def __init__(self, bdev, device_infos, **kwargs):
super(EMFVolume, self).__init__(bdev, **kwargs)
volumeid = self.volumeID().encode("hex")
if not device_infos:
dirname = os.path.dirname(bdev.filename)
device_infos = search_plist(dirname, {"dataVolumeUUID": volumeid})
if not device_infos:
raise Exception("Missing keyfile")
try:
self.emfkey = None
if device_infos.has_key("EMF"):
self.emfkey = device_infos["EMF"].decode("hex")
self.lbaoffset = device_infos["dataVolumeOffset"]
self.keybag = Keybag.createWithPlist(device_infos)
except:
raise #Exception("Invalid keyfile")
rootxattr = self.getXattr(kHFSRootParentID,
"com.apple.system.cprotect")
self.decrypted = (self.header.finderInfo[3] == FLAG_DECRYPTED)
self.cp_major_version = None
self.cp_root = None
if rootxattr == None:
print "(No root com.apple.system.cprotect xattr)"
else:
self.cp_root = cp_root_xattr.parse(rootxattr)
ver = self.cp_root.major_version
print "cprotect version : %d (iOS %d)" % (ver, 4 + int(ver != 2))
assert self.cp_root.major_version == 2 or self.cp_root.major_version == 4
self.cp_major_version = self.cp_root.major_version
self.keybag = loadKeybagFromVolume(self, device_infos)
def __init__(self, file, **kwargs):
super(EMFVolume, self).__init__(file, **kwargs)
pl = "%s.plist" % self.volumeID().encode("hex")
dirname = os.path.dirname(file)
if dirname != "":
pl = dirname + "/" + pl
if not os.path.exists(pl):
raise Exception("Missing keyfile %s" % pl)
try:
pldict = plistlib.readPlist(pl)
self.emfkey = pldict["EMF"].decode("hex")
self.lbaoffset = pldict["dataVolumeOffset"]
self.keystore = Keybag.createWithPlist(pldict)
except:
raise #Exception("Invalid keyfile")
rootxattr = self.getXattr(kHFSRootParentID,
"com.apple.system.cprotect")
self.cp_major_version = None
if rootxattr == None:
print "Not an EMF image, no root com.apple.system.cprotec xattr"
else:
self.cp_root = cp_root_xattr.parse(rootxattr)
print "cprotect version :", self.cp_root.major_version
assert self.cp_root.major_version == 2 or self.cp_root.major_version == 4
self.cp_major_version = self.cp_root.major_version
def __init__(self, bdev, device_infos, **kwargs):
super(EMFVolume,self).__init__(bdev, **kwargs)
volumeid = self.volumeID().encode("hex")
if not device_infos:
dirname = os.path.dirname(bdev.filename)
device_infos = search_plist(dirname, {"dataVolumeUUID":volumeid})
if not device_infos:
raise Exception("Missing keyfile")
try:
self.emfkey = None
if device_infos.has_key("EMF"):
self.emfkey = device_infos["EMF"].decode("hex")
self.lbaoffset = device_infos["dataVolumeOffset"]
self.keybag = Keybag.createWithPlist(device_infos)
except:
raise #Exception("Invalid keyfile")
self.decrypted = (self.header.finderInfo[3] == FLAG_DECRYPTED)
rootxattr = self.getXattr(kHFSRootParentID, "com.apple.system.cprotect")
self.cp_major_version = None
self.cp_root = None
if rootxattr == None:
print "(No root com.apple.system.cprotect xattr)"
else:
self.cp_root = cp_root_xattr.parse(rootxattr)
ver = self.cp_root.major_version
print "cprotect version : %d" % ver
assert self.cp_root.major_version == 2 or self.cp_root.major_version == 4
self.cp_major_version = self.cp_root.major_version
self.keybag = loadKeybagFromVolume(self, device_infos)
def main():
parser = OptionParser(usage="%prog keychain.db keyfile.plist")
parser.add_option("-d", "--display", dest="display", action="store_true", default=False,
help="Show keychain items on stdout")
parser.add_option("-s", "--sanitize", dest="sanitize", action="store_true", default=False,
help="Hide secrets on stdout with ***")
parser.add_option("-p", "--passwords", dest="passwords", action="store_true", default=False,
help="Save generic & internet passwords as CSV file")
parser.add_option("-c", "--certs", dest="certs", action="store_true", default=False,
help="Extract certificates and keys")
parser.add_option("-o", "--old", dest="oldpass", action="store_true", default=False,
help="Bruteforce old passcodes")
(options, args) = parser.parse_args()
if len(args) < 2:
parser.print_help()
return
p = plistlib.readPlist(args[1])
kb = Keybag.createWithPlist(p)
k = keychain_load(args[0], kb, p["key835"].decode("hex"))
if options.display:
k.print_all(options.sanitize)
if options.passwords:
k.save_passwords()
if options.certs:
k.save_certs_keys()
if options.oldpass:
mc = k.get_managed_configuration()
if not mc:
print "Managed configuration not found"
return
print "Bruteforcing %d old passcodes" % len(mc.get("history",[]))
for h in mc["history"]:
p = bruteforce_old_pass(h)
if p:
print "Found : %s" % p
else:
print "Not Found"
def __init__(self, file, **kwargs):
super(EMFVolume,self).__init__(file, **kwargs)
pl = "%s.plist" % self.volumeID().encode("hex")
dirname = os.path.dirname(file)
if dirname != "":
pl = dirname + "/" + pl
if not os.path.exists(pl):
raise Exception("Missing keyfile %s" % pl)
try:
pldict = plistlib.readPlist(pl)
self.emfkey = pldict["EMF"].decode("hex")
self.lbaoffset = pldict["dataVolumeOffset"]
self.keystore = Keybag.createWithPlist(pldict)
except:
raise #Exception("Invalid keyfile")
rootxattr = self.getXattr(kHFSRootParentID, "com.apple.system.cprotect")
if rootxattr == None:
print "Not an EMF image, no root com.apple.system.cprotec xattr"
else:
self.cp_root = cp_root_xattr.parse(rootxattr)
print "cprotect version :", self.cp_root.major_version
assert self.cp_root.major_version == 2 or self.cp_root.major_version == 4
def main():
parser = OptionParser(usage="%prog keychain.db/keychain-backup.plist keyfile.plist/Manifest.plist")
parser.add_option("-d", "--display", dest="display", action="store_true", default=False,
help="Show keychain items on stdout")
parser.add_option("-s", "--sanitize", dest="sanitize", action="store_true", default=False,
help="Hide secrets on stdout with ***")
parser.add_option("-p", "--passwords", dest="passwords", action="store_true", default=False,
help="Save generic & internet passwords as CSV file")
parser.add_option("-c", "--certs", dest="certs", action="store_true", default=False,
help="Extract certificates and keys")
parser.add_option("-o", "--old", dest="oldpass", action="store_true", default=False,
help="Bruteforce old passcodes")
(options, args) = parser.parse_args()
if len(args) < 2:
parser.print_help()
return
p = readPlist(args[1])
if p.has_key("BackupKeyBag"):
deviceKey = None
if p.has_key("key835"):
deviceKey = p["key835"].decode("hex")
else:
if not p["IsEncrypted"]:
print "This backup is not encrypted, without key 835 nothing in the keychain can be decrypted"
print "If you have key835 for device %s enter it (in hex)" % p["Lockdown"]["UniqueDeviceID"]
d = raw_input()
if len(d) == 32:
p["key835"] = d
deviceKey = d.decode("hex")
plistlib.writePlist(p, args[1])
kb = Keybag.createWithBackupManifest(p, p.get("password",""), deviceKey)
if not kb:
return
k = Keychain4(args[0], kb)
else:
kb = Keybag.createWithPlist(p)
k = keychain_load(args[0], kb, p["key835"].decode("hex"))
if options.display:
k.print_all(options.sanitize)
if options.passwords:
k.save_passwords()
if options.certs:
k.save_certs_keys()
if options.oldpass:
mc = k.get_managed_configuration()
if not mc:
print "Managed configuration not found"
return
print "Bruteforcing %d old passcodes" % len(mc.get("history",[]))
for h in mc["history"]:
p = bruteforce_old_pass(h)
if p:
print "Found : %s" % p
else:
print "Not Found"
def main():
parser = OptionParser(
usage=
"%prog keychain.db/keychain-backup.plist keyfile.plist/Manifest.plist")
parser.add_option("-d",
"--display",
dest="display",
action="store_true",
default=False,
help="Show keychain items on stdout")
parser.add_option("-s",
"--sanitize",
dest="sanitize",
action="store_true",
default=False,
help="Hide secrets on stdout with ***")
parser.add_option("-p",
"--passwords",
dest="passwords",
action="store_true",
default=False,
help="Save generic & internet passwords as CSV file")
parser.add_option("-c",
"--certs",
dest="certs",
action="store_true",
default=False,
help="Extract certificates and keys")
parser.add_option("-o",
"--old",
dest="oldpass",
action="store_true",
default=False,
help="Bruteforce old passcodes")
(options, args) = parser.parse_args()
if len(args) < 2:
parser.print_help()
return
p = readPlist(args[1])
if p.has_key("BackupKeyBag"):
deviceKey = None
if p.has_key("key835"):
deviceKey = p["key835"].decode("hex")
else:
if not p["IsEncrypted"]:
print "This backup is not encrypted, without key 835 nothing in the keychain can be decrypted"
print "If you have key835 for device %s enter it (in hex)" % p[
"Lockdown"]["UniqueDeviceID"]
d = raw_input()
if len(d) == 32:
p["key835"] = d
deviceKey = d.decode("hex")
plistlib.writePlist(p, args[1])
kb = Keybag.createWithBackupManifest(p, p.get("password", ""),
deviceKey)
if not kb:
return
k = Keychain4(args[0], kb)
else:
kb = Keybag.createWithPlist(p)
k = keychain_load(args[0], kb, p["key835"].decode("hex"))
if options.display:
k.print_all(options.sanitize)
if options.passwords:
k.save_passwords()
if options.certs:
k.save_certs_keys()
if options.oldpass:
mc = k.get_managed_configuration()
if not mc:
print "Managed configuration not found"
return
print "Bruteforcing %d old passcodes" % len(mc.get("history", []))
for h in mc["history"]:
p = bruteforce_old_pass(h)
if p:
print "Found : %s" % p
else:
print "Not Found"
def main():
parser = OptionParser(usage="%prog keychain.db keyfile.plist")
parser.add_option("-d",
"--display",
dest="display",
action="store_true",
default=False,
help="Show keychain items on stdout")
parser.add_option("-s",
"--sanitize",
dest="sanitize",
action="store_true",
default=False,
help="Hide secrets on stdout with ***")
parser.add_option("-p",
"--passwords",
dest="passwords",
action="store_true",
default=False,
help="Save generic & internet passwords as CSV file")
parser.add_option("-c",
"--certs",
dest="certs",
action="store_true",
default=False,
help="Extract certificates and keys")
parser.add_option("-o",
"--old",
dest="oldpass",
action="store_true",
default=False,
help="Bruteforce old passcodes")
(options, args) = parser.parse_args()
if len(args) < 2:
parser.print_help()
return
p = plistlib.readPlist(args[1])
kb = Keybag.createWithPlist(p)
k = keychain_load(args[0], kb, p["key835"].decode("hex"))
if options.display:
k.print_all(options.sanitize)
if options.passwords:
k.save_passwords()
if options.certs:
k.save_certs_keys()
if options.oldpass:
mc = k.get_managed_configuration()
if not mc:
print "Managed configuration not found"
return
print "Bruteforcing %d old passcodes" % len(mc.get("history", []))
for h in mc["history"]:
p = bruteforce_old_pass(h)
if p:
print "Found : %s" % p
else:
print "Not Found"
