def aes_cbc_decrypt(data, key, enc_iv):
"""Decrypt and return `data` with AES CBC."""
cipher = AESModeOfOperationCBC(key, iv=enc_iv)
return b"".join([
cipher.decrypt(data[i:i + AES_BLOCK_SIZE])
for i in range(0, len(data), AES_BLOCK_SIZE)
])
def get_hbootkey(samaddr, bootkey):
sam_account_path = [b"SAM", b"Domains", b"Account"]
root = get_root(samaddr)
if not root:
return None
sam_account_key = open_key(root, sam_account_path)
if not sam_account_key:
return None
F = None
for v in values(sam_account_key):
if v.Name == b'F':
F = samaddr.read(v.Data.value, v.DataLength.value)
if not F:
return None
revision = ord(F[0x00:0x01])
if revision == 2:
md5 = hashlib.md5(F[0x70:0x80] + aqwerty + bootkey + anum)
rc4_key = md5.digest()
rc4 = RC4(rc4_key)
hbootkey = rc4.encrypt(F[0x80:0xA0])
return hbootkey
elif revision == 3:
iv = F[0x78:0x88]
encryptedHBootKey = F[0x88:0xA8]
cipher = AESModeOfOperationCBC(bootkey, iv=iv)
hbootkey = b"".join([cipher.decrypt(encryptedHBootKey[i:i + AES_BLOCK_SIZE]) for i in range(0, len(encryptedHBootKey), AES_BLOCK_SIZE)])
return hbootkey[:16]
def decrypt(self, masterkey, entropy=None, strongPassword=None):
"""Try to decrypt the blob. Returns True/False
:rtype : bool
:param masterkey: decrypted masterkey value
:param entropy: optional entropy for decrypting the blob
:param strongPassword: optional password for decrypting the blob
"""
for algo in [crypto.CryptSessionKeyXP, crypto.CryptSessionKeyWin7]:
try:
sessionkey = algo(masterkey, self.salt, self.hashAlgo, entropy=entropy, strongPassword=strongPassword)
key = crypto.CryptDeriveKey(sessionkey, self.cipherAlgo, self.hashAlgo)
if "AES" in self.cipherAlgo.name:
cipher = AESModeOfOperationCBC(key[:self.cipherAlgo.keyLength], iv="\x00" * self.cipherAlgo.ivLength)
self.cleartext = b"".join([cipher.decrypt(self.cipherText[i:i + AES_BLOCK_SIZE]) for i in range(0, len(self.cipherText), AES_BLOCK_SIZE)])
else:
cipher = self.cipherAlgo.module.new(key, CBC, "\x00" * self.cipherAlgo.ivLength)
self.cleartext = cipher.decrypt(self.cipherText)
padding = char_to_int(self.cleartext[-1])
if padding <= self.cipherAlgo.blockSize:
self.cleartext = self.cleartext[:-padding]
# check against provided HMAC
self.signComputed = algo(masterkey, self.hmac, self.hashAlgo, entropy=entropy, verifBlob=self.blob)
self.decrypted = self.signComputed == self.sign
if self.decrypted:
return True
except Exception:
pass
self.decrypted = False
return self.decrypted
def decrypt_single_salted_hash(rid, hbootkey, enc_hash, lmntstr, salt):
if enc_hash == "":
return ""
(des_k1, des_k2) = sid_to_key(rid)
d1 = des(des_k1, ECB)
d2 = des(des_k2, ECB)
cipher = AESModeOfOperationCBC(hbootkey, salt)
obfkey = b"".join([cipher.decrypt(enc_hash[i:i + AES_BLOCK_SIZE]) for i in range(0, len(enc_hash), AES_BLOCK_SIZE)])
hash_ = d1.decrypt(obfkey[:8]) + d2.decrypt(obfkey[8:16])
return hash_
def decrypt_hash_vista(edata, nlkm, ch):
"""
Based on code from http://lab.mediaservice.net/code/cachedump.rb
"""
aes = AESModeOfOperationCBC(nlkm[16:32], iv=ch)
out = ""
for i in range(0, len(edata), 16):
buf = edata[i : i+16]
if len(buf) < 16:
buf += (16 - len(buf)) * "\00"
out += b"".join([aes.decrypt(buf[i:i + AES_BLOCK_SIZE]) for i in range(0, len(buf), AES_BLOCK_SIZE)])
return out
def decrypt(self, masterkey, entropy=None, strongPassword=None):
"""Try to decrypt the blob. Returns True/False
:rtype : bool
:param masterkey: decrypted masterkey value
:param entropy: optional entropy for decrypting the blob
:param strongPassword: optional password for decrypting the blob
"""
for algo in [crypto.CryptSessionKeyXP, crypto.CryptSessionKeyWin7]:
try:
sessionkey = algo(masterkey,
self.salt,
self.hashAlgo,
entropy=entropy,
strongPassword=strongPassword)
key = crypto.CryptDeriveKey(sessionkey, self.cipherAlgo,
self.hashAlgo)
if "AES" in self.cipherAlgo.name:
cipher = AESModeOfOperationCBC(
key[:int(self.cipherAlgo.keyLength)],
iv=b"\x00" * int(self.cipherAlgo.ivLength))
self.cleartext = b"".join([
cipher.decrypt(self.cipherText[i:i + AES_BLOCK_SIZE])
for i in range(0, len(self.cipherText), AES_BLOCK_SIZE)
])
else:
cipher = self.cipherAlgo.module(
key, CBC, b"\x00" * self.cipherAlgo.ivLength)
self.cleartext = cipher.decrypt(self.cipherText)
padding = char_to_int(self.cleartext[-1])
if padding <= self.cipherAlgo.blockSize:
self.cleartext = self.cleartext[:-padding]
# check against provided HMAC
self.signComputed = algo(masterkey,
self.hmac,
self.hashAlgo,
entropy=entropy,
verifBlob=self.blob)
self.decrypted = self.signComputed == self.sign
if self.decrypted:
return True
except Exception:
print_debug('DEBUG', traceback.format_exc())
self.decrypted = False
return self.decrypted
def decrypt(self, encrypted): # TODO: NT version specific, move from here in subclasses. cleartext = '' size = len(encrypted) if size: if size % 8: if not self.aes_key or not self.iv: return cleartext cipher = AESModeOfOperationCBC(self.aes_key, iv=self.iv) else: if not self.des_key or not self.iv: return cleartext cipher = triple_des(self.des_key, CBC, self.iv[:8]) cleartext = cipher.decrypt(encrypted) return cleartext
def dataDecrypt(cipherAlgo, hashAlgo, raw, encKey, iv, rounds):
"""
Internal use. Decrypts data stored in DPAPI structures.
"""
hname = {"HMAC": "sha1"}.get(hashAlgo.name, hashAlgo.name)
derived = pbkdf2(encKey, iv, cipherAlgo.keyLength + cipherAlgo.ivLength, rounds, hname)
key, iv = derived[:int(cipherAlgo.keyLength)], derived[int(cipherAlgo.keyLength):]
key = key[:int(cipherAlgo.keyLength)]
iv = iv[:int(cipherAlgo.ivLength)]
if "AES" in cipherAlgo.name:
cipher = AESModeOfOperationCBC(key, iv=iv)
cleartxt = b"".join([cipher.decrypt(raw[i:i + AES_BLOCK_SIZE]) for i in range(0, len(raw), AES_BLOCK_SIZE)])
else:
cipher = cipherAlgo.module(key, CBC, iv)
cleartxt = cipher.decrypt(raw)
return cleartxt
def dataDecrypt(cipherAlgo, hashAlgo, raw, encKey, iv, rounds):
"""
Internal use. Decrypts data stored in DPAPI structures.
"""
hname = {"HMAC": "sha1"}.get(hashAlgo.name, hashAlgo.name)
derived = pbkdf2(encKey, iv, cipherAlgo.keyLength + cipherAlgo.ivLength, rounds, hname)
key, iv = derived[:cipherAlgo.keyLength], derived[cipherAlgo.keyLength:]
key = key[:cipherAlgo.keyLength]
iv = iv[:cipherAlgo.ivLength]
if "AES" in cipherAlgo.name:
cipher = AESModeOfOperationCBC(key, iv=iv)
cleartxt = b"".join([cipher.decrypt(raw[i:i + AES_BLOCK_SIZE]) for i in range(0, len(raw), AES_BLOCK_SIZE)])
else:
cipher = cipherAlgo.module(key, CBC, iv)
cleartxt = cipher.decrypt(raw)
return cleartxt
def decrypt_aes(secret, key):
sha = hashlib.sha256()
sha.update(key)
for _i in range(1, 1000 + 1):
sha.update(secret[28:60])
aeskey = sha.digest()
data = ""
for i in range(60, len(secret), 16):
aes = AESModeOfOperationCBC(aeskey, iv="\x00" * 16)
buf = secret[i:i + 16]
if len(buf) < 16:
buf += (16 - len(buf)) * "\00"
data += aes.decrypt(buf)
return data
def decrypt_aes(secret, key):
sha = hashlib.sha256()
sha.update(key)
for _i in range(1, 1000+1):
sha.update(secret[28:60])
aeskey = sha.digest()
data = ""
for i in range(60, len(secret), 16):
aes = AESModeOfOperationCBC(aeskey, iv="\x00"*16)
buf = secret[i : i + 16]
if len(buf) < 16:
buf += (16-len(buf)) * "\00"
data += aes.decrypt(buf)
return data
def decrypt_vault_attribute(self, vault_attr, key_aes128, key_aes256):
"""
Helper to decrypt VAULT attributes.
"""
if not vault_attr.size:
return b'', False
if vault_attr.has_iv:
cipher = AESModeOfOperationCBC(key_aes256, iv=vault_attr.iv)
is_attribute_ex = True
else:
cipher = AESModeOfOperationCBC(key_aes128)
is_attribute_ex = False
data = vault_attr.data
decypted = b"".join([cipher.decrypt(data[i:i + AES_BLOCK_SIZE]) for i in range(0, len(data), AES_BLOCK_SIZE)])
return decypted, is_attribute_ex
def aes_cbc_encrypt(data, key, enc_iv):
cipher = AESModeOfOperationCBC(key, iv=enc_iv)
return b"".join([
cipher.encrypt(data[i:i + AES_BLOCK_SIZE])
for i in range(0, len(data), AES_BLOCK_SIZE)
])
def aes_cbc_encrypt(data, key, enc_iv):
cipher = AESModeOfOperationCBC(key, iv=enc_iv)
return cipher.encrypt(data)
def aes_cbc_encrypt(data, key, enc_iv):
cipher = AESModeOfOperationCBC(key, iv=enc_iv)
return b"".join([cipher.encrypt(data[i:i + AES_BLOCK_SIZE]) for i in range(0, len(data), AES_BLOCK_SIZE)])
def aes_cbc_decrypt(data, key, enc_iv):
"""Decrypt and return `data` with AES CBC."""
cipher = AESModeOfOperationCBC(key, iv=enc_iv)
return cipher.decrypt(data)
def aes_encrypt(self, message, passphrase):
iv = '\x00' * 16
aes = AESModeOfOperationCBC(passphrase, iv=iv)
return aes.encrypt(message)
def aes_cbc_decrypt(data, key, enc_iv):
"""Decrypt and return `data` with AES CBC."""
cipher = AESModeOfOperationCBC(key, iv=enc_iv)
return b"".join([cipher.decrypt(data[i:i + AES_BLOCK_SIZE]) for i in range(0, len(data), AES_BLOCK_SIZE)])
