def decrypt_blob(self, blob): if blob == None: return "" if len(blob) < 48: print "keychain blob length must be >= 48" return version, clas = struct.unpack("<LL", blob[0:8]) if version == 0: wrappedkey = blob[8:8 + 40] encrypted_data = blob[48:] elif version == 2: wrappedkey = blob[12:12 + 40] encrypted_data = blob[52:-16] else: raise Exception("unknown keychain verson ", version) return unwrappedkey = self.keybag.unwrapKeyForClass(clas, wrappedkey) if not unwrappedkey: print "keychain unwrap fail for item with class=%d (%s)" % ( clas, KSECATTRACCESSIBLE.get(clas)) return if version == 0: return AESdecryptCBC(encrypted_data, unwrappedkey, padding=True) elif version == 2: binaryplist = gcm_decrypt(unwrappedkey, "", encrypted_data, "", blob[-16:]) return BPlistReader(binaryplist).parse()
def decrypt_blob(self, blob): if blob == None: return "" if len(blob) < 48: print "keychain blob length must be >= 48" return version, clas = struct.unpack("<LL", blob[0:8]) self.clas = clas if version == 0: wrappedkey = blob[8:8 + 40] encrypted_data = blob[48:] elif version == 2: l = struct.unpack("<L", blob[8:12])[0] wrappedkey = blob[12:12 + l] encrypted_data = blob[12 + l:-16] else: raise Exception("unknown keychain verson ", version) return unwrappedkey = self.keybag.unwrapKeyForClass(clas, wrappedkey, False) if not unwrappedkey: return if version == 0: return AESdecryptCBC(encrypted_data, unwrappedkey, padding=True) elif version == 2: binaryplist = gcm_decrypt(unwrappedkey, "", encrypted_data, "", blob[-16:]) return BPlistReader(binaryplist).parse()
def decrypt_blob(self, blob): if blob == None: return "" if len(blob) < 48: print "keychain blob length must be >= 48" return version, clas = struct.unpack("<LL", blob[0:8]) clas &= 0xF self.clas = clas if version == 0: wrappedkey = blob[8:8 + 40] encrypted_data = blob[48:] elif version == 2: l = struct.unpack("<L", blob[8:12])[0] wrappedkey = blob[12:12 + l] encrypted_data = blob[12 + l:-16] elif version == 3: l = struct.unpack("<L", blob[8:12])[0] wrappedkey = blob[12:12 + l] encrypted_data = blob[12 + l:-16] else: raise Exception("unknown keychain verson ", version) return unwrappedkey = self.keybag.unwrapKeyForClass(clas, wrappedkey, False) if not unwrappedkey: return if version == 0: return AESdecryptCBC(encrypted_data, unwrappedkey, padding=True) elif version == 2: binaryplist = gcm_decrypt(unwrappedkey, "", encrypted_data, "", blob[-16:]) return BPlistReader(binaryplist).parse() elif version == 3: der = gcm_decrypt(unwrappedkey, "", encrypted_data, "", blob[-16:]) stuff, tail = der_decode(der) rval = {} try: index = 0 while True: k = stuff.getComponentByPosition( index).getComponentByPosition(0) v = stuff.getComponentByPosition( index).getComponentByPosition(1) rval[str(k)] = str(v) index += 1 except: pass return rval
def recvPlist(self): payload = self.recv_raw() if not payload: return if payload.startswith("bplist00"): return BPlistReader(payload).parse() elif payload.startswith("<?xml"): #HAX lockdown HardwarePlatform with null bytes payload = sub('[^\w<>\/ \-_0-9\"\'\\=\.\?\!\+]+', '', payload.decode('utf-8')).encode('utf-8') return plistlib.readPlistFromString(payload) else: raise Exception("recvPlist invalid data : %s" % payload[:100].encode("hex"))
def decrypt_blob(self, blob): if blob == None: return "" if len(blob) < 48: print "keychain blob length must be >= 48" return version, clas = struct.unpack("<LL", blob[0:8]) clas &= 0xF self.clas = clas if version == 0: wrappedkey = blob[8:8 + 40] encrypted_data = blob[48:] elif version == 2: l = struct.unpack("<L", blob[8:12])[0] wrappedkey = blob[12:12 + l] encrypted_data = blob[12 + l:-16] elif version == 3: l = struct.unpack("<L", blob[8:12])[0] wrappedkey = blob[12:12 + l] encrypted_data = blob[12 + l:-16] else: raise Exception("unknown keychain verson ", version) return unwrappedkey = self.keybag.unwrapKeyForClass(clas, wrappedkey, False) if not unwrappedkey: return if version == 0: return AESdecryptCBC(encrypted_data, unwrappedkey, padding=True) elif version == 2: binaryplist = gcm_decrypt(unwrappedkey, "", encrypted_data, "", blob[-16:]) return BPlistReader(binaryplist).parse() elif version == 3: der = gcm_decrypt(unwrappedkey, "", encrypted_data, "", blob[-16:]) stuff = der_decode(der)[0] rval = {} for k, v in stuff: k = str(k) # NB - this is binary and may not be valid UTF8 data v = str(v) rval[k] = v return rval