def get_regkey(self): try: key_path = 'Software\\Skype\\ProtectedStorage' try: hkey = win.OpenKey(win.HKEY_CURRENT_USER, key_path) except Exception, e: print_debug('DEBUG', str(e)) return False # num = _winreg.QueryInfoKey(hkey)[1] k = _winreg.EnumValue(hkey, 0)[1] return win.Win32CryptUnprotectData(k)
def decipher_password(self, cipher_text, u): pwd_found = [] # deciper the password pwd = win.Win32CryptUnprotectData( cipher_text, u, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) if not pwd: return [] separator = b"\x00\x00" if pwd.endswith(separator): pwd = pwd[:-len(separator)] chunks_reversed = pwd.rsplit( separator )[:: -1] # <pwd_n>, <login_n>, ..., <pwd_0>, <login_0>, <SOME_SERVICE_DATA_CHUNKS> # Filter out service data possible_passwords = [ x for n, x in enumerate(chunks_reversed) if n % 2 == 0 ] possible_logins = [ x for n, x in enumerate(chunks_reversed) if n % 2 == 1 ] for possible_login, possible_password in zip(possible_logins, possible_passwords): # Service data starts with several blocks of "<2_bytes>\x00\x00<10_bytes>" if len(pwd_found) > 0 and len(possible_login) == 2 and len( possible_password) == 10: break try: possible_login_str = possible_login.decode('UTF-16LE') possible_password_str = possible_password.decode('UTF-16LE') except UnicodeDecodeError: if len(pwd_found) > 0: # Some passwords have been found. Assume this is service data. break # No passwords have been found. Assume login or password contains some chars which could not be decoded possible_login_str = str(possible_password) possible_password_str = str(possible_password) pwd_found.append({ 'URL': u.decode('UTF-16LE'), 'Login': possible_login_str, 'Password': possible_password_str }) return pwd_found
def get_regkey(self): try: key_path = 'Software\\Skype\\ProtectedStorage' try: hkey = win.OpenKey(win.HKEY_CURRENT_USER, key_path) except Exception as e: self.debug(str(e)) return False # num = winreg.QueryInfoKey(hkey)[1] k = winreg.EnumValue(hkey, 0)[1] return win.Win32CryptUnprotectData(k, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) except Exception as e: self.debug(str(e)) return False
def decipher_password(self, cipher_text, u): pwd_found = [] # deciper the password pwd = win.Win32CryptUnprotectData( cipher_text, u, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) a = '' if pwd: for i in range(len(pwd)): try: a = pwd[i:].decode('UTF-16LE') a = a.decode('utf-8') break except Exception: return [] if not a: return [] # the last one is always equal to 0 secret = a.split('\x00') if secret[len(secret) - 1] == '': secret = secret[:len(secret) - 1] # define the length of the tab if len(secret) % 2 == 0: length = len(secret) else: length = len(secret) - 1 # list username / password in clear text password = None for s in range(length): try: if s % 2 != 0: pwd_found.append({ 'URL': u.decode('UTF-16LE'), 'Login': secret[length - s], 'Password': password }) else: password = secret[length - s] except Exception: self.debug(traceback.format_exc()) return pwd_found
def retrieve_info(self, hkey, name_key): values = {} num = winreg.QueryInfoKey(hkey)[1] for x in range(0, num): k = winreg.EnumValue(hkey, x) if 'password' in k[0].lower(): try: password = win.Win32CryptUnprotectData(k[1][1:], is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) values[k[0]] = password except Exception as e: self.debug(str(e)) values[k[0]] = 'N/A' else: try: values[k[0]] = str(k[1]).decode('utf16') except Exception: values[k[0]] = str(k[1]) return values
def retrieve_info(self, hkey, name_key): values = {} num = _winreg.QueryInfoKey(hkey)[1] for x in range(0, num): k = _winreg.EnumValue(hkey, x) if 'password' in k[0].lower(): try: password = win.Win32CryptUnprotectData(k[1][1:]) values[k[0]] = password.decode('utf16') except Exception as e: print_debug('DEBUG', str(e)) values[k[0]] = 'N/A' else: try: values[k[0]] = str(k[1]).decode('utf16') except Exception: values[k[0]] = str(k[1]) return values
def retrieve_info(self, hkey, name_key): values = {} num = winreg.QueryInfoKey(hkey)[1] for x in range(0, num): k = winreg.EnumValue(hkey, x) if 'password' in k[0].lower(): try: password_bytes = win.Win32CryptUnprotectData(k[1][1:], is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) # password_bytes is <password in utf-16> + b'\x00\x00' terminator = b'\x00\x00' if password_bytes.endswith(terminator): password_bytes = password_bytes[: -len(terminator)] values[k[0]] = password_bytes.decode("utf-16") except Exception as e: self.debug(str(e)) values[k[0]] = 'N/A' else: try: values[k[0]] = str(k[1]).decode('utf16') except Exception: values[k[0]] = str(k[1]) return values