Esempi in Python per Keybag.createWithPlist

Esempio n. 1

    def __init__(self, bdev, device_infos, **kwargs):
        super(EMFVolume, self).__init__(bdev, **kwargs)
        volumeid = self.volumeID().encode("hex")

        if not device_infos:
            dirname = os.path.dirname(bdev.filename)
            device_infos = search_plist(dirname, {"dataVolumeUUID": volumeid})
            if not device_infos:
                raise Exception("Missing keyfile")
        try:
            self.emfkey = None
            if device_infos.has_key("EMF"):
                self.emfkey = device_infos["EMF"].decode("hex")
            self.lbaoffset = device_infos["dataVolumeOffset"]
            self.keybag = Keybag.createWithPlist(device_infos)
        except:
            raise  #Exception("Invalid keyfile")

        rootxattr = self.getXattr(kHFSRootParentID,
                                  "com.apple.system.cprotect")
        self.decrypted = (self.header.finderInfo[3] == FLAG_DECRYPTED)
        self.cp_major_version = None
        self.cp_root = None
        if rootxattr == None:
            print "(No root com.apple.system.cprotect xattr)"
        else:
            self.cp_root = cp_root_xattr.parse(rootxattr)
            ver = self.cp_root.major_version
            print "cprotect version : %d (iOS %d)" % (ver, 4 + int(ver != 2))
            assert self.cp_root.major_version == 2 or self.cp_root.major_version == 4
            self.cp_major_version = self.cp_root.major_version
        self.keybag = loadKeybagFromVolume(self, device_infos)

Esempio n. 2

    def __init__(self, file, **kwargs):
        super(EMFVolume, self).__init__(file, **kwargs)
        pl = "%s.plist" % self.volumeID().encode("hex")
        dirname = os.path.dirname(file)
        if dirname != "":
            pl = dirname + "/" + pl
        if not os.path.exists(pl):
            raise Exception("Missing keyfile %s" % pl)
        try:
            pldict = plistlib.readPlist(pl)
            self.emfkey = pldict["EMF"].decode("hex")
            self.lbaoffset = pldict["dataVolumeOffset"]
            self.keystore = Keybag.createWithPlist(pldict)
        except:
            raise  #Exception("Invalid keyfile")

        rootxattr = self.getXattr(kHFSRootParentID,
                                  "com.apple.system.cprotect")
        self.cp_major_version = None
        if rootxattr == None:
            print "Not an EMF image, no root com.apple.system.cprotec xattr"
        else:
            self.cp_root = cp_root_xattr.parse(rootxattr)
            print "cprotect version :", self.cp_root.major_version
            assert self.cp_root.major_version == 2 or self.cp_root.major_version == 4
            self.cp_major_version = self.cp_root.major_version

Esempio n. 3

File: emf.py Progetto: 0bj3ct1veC/iphone-dataprotection

    def __init__(self, bdev, device_infos, **kwargs):
        super(EMFVolume,self).__init__(bdev, **kwargs)
        volumeid = self.volumeID().encode("hex")

        if not device_infos:
            dirname = os.path.dirname(bdev.filename)
            device_infos = search_plist(dirname, {"dataVolumeUUID":volumeid})
            if not device_infos:
                raise Exception("Missing keyfile")
        try:
            self.emfkey = None
            if device_infos.has_key("EMF"):
                self.emfkey = device_infos["EMF"].decode("hex")
            self.lbaoffset = device_infos["dataVolumeOffset"]
            self.keybag = Keybag.createWithPlist(device_infos)
        except:
            raise #Exception("Invalid keyfile")
        
        self.decrypted = (self.header.finderInfo[3] == FLAG_DECRYPTED) 
        rootxattr =  self.getXattr(kHFSRootParentID, "com.apple.system.cprotect")
        self.cp_major_version = None
        self.cp_root = None
        if rootxattr == None:
            print "(No root com.apple.system.cprotect xattr)"
        else:
            self.cp_root = cp_root_xattr.parse(rootxattr)
            ver = self.cp_root.major_version
            print "cprotect version : %d" % ver
            assert self.cp_root.major_version == 2 or self.cp_root.major_version == 4
            self.cp_major_version = self.cp_root.major_version
        self.keybag = loadKeybagFromVolume(self, device_infos)

Esempio n. 4

File: keychain_tool.py Progetto: WilhelmTell1337/wilhelmtell-iosplayground

def main():
    parser = OptionParser(usage="%prog keychain.db keyfile.plist")
    parser.add_option("-d", "--display", dest="display", action="store_true", default=False,
                  help="Show keychain items on stdout")
    parser.add_option("-s", "--sanitize", dest="sanitize", action="store_true", default=False,
                  help="Hide secrets on stdout with ***")
    parser.add_option("-p", "--passwords", dest="passwords", action="store_true", default=False,
                  help="Save generic & internet passwords as CSV file")
    parser.add_option("-c", "--certs", dest="certs", action="store_true", default=False,
                  help="Extract certificates and keys")
    parser.add_option("-o", "--old", dest="oldpass", action="store_true", default=False,
                  help="Bruteforce old passcodes")
    
    (options, args) = parser.parse_args()
    if len(args) < 2:
        parser.print_help()
        return
    
    p = plistlib.readPlist(args[1])
    kb = Keybag.createWithPlist(p)
    k = keychain_load(args[0], kb, p["key835"].decode("hex"))
    
    if options.display:
        k.print_all(options.sanitize)
    if options.passwords:
        k.save_passwords()
    if options.certs:
        k.save_certs_keys()

    if options.oldpass:
        mc = k.get_managed_configuration()
        if not mc:
            print "Managed configuration not found"
            return
        print "Bruteforcing %d old passcodes" % len(mc.get("history",[]))
        for h in mc["history"]:
            p = bruteforce_old_pass(h)
            if p:
                print "Found : %s" % p
            else:
                print "Not Found"

Esempio n. 5

File: emf.py Progetto: WilhelmTell1337/wilhelmtell-iosplayground

 def __init__(self, file, **kwargs):
     super(EMFVolume,self).__init__(file, **kwargs)
     pl = "%s.plist" % self.volumeID().encode("hex")
     dirname = os.path.dirname(file)
     if dirname != "":
         pl = dirname + "/" + pl
     if not os.path.exists(pl):
         raise Exception("Missing keyfile %s" % pl)
     try:
         pldict = plistlib.readPlist(pl)
         self.emfkey = pldict["EMF"].decode("hex")
         self.lbaoffset = pldict["dataVolumeOffset"]
         self.keystore = Keybag.createWithPlist(pldict)
     except:
         raise #Exception("Invalid keyfile")
     
     rootxattr =  self.getXattr(kHFSRootParentID, "com.apple.system.cprotect")
     if rootxattr == None:
         print "Not an EMF image, no root com.apple.system.cprotec xattr"
     else:
         self.cp_root = cp_root_xattr.parse(rootxattr)
         print "cprotect version :", self.cp_root.major_version
         assert self.cp_root.major_version == 2 or self.cp_root.major_version == 4

Esempio n. 6

File: keychain_tool.py Progetto: AbhinavBansal/iOS-DataProtection-ToolKit

def main():
    parser = OptionParser(usage="%prog keychain.db/keychain-backup.plist keyfile.plist/Manifest.plist")
    parser.add_option("-d", "--display", dest="display", action="store_true", default=False,
                  help="Show keychain items on stdout")
    parser.add_option("-s", "--sanitize", dest="sanitize", action="store_true", default=False,
                  help="Hide secrets on stdout with ***")
    parser.add_option("-p", "--passwords", dest="passwords", action="store_true", default=False,
                  help="Save generic & internet passwords as CSV file")
    parser.add_option("-c", "--certs", dest="certs", action="store_true", default=False,
                  help="Extract certificates and keys")
    parser.add_option("-o", "--old", dest="oldpass", action="store_true", default=False,
                  help="Bruteforce old passcodes")
    
    (options, args) = parser.parse_args()
    if len(args) < 2:
        parser.print_help()
        return
    
    p = readPlist(args[1])
    
    if p.has_key("BackupKeyBag"):
        deviceKey = None
        if p.has_key("key835"):
            deviceKey = p["key835"].decode("hex")
        else:
            if not p["IsEncrypted"]:
                print "This backup is not encrypted, without key 835 nothing in the keychain can be decrypted"
            print "If you have key835 for device %s enter it (in hex)" % p["Lockdown"]["UniqueDeviceID"]
            d = raw_input()
            if len(d) == 32:
                p["key835"] = d
                deviceKey = d.decode("hex")
                plistlib.writePlist(p, args[1])
        
        kb = Keybag.createWithBackupManifest(p, p.get("password",""), deviceKey)
        if not kb:
            return
        k = Keychain4(args[0], kb)
    else:
        kb = Keybag.createWithPlist(p)
        k = keychain_load(args[0], kb, p["key835"].decode("hex"))
    
    if options.display:
        k.print_all(options.sanitize)
    if options.passwords:
        k.save_passwords()
    if options.certs:
        k.save_certs_keys()

    if options.oldpass:
        mc = k.get_managed_configuration()
        if not mc:
            print "Managed configuration not found"
            return
        print "Bruteforcing %d old passcodes" % len(mc.get("history",[]))
        for h in mc["history"]:
            p = bruteforce_old_pass(h)
            if p:
                print "Found : %s" % p
            else:
                print "Not Found"

Esempio n. 7

File: keychain_tool.py Progetto: dinosec/iphone-dataprotection-xcode5

def main():
    parser = OptionParser(
        usage=
        "%prog keychain.db/keychain-backup.plist keyfile.plist/Manifest.plist")
    parser.add_option("-d",
                      "--display",
                      dest="display",
                      action="store_true",
                      default=False,
                      help="Show keychain items on stdout")
    parser.add_option("-s",
                      "--sanitize",
                      dest="sanitize",
                      action="store_true",
                      default=False,
                      help="Hide secrets on stdout with ***")
    parser.add_option("-p",
                      "--passwords",
                      dest="passwords",
                      action="store_true",
                      default=False,
                      help="Save generic & internet passwords as CSV file")
    parser.add_option("-c",
                      "--certs",
                      dest="certs",
                      action="store_true",
                      default=False,
                      help="Extract certificates and keys")
    parser.add_option("-o",
                      "--old",
                      dest="oldpass",
                      action="store_true",
                      default=False,
                      help="Bruteforce old passcodes")

    (options, args) = parser.parse_args()
    if len(args) < 2:
        parser.print_help()
        return

    p = readPlist(args[1])

    if p.has_key("BackupKeyBag"):
        deviceKey = None
        if p.has_key("key835"):
            deviceKey = p["key835"].decode("hex")
        else:
            if not p["IsEncrypted"]:
                print "This backup is not encrypted, without key 835 nothing in the keychain can be decrypted"
            print "If you have key835 for device %s enter it (in hex)" % p[
                "Lockdown"]["UniqueDeviceID"]
            d = raw_input()
            if len(d) == 32:
                p["key835"] = d
                deviceKey = d.decode("hex")
                plistlib.writePlist(p, args[1])

        kb = Keybag.createWithBackupManifest(p, p.get("password", ""),
                                             deviceKey)
        if not kb:
            return
        k = Keychain4(args[0], kb)
    else:
        kb = Keybag.createWithPlist(p)
        k = keychain_load(args[0], kb, p["key835"].decode("hex"))

    if options.display:
        k.print_all(options.sanitize)
    if options.passwords:
        k.save_passwords()
    if options.certs:
        k.save_certs_keys()

    if options.oldpass:
        mc = k.get_managed_configuration()
        if not mc:
            print "Managed configuration not found"
            return
        print "Bruteforcing %d old passcodes" % len(mc.get("history", []))
        for h in mc["history"]:
            p = bruteforce_old_pass(h)
            if p:
                print "Found : %s" % p
            else:
                print "Not Found"

Esempio n. 8

File: keychain_tool.py Progetto: WilhelmTell1337/wilhelmtell-iosplayground

def main():
    parser = OptionParser(usage="%prog keychain.db keyfile.plist")
    parser.add_option("-d",
                      "--display",
                      dest="display",
                      action="store_true",
                      default=False,
                      help="Show keychain items on stdout")
    parser.add_option("-s",
                      "--sanitize",
                      dest="sanitize",
                      action="store_true",
                      default=False,
                      help="Hide secrets on stdout with ***")
    parser.add_option("-p",
                      "--passwords",
                      dest="passwords",
                      action="store_true",
                      default=False,
                      help="Save generic & internet passwords as CSV file")
    parser.add_option("-c",
                      "--certs",
                      dest="certs",
                      action="store_true",
                      default=False,
                      help="Extract certificates and keys")
    parser.add_option("-o",
                      "--old",
                      dest="oldpass",
                      action="store_true",
                      default=False,
                      help="Bruteforce old passcodes")

    (options, args) = parser.parse_args()
    if len(args) < 2:
        parser.print_help()
        return

    p = plistlib.readPlist(args[1])
    kb = Keybag.createWithPlist(p)
    k = keychain_load(args[0], kb, p["key835"].decode("hex"))

    if options.display:
        k.print_all(options.sanitize)
    if options.passwords:
        k.save_passwords()
    if options.certs:
        k.save_certs_keys()

    if options.oldpass:
        mc = k.get_managed_configuration()
        if not mc:
            print "Managed configuration not found"
            return
        print "Bruteforcing %d old passcodes" % len(mc.get("history", []))
        for h in mc["history"]:
            p = bruteforce_old_pass(h)
            if p:
                print "Found : %s" % p
            else:
                print "Not Found"