def get_regkey(self):
try:
key_path = 'Software\\Skype\\ProtectedStorage'
try:
hkey = win.OpenKey(win.HKEY_CURRENT_USER, key_path)
except Exception, e:
print_debug('DEBUG', str(e))
return False
# num = _winreg.QueryInfoKey(hkey)[1]
k = _winreg.EnumValue(hkey, 0)[1]
return win.Win32CryptUnprotectData(k)
def decipher_password(self, cipher_text, u):
pwd_found = []
# deciper the password
pwd = win.Win32CryptUnprotectData(
cipher_text,
u,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
if not pwd:
return []
separator = b"\x00\x00"
if pwd.endswith(separator):
pwd = pwd[:-len(separator)]
chunks_reversed = pwd.rsplit(
separator
)[::
-1] # <pwd_n>, <login_n>, ..., <pwd_0>, <login_0>, <SOME_SERVICE_DATA_CHUNKS>
# Filter out service data
possible_passwords = [
x for n, x in enumerate(chunks_reversed) if n % 2 == 0
]
possible_logins = [
x for n, x in enumerate(chunks_reversed) if n % 2 == 1
]
for possible_login, possible_password in zip(possible_logins,
possible_passwords):
# Service data starts with several blocks of "<2_bytes>\x00\x00<10_bytes>"
if len(pwd_found) > 0 and len(possible_login) == 2 and len(
possible_password) == 10:
break
try:
possible_login_str = possible_login.decode('UTF-16LE')
possible_password_str = possible_password.decode('UTF-16LE')
except UnicodeDecodeError:
if len(pwd_found) > 0:
# Some passwords have been found. Assume this is service data.
break
# No passwords have been found. Assume login or password contains some chars which could not be decoded
possible_login_str = str(possible_password)
possible_password_str = str(possible_password)
pwd_found.append({
'URL': u.decode('UTF-16LE'),
'Login': possible_login_str,
'Password': possible_password_str
})
return pwd_found
def get_regkey(self):
try:
key_path = 'Software\\Skype\\ProtectedStorage'
try:
hkey = win.OpenKey(win.HKEY_CURRENT_USER, key_path)
except Exception as e:
self.debug(str(e))
return False
# num = winreg.QueryInfoKey(hkey)[1]
k = winreg.EnumValue(hkey, 0)[1]
return win.Win32CryptUnprotectData(k, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi)
except Exception as e:
self.debug(str(e))
return False
def decipher_password(self, cipher_text, u):
pwd_found = []
# deciper the password
pwd = win.Win32CryptUnprotectData(
cipher_text,
u,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
a = ''
if pwd:
for i in range(len(pwd)):
try:
a = pwd[i:].decode('UTF-16LE')
a = a.decode('utf-8')
break
except Exception:
return []
if not a:
return []
# the last one is always equal to 0
secret = a.split('\x00')
if secret[len(secret) - 1] == '':
secret = secret[:len(secret) - 1]
# define the length of the tab
if len(secret) % 2 == 0:
length = len(secret)
else:
length = len(secret) - 1
# list username / password in clear text
password = None
for s in range(length):
try:
if s % 2 != 0:
pwd_found.append({
'URL': u.decode('UTF-16LE'),
'Login': secret[length - s],
'Password': password
})
else:
password = secret[length - s]
except Exception:
self.debug(traceback.format_exc())
return pwd_found
def retrieve_info(self, hkey, name_key):
values = {}
num = winreg.QueryInfoKey(hkey)[1]
for x in range(0, num):
k = winreg.EnumValue(hkey, x)
if 'password' in k[0].lower():
try:
password = win.Win32CryptUnprotectData(k[1][1:], is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi)
values[k[0]] = password
except Exception as e:
self.debug(str(e))
values[k[0]] = 'N/A'
else:
try:
values[k[0]] = str(k[1]).decode('utf16')
except Exception:
values[k[0]] = str(k[1])
return values
def retrieve_info(self, hkey, name_key):
values = {}
num = _winreg.QueryInfoKey(hkey)[1]
for x in range(0, num):
k = _winreg.EnumValue(hkey, x)
if 'password' in k[0].lower():
try:
password = win.Win32CryptUnprotectData(k[1][1:])
values[k[0]] = password.decode('utf16')
except Exception as e:
print_debug('DEBUG', str(e))
values[k[0]] = 'N/A'
else:
try:
values[k[0]] = str(k[1]).decode('utf16')
except Exception:
values[k[0]] = str(k[1])
return values
def retrieve_info(self, hkey, name_key):
values = {}
num = winreg.QueryInfoKey(hkey)[1]
for x in range(0, num):
k = winreg.EnumValue(hkey, x)
if 'password' in k[0].lower():
try:
password_bytes = win.Win32CryptUnprotectData(k[1][1:], is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi)
# password_bytes is <password in utf-16> + b'\x00\x00'
terminator = b'\x00\x00'
if password_bytes.endswith(terminator):
password_bytes = password_bytes[: -len(terminator)]
values[k[0]] = password_bytes.decode("utf-16")
except Exception as e:
self.debug(str(e))
values[k[0]] = 'N/A'
else:
try:
values[k[0]] = str(k[1]).decode('utf16')
except Exception:
values[k[0]] = str(k[1])
return values
