead of updating the inner pad, we update the outer pad...
This algorithm is also used when checking the HMAC for integrity after decryption
:param masterkey: decrypted masterkey (should be 64 bytes long)
:param nonce: this is the nonce contained in the blob or the HMAC in the blob (integrity check)
:param entropy: this is the optional entropy from CryptProtectData() API
:param strongPassword: optional password used for decryption or the blob itself
:param verifBlob: optional encrypted blob used for integrity check
:returns: decryption key
:rtype : str
"""
if len(masterkey) > 20:
masterkey = hashlib.sha1(masterkey).digest()
masterkey += b"\x00" * int(hashAlgo.blockSize)
ipad = b"".join(
chr_or_byte(char_to_int(masterkey[i]) ^ 0x36)
for i in range(int(hashAlgo.blockSize)))
opad = b"".join(
chr_or_byte(char_to_int(masterkey[i]) ^ 0x5c)
for i in range(int(hashAlgo.blockSize)))
digest = hashlib.new(hashAlgo.name)
digest.update(ipad)
digest.update(nonce)
tmp = digest.digest()
digest = hashlib.new(hashAlgo.name)
digest.update(opad)
digest.update(tmp)
if entropy is not None:
digest.update(entropy)
if strongPassword is not None:
strongPassword = hashlib.sha1(
strongPassword.rstrip("\x00").encode("UTF-16LE")).digest()
digest.update(strongPassword)
elif verifBlob is not None:
digest.update(verifBlob)
return digest.digest()
def str_to_key(s):
key = []
key.append(char_to_int(s[0]) >> 1)
key.append(((char_to_int(s[0]) & 0x01) << 6) | (char_to_int(s[1]) >> 2))
key.append(((char_to_int(s[1]) & 0x03) << 5) | (char_to_int(s[2]) >> 3))
key.append(((char_to_int(s[2]) & 0x07) << 4) | (char_to_int(s[3]) >> 4))
key.append(((char_to_int(s[3]) & 0x0F) << 3) | (char_to_int(s[4]) >> 5))
key.append(((char_to_int(s[4]) & 0x1F) << 2) | (char_to_int(s[5]) >> 6))
key.append(((char_to_int(s[5]) & 0x3F) << 1) | (char_to_int(s[6]) >> 7))
key.append(char_to_int(s[6]) & 0x7F)
for i in range(8):
key[i] = (key[i] << 1)
key[i] = odd_parity[key[i]]
return b"".join(chr_or_byte(k) for k in key)
def bytes_to_text(self, byte_list):
s = b''
for byte in byte_list:
s += chr_or_byte(byte)
return s
def xorstring(self, s, k):
"""
xors the two strings
"""
return b''.join(chr_or_byte(char_to_int(x) ^ char_to_int(y)) for x, y in zip(s, k))
