def __init__(self, reader):
self.Flink = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader)
self.Blink = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader)
self.unk0 = DWORD(reader)
reader.align()
self.LockList = PVOID(reader)
self.unk1 = PVOID(reader)
self.unk2 = PVOID(reader)
self.unk3 = PVOID(reader)
self.unk4 = PVOID(reader)
self.unk5 = PVOID(reader)
self.unk6 = DWORD(reader)
self.unk7 = DWORD(reader)
self.unk8 = DWORD(reader)
self.unk9 = DWORD(reader)
self.unkLogin0 = PVOID(reader) #PCWSTR
self.unkLogin1 = PVOID(reader) #PCWSTR
self.toname = reader.read(130) #wchar_t [64 + 1];
reader.align()
self.Sid = PSID(reader).value
self.unk10 = DWORD(reader)
self.unk11 = DWORD(reader)
self.unk12 = DWORD(reader)
self.unk13 = DWORD(reader)
self.toDetermine = PKIWI_CLOUDAP_CACHE_UNK(reader)
self.unk14 = PVOID(reader)
self.cbPRT = DWORD(reader).value
reader.align()
self.PRT = PVOID(reader) #PBYTE(reader)
def __init__(self, reader):
self.unk0 = DWORD(reader)
self.unk1 = DWORD(reader)
self.unk2 = DWORD(reader)
self.unkSize = DWORD(reader).value
self.guid = GUID(reader)
self.unk = reader.read(64)
def __init__(self, reader): self.unk0 = DWORD(reader).value #// dword_1233EC8 dd 4 self.cbItem = DWORD(reader).value #// debug048:01233ECC dd 5(reader).value self.unk1 = PVOID(reader).value self.unk2 = PVOID(reader).value #//KERB_HASHPASSWORD_5 KeysEntries[ANYSIZE_ARRAY] = (reader).value self.KeyEntries_start = reader.tell() self.KeyEntries = []
def __init__(self, reader): self.PinCode = LSA_UNICODE_STRING(reader) self.unk0 = PVOID(reader) self.unk1 = PVOID(reader) self.CertificateInfos = PVOID(reader) self.unkData = PVOID(reader) # // 0 = CspData self.Flags = DWORD(reader).value # // 1 = CspData (not 0x21)(reader).value self.CspDataLength = DWORD(reader).value self.CspData = KERB_SMARTCARD_CSP_INFO_5(reader, size = self.CspDataLength)
def __init__(self, reader):
self.Flink = PKIWI_CLOUDAP_LOGON_LIST_ENTRY(reader)
self.Blink = PKIWI_CLOUDAP_LOGON_LIST_ENTRY(reader)
self.unk0 = DWORD(reader)
self.unk1 = DWORD(reader)
self.LocallyUniqueIdentifier = LUID(reader).value
self.unk2 = DWORD64(reader)
self.unk3 = DWORD64(reader)
self.cacheEntry = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader)
def __init__(self, reader):
#print('KIWI_KERBEROS_KEYS_LIST_6')
#print(hexdump(reader.peek(0x100), start = reader.tell()))
self.unk0 = DWORD(reader).value # // dword_1233EC8 dd 4(reader).value
self.cbItem = DWORD(reader).value # // debug048:01233ECC dd 5(reader).value
self.unk1 = PVOID(reader).value
self.unk2 = PVOID(reader).value
self.unk3 = PVOID(reader).value
self.unk4 = PVOID(reader).value
self.KeyEntries_start = reader.tell()
self.KeyEntries = []
def __init__(self, reader): self.PinCode = LSA_UNICODE_STRING(reader) self.unk0 = PVOID(reader).value self.unk1 = PVOID(reader).value self.CertificateInfos = PVOID(reader).value self.unk2 = PVOID(reader).value self.unkData = PVOID(reader).value #// 0 = CspData(reader).value self.Flags = DWORD(reader).value #// 0 = CspData(reader).value self.unkFlags = DWORD(reader).value #// 0x141 (not 0x61) self.CspDataLength = DWORD(reader).value self.CspData = KERB_SMARTCARD_CSP_INFO(reader).value
def __init__(self, reader):
self.unk0 = DWORD(reader)
self.unk1 = DWORD(reader)
self.cbDomain = WORD(reader).value
self.cbUsername = WORD(reader).value
self.cbPassword = WORD(reader).value
self.unk2 = DWORD(reader)
self.Domain = reader.read(512)
self.UserName = reader.read(512)
self.Password_addr = reader.tell()
self.Password = reader.read(512)
def __init__(self, reader): self.dwCspInfoLen = DWORD(reader).value self.MessageType = DWORD(reader).value self.ContextInformation = PVOID(reader).value #U self.SpaceHolderForWow64 = ULONG64(reader).value #U self.flags = DWORD(reader).value self.KeySpec = DWORD(reader).value self.nCardNameOffset = ULONG(reader).value self.nReaderNameOffset = ULONG(reader).value self.nContainerNameOffset = ULONG(reader).value self.nCSPNameOffset = ULONG(reader).value self.bBuffer[ANYSIZE_ARRAY] = WCHAR(reader).value
def __init__(self, reader):
#self.unkp0 = PVOID(reader).value
#self.unkp1 = PVOID(reader).value
self.unkh0 = DWORD(reader).value # 0xdbcaabcd
self.unkd0 = DWORD(reader).value # 3
self.unkp2 = PVOID(reader).value
self.unkd1 = DWORD(reader).value # 45
reader.align()
self.unkp3 = PVOID(reader).value
reader.align()
self.pProperties_addr = reader.tell()
self.pProperties = PVOID(reader) #PTS_PROPERTY_KIWI(reader)
self.cbProperties = DWORD(reader).value
def __init__(self, reader):
self.unk0 = DWORD(reader)
self.unk1 = DWORD(reader)
self.cbDomain = WORD(
reader
).value + 511 #making it compatible with the other version. this is probably a bool?
self.cbUsername = WORD(reader).value + 511
self.cbPassword = WORD(reader).value + 511
self.unk2 = DWORD(reader)
self.Domain = reader.read(512)
self.UserName = reader.read(512)
self.Password_addr = reader.tell()
self.Password = reader.read(512)
def __init__(self, reader):
reader.align()
self.szProperty = PCWSTR(reader).value
self.dwType = DWORD(reader).value
reader.align()
self.pvData = PVOID(reader).value
self.unkp0 = PVOID(reader).value
self.unkd0 = DWORD(reader).value
self.dwFlags = DWORD(reader).value
self.unkd1 = DWORD(reader).value
self.unkd2 = DWORD(reader).value
self.pValidator = PVOID(reader).value
self.unkp2 = PVOID(reader).value
self.unkp3 = PVOID(reader).value
def __init__(self, reader):
self.Flink = PKIWI_LIVESSP_LIST_ENTRY(reader)
self.Blink = PKIWI_LIVESSP_LIST_ENTRY(reader)
self.unk0 = PVOID(reader)
self.unk1 = PVOID(reader)
self.unk2 = PVOID(reader)
self.unk3 = PVOID(reader)
self.unk4 = DWORD(reader).value
self.unk5 = DWORD(reader).value
self.unk6 = PVOID(reader)
self.LocallyUniqueIdentifier = LUID(reader).value
self.UserName = LSA_UNICODE_STRING(reader)
self.unk7 = PVOID(reader)
self.suppCreds = PKIWI_LIVESSP_PRIMARY_CREDENTIAL(reader)
def __init__(self, reader, size): pos = reader.tell() #self.dwCspInfoLen = DWORD(reader).value self.MessageType = DWORD(reader).value self.ContextInformation = PVOID(reader).value #U self.SpaceHolderForWow64 = ULONG64(reader).value #U self.flags = DWORD(reader).value self.KeySpec = DWORD(reader).value self.nCardNameOffset = ULONG(reader).value * 2 self.nReaderNameOffset = ULONG(reader).value * 2 self.nContainerNameOffset = ULONG(reader).value * 2 self.nCSPNameOffset = ULONG(reader).value * 2 diff = reader.tell() - pos data = reader.read(size - diff + 4) self.bBuffer = io.BytesIO(data)
def __init__(self, reader):
#print('KERB_HASHPASSWORD_GENERIC')
#print(hexdump(reader.peek(0x50), start = reader.tell()))
self.Type = DWORD(reader).value
reader.align()
self.Size = SIZE_T(reader).value
self.Checksump = PVOID(reader) #this holds the actual credentials dunno why it's named this way...
def __init__(self, reader): self.dwCspInfoLen = DWORD(reader).value self.ContextInformation = PVOID(reader).value self.nCardNameOffset = ULONG(reader).value self.nReaderNameOffset = ULONG(reader).value self.nContainerNameOffset = ULONG(reader).value self.nCSPNameOffset = ULONG(reader).value self.bBuffer = WCHAR(reader).value
def __init__(self, reader):
self.UserName = LSA_UNICODE_STRING(reader)
self.Domaine = LSA_UNICODE_STRING(reader)
self.unkFunction = PVOID(reader).value
self.type = DWORD(reader).value # // or flags 2 = normal, 1 = ISO(reader).value
reader.align()
self.Password = LSA_UNICODE_STRING(reader) # union {
self.IsoPassword = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607_ISO(reader)
def __init__(self, reader):
self.LogonDomainName = LSA_UNICODE_STRING(reader)
self.UserName = LSA_UNICODE_STRING(reader)
self.pNtlmCredIsoInProc = PVOID(reader).value
self.isIso = BOOLEAN(reader).value
self.isNtOwfPassword = BOOLEAN(reader).value
self.isLmOwfPassword = BOOLEAN(reader).value
self.isShaOwPassword = BOOLEAN(reader).value
self.isDPAPIProtected = BOOLEAN(reader).value
self.align0 = BYTE(reader).value
self.align1 = BYTE(reader).value
self.align2 = BYTE(reader).value
self.unkD = DWORD(reader).value # // 1/2
# stuff to be done! #pragma pack(push, 2)
self.isoSize = WORD(reader).value #// 0000
self.DPAPIProtected = reader.read(16)
self.align3 = DWORD(reader).value #// 00000000
# stuff to be done! #pragma pack(pop)
self.NtOwfPassword = reader.read(16)
self.LmOwfPassword = reader.read(16)
self.ShaOwPassword = reader.read(20)
def __init__(self, reader):
self.Flink = PKIWI_MSV1_0_CREDENTIAL_LIST(reader)
self.AuthenticationPackageId = DWORD(reader).value
reader.align()
self.PrimaryCredentials_ptr = PKIWI_MSV1_0_PRIMARY_CREDENTIAL_ENC(
reader)
def __init__(self, reader): self.StructSize = DWORD(reader).value reader.align() self.isoBlob = PLSAISO_DATA_BLOB(reader) #POINTER!!!! #// aligned =
