Exemplo n.º 1
0
def decrypt_lsa_key_nt6(lsakey, syskey):
    """
    This function decrypts the LSA keys using the syskey
    """
    dg = hashlib.sha256()
    dg.update(syskey)
    for i in range(1000):
        dg.update(lsakey[28:60])

    k = AESModeOfOperationECB(dg.digest())
    keys = b"".join([k.encrypt(lsakey[60:][i:i + AES_BLOCK_SIZE]) for i in range(0, len(lsakey[60:]), AES_BLOCK_SIZE)])

    size = struct.unpack_from("<L", keys)[0]
    keys = keys[16:16 + size]
    currentkey = "%0x-%0x-%0x-%0x%0x-%0x%0x%0x%0x%0x%0x" % struct.unpack("<L2H8B", keys[4:20])
    nb = struct.unpack("<L", keys[24:28])[0]
    off = 28
    kd = {}
    for i in range(nb):
        g = "%0x-%0x-%0x-%0x%0x-%0x%0x%0x%0x%0x%0x" % struct.unpack("<L2H8B", keys[off:off + 16])
        t, l = struct.unpack_from("<2L", keys[off + 16:])
        k = keys[off + 24:off + 24 + l]
        kd[g] = {"type": t, "key": k}
        off += 24 + l
    return (currentkey, kd)
Exemplo n.º 2
0
def decrypt_lsa_key_nt6(lsakey, syskey):
    """
    This function decrypts the LSA keys using the syskey
    """
    dg = hashlib.sha256()
    dg.update(syskey)
    for i in range(1000):
        dg.update(lsakey[28:60])

    k = AESModeOfOperationECB(dg.digest())
    keys = b"".join([
        k.encrypt(lsakey[60:][i:i + AES_BLOCK_SIZE])
        for i in range(0, len(lsakey[60:]), AES_BLOCK_SIZE)
    ])

    size = struct.unpack_from("<L", keys)[0]
    keys = keys[16:16 + size]
    currentkey = "%0x-%0x-%0x-%0x%0x-%0x%0x%0x%0x%0x%0x" % struct.unpack(
        "<L2H8B", keys[4:20])
    nb = struct.unpack("<L", keys[24:28])[0]
    off = 28
    kd = {}
    for i in range(nb):
        g = "%0x-%0x-%0x-%0x%0x-%0x%0x%0x%0x%0x%0x" % struct.unpack(
            "<L2H8B", keys[off:off + 16])
        t, l = struct.unpack_from("<2L", keys[off + 16:])
        k = keys[off + 24:off + 24 + l]
        kd[g] = {"type": t, "key": k}
        off += 24 + l
    return (currentkey, kd)
Exemplo n.º 3
0
def transform_key(key, seed, rounds):
    """Transform `key` with `seed` `rounds` times using AES ECB."""
    # create transform cipher with transform seed
    cipher = AESModeOfOperationECB(seed)
    # transform composite key rounds times
    for n in range(0, rounds):
        key = cipher.encrypt(key)
    # return hash of transformed key
    return sha256(key)
Exemplo n.º 4
0
def transform_key(key, seed, rounds):
    """Transform `key` with `seed` `rounds` times using AES ECB."""
    # create transform cipher with transform seed
    cipher = AESModeOfOperationECB(seed)
    # transform composite key rounds times
    for n in range(0, rounds):
        key = b"".join([cipher.encrypt(key[i:i + AES_BLOCK_SIZE]) for i in range(0, len(key), AES_BLOCK_SIZE)])
    # return hash of transformed key
    return sha256(key)
Exemplo n.º 5
0
def transform_key(key, seed, rounds):
    """Transform `key` with `seed` `rounds` times using AES ECB."""
    # create transform cipher with transform seed
    cipher = AESModeOfOperationECB(seed)
    # transform composite key rounds times
    for n in range(0, rounds):
        key = b"".join([
            cipher.encrypt(key[i:i + AES_BLOCK_SIZE])
            for i in range(0, len(key), AES_BLOCK_SIZE)
        ])
    # return hash of transformed key
    return sha256(key)
Exemplo n.º 6
0
def decrypt_lsa_secret(secret, lsa_keys):
    """
    This function replaces SystemFunction005 for newer Windows
    """
    keyid = "%0x-%0x-%0x-%0x%0x-%0x%0x%0x%0x%0x%0x" % struct.unpack("<L2H8B", secret[4:20])
    if keyid not in lsa_keys:
        return None
    algo = struct.unpack("<L", secret[20:24])[0]
    dg = hashlib.sha256()
    dg.update(lsa_keys[keyid]["key"])
    for i in xrange(1000):
        dg.update(secret[28:60])

    c = AESModeOfOperationECB(dg.digest())
    clear = b"".join([c.encrypt(secret[60:][i:i + AES_BLOCK_SIZE]) for i in range(0, len(secret[60:]), AES_BLOCK_SIZE)])

    size = struct.unpack_from("<L", clear)[0]
    return clear[16:16 + size]
Exemplo n.º 7
0
def decrypt_lsa_secret(secret, lsa_keys):
    """
    This function replaces SystemFunction005 for newer Windows
    """
    keyid = "%0x-%0x-%0x-%0x%0x-%0x%0x%0x%0x%0x%0x" % struct.unpack("<L2H8B", secret[4:20])
    if keyid not in lsa_keys:
        return None
    algo = struct.unpack("<L", secret[20:24])[0]
    dg = hashlib.sha256()
    dg.update(lsa_keys[keyid]["key"])
    for i in xrange(1000):
        dg.update(secret[28:60])

    c = AESModeOfOperationECB(dg.digest())
    clear = b"".join([c.encrypt(secret[60:][i:i + AES_BLOCK_SIZE]) for i in range(0, len(secret[60:]), AES_BLOCK_SIZE)])

    size = struct.unpack_from("<L", clear)[0]
    return clear[16:16 + size]