Exemplo n.º 1
0
def decrypt_single_hash(rid, hbootkey, enc_hash, lmntstr):
    (des_k1, des_k2) = sid_to_key(rid)
    d1 = des(des_k1, ECB)
    d2 = des(des_k2, ECB)
    md5 = hashlib.md5()
    md5.update(hbootkey[:0x10] + pack("<L", rid) + lmntstr)
    rc4_key = md5.digest()
    rc4 = RC4(rc4_key)
    obfkey = rc4.encrypt(enc_hash)
    hash_ = d1.decrypt(obfkey[:8]) + d2.decrypt(obfkey[8:])
    return hash_
Exemplo n.º 2
0
def decrypt_single_salted_hash(rid, hbootkey, enc_hash, lmntstr, salt):
    if enc_hash == "":
        return ""
    (des_k1, des_k2) = sid_to_key(rid)
    d1 = des(des_k1, ECB)
    d2 = des(des_k2, ECB)
    cipher = AESModeOfOperationCBC(hbootkey, salt)
    obfkey = b"".join([cipher.decrypt(enc_hash[i:i + AES_BLOCK_SIZE]) for i in range(0, len(enc_hash), AES_BLOCK_SIZE)])

    hash_ = d1.decrypt(obfkey[:8]) + d2.decrypt(obfkey[8:16])
    return hash_
Exemplo n.º 3
0
def decrypt_single_hash(rid, hbootkey, enc_hash, lmntstr):
    (des_k1, des_k2) = sid_to_key(rid)
    d1 = des(des_k1, ECB)
    d2 = des(des_k2, ECB)

    md5 = hashlib.md5()
    md5.update(hbootkey[:0x10] + pack("<L", rid) + lmntstr)
    rc4_key = md5.digest()
    rc4 = RC4(rc4_key)
    obfkey = rc4.encrypt(enc_hash)
    hash_ = d1.decrypt(obfkey[:8]) + d2.decrypt(obfkey[8:])

    return hash_
Exemplo n.º 4
0
def SystemFunction005(secret, key):
    """
    This function is used to decrypt LSA secrets.
    Reproduces the corresponding Windows internal function.
    Taken from creddump project https://code.google.com/p/creddump/
    """
    decrypted_data = ''
    j = 0
    algo = CryptoAlgo(0x6603)
    for i in range(0, len(secret), 8):
        enc_block = secret[i:i + 8]
        block_key = key[j:j + 7]
        des_key = []
        des_key.append(char_to_int(block_key[0]) >> 1)
        des_key.append(((char_to_int(block_key[0]) & 0x01) << 6)
                       | (char_to_int(block_key[1]) >> 2))
        des_key.append(((char_to_int(block_key[1]) & 0x03) << 5)
                       | (char_to_int(block_key[2]) >> 3))
        des_key.append(((char_to_int(block_key[2]) & 0x07) << 4)
                       | (char_to_int(block_key[3]) >> 4))
        des_key.append(((char_to_int(block_key[3]) & 0x0F) << 3)
                       | (char_to_int(block_key[4]) >> 5))
        des_key.append(((char_to_int(block_key[4]) & 0x1F) << 2)
                       | (char_to_int(block_key[5]) >> 6))
        des_key.append(((char_to_int(block_key[5]) & 0x3F) << 1)
                       | (char_to_int(block_key[6]) >> 7))
        des_key.append(char_to_int(block_key[6]) & 0x7F)
        des_key = algo.do_fixup_key("".join([chr(x << 1) for x in des_key]))

        decrypted_data += des(des_key, ECB).decrypt(enc_block)
        j += 7
        if len(key[j:j + 7]) < 7:
            j = len(key[j:j + 7])
    dec_data_len = struct.unpack("<L", decrypted_data[:4])[0]
    return decrypted_data[8:8 + dec_data_len]
Exemplo n.º 5
0
 def decrypt(self, msg):
     enc_text = base64.b64decode(msg)
     (dk, iv) = self.get_derived_key(self._passphrase, self._salt,
                                     self._iteration)
     crypter = des(dk, CBC, iv)
     text = crypter.decrypt(enc_text)
     return re.sub(r'[\x01-\x08]', '', text)
Exemplo n.º 6
0
def SystemFunction005(secret, key):
    """
    This function is used to decrypt LSA secrets.
    Reproduces the corresponding Windows internal function.
    Taken from creddump project https://code.google.com/p/creddump/
    """
    decrypted_data = ''
    j = 0
    algo = CryptoAlgo(0x6603)
    for i in range(0, len(secret), 8):
        enc_block = secret[i:i + 8]
        block_key = key[j:j + 7]
        des_key = []
        des_key.append(char_to_int(block_key[0]) >> 1)
        des_key.append(((char_to_int(block_key[0]) & 0x01) << 6) | (char_to_int(block_key[1]) >> 2))
        des_key.append(((char_to_int(block_key[1]) & 0x03) << 5) | (char_to_int(block_key[2]) >> 3))
        des_key.append(((char_to_int(block_key[2]) & 0x07) << 4) | (char_to_int(block_key[3]) >> 4))
        des_key.append(((char_to_int(block_key[3]) & 0x0F) << 3) | (char_to_int(block_key[4]) >> 5))
        des_key.append(((char_to_int(block_key[4]) & 0x1F) << 2) | (char_to_int(block_key[5]) >> 6))
        des_key.append(((char_to_int(block_key[5]) & 0x3F) << 1) | (char_to_int(block_key[6]) >> 7))
        des_key.append(char_to_int(block_key[6]) & 0x7F)
        des_key = algo.do_fixup_key("".join([chr(x << 1) for x in des_key]))

        decrypted_data += des(des_key, ECB).decrypt(enc_block)
        j += 7
        if len(key[j:j + 7]) < 7:
            j = len(key[j:j + 7])
    dec_data_len = struct.unpack("<L", decrypted_data[:4])[0]
    return decrypted_data[8:8 + dec_data_len]
Exemplo n.º 7
0
    def pass_decrypt_old(self, p):
        """ Decrypts a password from ClawsMail. => old version """
        if p[0] == '!':  # encrypted password
            buf = b64decode(p[1:])
            """
            If mode is ECB or CBC and the length of the data is wrong, do nothing
            as would the libc algorithms (as they fail early).	Yes, this means the
            password wasn't actually encrypted but only base64-ed.
            """
            if (self.mode in (ECB, CBC)) and ((len(buf) % 8) != 0
                                              or len(buf) > 8192):
                return buf

            c = des(self.passcrypt_key, self.mode, b'\0' * 8)
            return c.decrypt(buf)
        else:
            return p  # raw password
Exemplo n.º 8
0
    def pass_decrypt(self, p, key, mode=CFB):
        """ Decrypts a password from ClawsMail. """
        if p[0] == '!':  # encrypted password
            buf = b64decode(p[1:])

            """
            If mode is ECB or CBC and the length of the data is wrong, do nothing
            as would the libc algorithms (as they fail early).	Yes, this means the
            password wasn't actually encrypted but only base64-ed.
            """
            if (mode in (ECB, CBC)) and ((len(buf) % 8) != 0 or len(buf) > 8192):
                return buf

            # c = DES.new(key, mode=mode, IV=b'\0'*8)
            c = des(key, mode, b'\0' * 8)
            return c.decrypt(buf)
        else:  # raw password
            return p
Exemplo n.º 9
0
def decrypt_secret(secret, key):
    """Python implementation of SystemFunction005.

    Decrypts a block of data with DES using given key.
    Note that key can be longer than 7 bytes."""
    decrypted_data = ''
    j = 0  # key index
    for i in range(0, len(secret), 8):
        enc_block = secret[i:i + 8]
        block_key = key[j:j + 7]
        des_key = str_to_key(block_key)

        crypter = des(des_key, ECB)
        decrypted_data += crypter.decrypt(enc_block)

        j += 7
        if len(key[j:j + 7]) < 7:
            j = len(key[j:j + 7])

    (dec_data_len, ) = unpack("<L", decrypted_data[:4])
    return decrypted_data[8:8 + dec_data_len]
Exemplo n.º 10
0
def decrypt_secret(secret, key):
    """Python implementation of SystemFunction005.

    Decrypts a block of data with DES using given key.
    Note that key can be longer than 7 bytes."""
    decrypted_data = ''
    j = 0   # key index
    for i in range(0,len(secret),8):
        enc_block = secret[i:i+8]
        block_key = key[j:j+7]
        des_key = str_to_key(block_key)
        crypter = des(des_key, ECB)

        try:
            decrypted_data += crypter.decrypt(enc_block)
        except:
            continue

        j += 7
        if len(key[j:j+7]) < 7:
            j = len(key[j:j+7])

    (dec_data_len,) = unpack("<L", decrypted_data[:4])
    return decrypted_data[8:8+dec_data_len]
Exemplo n.º 11
0
 def decrypt(self, msg):
     enc_text = base64.b64decode(msg)
     (dk, iv) = self.get_derived_key(self._passphrase, self._salt, self._iteration)
     crypter = des(dk, CBC, iv)
     text = crypter.decrypt(enc_text)
     return re.sub(r'[\x01-\x08]', '', text)