def decrypt_blob(mkp, blob):
"""Helper to decrypt blobs."""
mks = mkp.getMasterKeys(blob.mkguid)
if mks:
for mk in mks:
if mk.decrypted:
blob.decrypt(mk.get_key())
if blob.decrypted:
break
else:
return None, 1
if blob.decrypted:
return blob.cleartext, 0
return None, 2
def decrypt_blob(mkp, blob):
"""Helper to decrypt blobs."""
mks = mkp.getMasterKeys(blob.mkguid)
if mks:
for mk in mks:
if mk.decrypted:
blob.decrypt(mk.get_key())
if blob.decrypted:
break
else:
return None, 1
if blob.decrypted:
return blob.cleartext, 0
return None, 2
def decrypt_blob(mkp, blob):
"""Helper to decrypt blobs."""
mks = mkp.getMasterKeys(blob.mkguid)
if mks:
for mk in mks:
if mk.decrypted:
blob.decrypt(mk.get_key())
if blob.decrypted:
break
else:
print >> sys.stderr, 'MasterKey not found for blob.'
if blob.decrypted:
return blob.cleartext
return None
def decrypt_blob(mkp, blob):
"""Helper to decrypt blobs."""
mks = mkp.getMasterKeys(blob.mkguid)
if mks:
for mk in mks:
if mk.decrypted:
blob.decrypt(mk.get_key())
if blob.decrypted:
break
else:
print >> sys.stderr, 'MasterKey not found for blob.'
if blob.decrypted:
return blob.cleartext
return None
dpapi_system = secrets.get('DPAPI_SYSTEM')['CurrVal']
mkp.addSystemCredential(dpapi_system)
mkp.try_credential_hash(None, None)
blob = blob.DPAPIBlob(open(args[0], 'rb').read())
mks = mkp.getMasterKeys(blob.mkguid)
entropy = None
if options.entropy_hex:
entropy = options.entropy_hex.decode('hex')
if len(mks) == 0:
sys.exit('Unable to find MK for blob %s' % blob.mkguid)
for mk in mks:
if mk.decrypted:
blob.decrypt(mk.get_key(), entropy=entropy)
if blob.decrypted:
print 'Blob Decrypted, HEX and TEXT following...'
print '-' * 79
print blob.cleartext.encode('hex')
print '-' * 79
print blob.cleartext
print '-' * 79
else:
print 'unable to decrypt blob'
else:
print 'unable to decrypt master key'
dpapi_system = secrets.get('DPAPI_SYSTEM')['CurrVal']
mkp.addSystemCredential(dpapi_system)
mkp.try_credential_hash(None, None)
blob = blob.DPAPIBlob(open(args[0], 'rb').read())
mks = mkp.getMasterKeys(blob.mkguid)
entropy = None
if options.entropy_hex:
entropy = options.entropy_hex.decode('hex')
if len(mks) == 0:
sys.exit('Unable to find MK for blob %s' % blob.mkguid)
for mk in mks:
if mk.decrypted:
blob.decrypt(mk.get_key(), entropy=entropy)
if blob.decrypted:
print 'Blob Decrypted, HEX and TEXT following...'
print '-' * 79
print blob.cleartext.encode('hex')
print '-' * 79
print blob.cleartext
print '-' * 79
else:
print 'unable to decrypt blob'
else:
print 'unable to decrypt master key'
check_parameters(options, args)
reg = registry.Regedit()
secrets = reg.get_lsa_secrets(options.security, options.system)
dpapi_system = secrets.get('DPAPI_SYSTEM')['CurrVal']
mkp = masterkey.MasterKeyPool()
mkp.loadDirectory(options.masterkeydir)
mkp.addSystemCredential(dpapi_system)
mkp.try_credential_hash(None, None)
blob = blob.DPAPIBlob(open(args[0], 'rb').read())
mks = mkp.getMasterKeys(blob.mkguid)
for mk in mks:
if mk.decrypted:
blob.decrypt(mk.get_key())
if blob.decrypted:
if options.hexencode:
print 'BLOB CLEARTEXT HEX ENCODED FOLLOWING'
print '-' * 79
print blob.cleartext.encode('hex')
print '-' * 79
else:
print blob.cleartext
else:
print 'unable to decrypt blob'
else:
print 'unable to decrypt key'