def ShadowData(user): ## Open User's Plist Data data = open('/var/db/dslocal/nodes/Default/users/%s.plist' % user, 'r') ## Read and buffer the user's Plist Data plistData = buffer(data.read()) data.close ## Convert the Plist Data into a Dictionary (userPlist, _, _) = (NSPropertyListSerialization.propertyListWithData_options_format_error_(plistData, NSPropertyListXMLFormat_v1_0, None, None)) ## Read and buffer the user's ShadowHashData userShadowHashData = buffer(userPlist['ShadowHashData'][0]) ## Convert the ShadowHashData Data into a Dictionary (userShadowHashPlist, _, _) = (NSPropertyListSerialization.propertyListWithData_options_format_error_(userShadowHashData, NSPropertyListXMLFormat_v1_0, None, None)) ## Remove unsecured hash types del userShadowHashPlist['CRAM-MD5'] del userShadowHashPlist['NT'] ## Convert the ShadowHashData back to data (userShadowHashData, _) = (NSPropertyListSerialization.dataWithPropertyList_format_options_error_(userShadowHashPlist, NSPropertyListBinaryFormat_v1_0, 0, None)) return str(userShadowHashData).encode('hex')
def writeHash(username, userHash): bashCommand(['dscacheutil', '-flushcache']) time.sleep(2) ## Open User's Plist Data data = open('/var/db/dslocal/nodes/Default/users/%s.plist' % username, 'r') ## Read and buffer the user's Plist Data plistData = buffer(data.read()) data.close ## Convert the Plist Data into a Dictionary (userPlist, _, _) = ( NSPropertyListSerialization.propertyListWithData_options_format_error_(plistData, NSPropertyListXMLFormat_v1_0, None, None)) ## Read and buffer the new ShadowHashData userShadowHashData = buffer(userHash.decode('hex')) ## Convert the ShadowHashData into a Dictionary (userShadowHashPlist, _, _) = ( NSPropertyListSerialization.propertyListWithData_options_format_error_(userShadowHashData, NSPropertyListXMLFormat_v1_0, None, None)) ## Remove unsecured hash types del userShadowHashPlist['CRAM-MD5'] del userShadowHashPlist['NT'] ## Convert the ShadowHashData back to data (userShadowHashData, _) = ( NSPropertyListSerialization.dataWithPropertyList_format_options_error_(userShadowHashPlist, NSPropertyListBinaryFormat_v1_0, 0, None)) ## Insert the new ShadowHashData into the User's Plist Dictionary userPlist['ShadowHashData'][0] = userShadowHashData ## Convert the UserPlist back to data (plistData, _) = ( NSPropertyListSerialization.dataWithPropertyList_format_options_error_(userPlist, NSPropertyListBinaryFormat_v1_0, 0, None)) ## Write user's updated plist to disk stream = io.open('/var/db/dslocal/nodes/Default/users/%s.plist' % username, 'bw') stream.write(plistData) stream.close bashCommand(['dscacheutil', '-flushcache']) time.sleep(2) print '[+] User ['+username+'] new hash injected'
def writeHash(username, userHash): bashCommand(['dscacheutil', '-flushcache']) time.sleep(2) ## Open User's Plist Data data = open('/var/db/dslocal/nodes/Default/users/%s.plist' % username, 'r') ## Read and buffer the user's Plist Data plistData = buffer(data.read()) data.close ## Convert the Plist Data into a Dictionary (userPlist, _, _) = ( NSPropertyListSerialization.propertyListWithData_options_format_error_( plistData, NSPropertyListXMLFormat_v1_0, None, None)) ## Read and buffer the new ShadowHashData userShadowHashData = buffer(userHash.decode('hex')) ## Convert the ShadowHashData into a Dictionary (userShadowHashPlist, _, _) = ( NSPropertyListSerialization.propertyListWithData_options_format_error_( userShadowHashData, NSPropertyListXMLFormat_v1_0, None, None)) ## Remove unsecured hash types del userShadowHashPlist['CRAM-MD5'] del userShadowHashPlist['NT'] ## Convert the ShadowHashData back to data (userShadowHashData, _) = ( NSPropertyListSerialization.dataWithPropertyList_format_options_error_( userShadowHashPlist, NSPropertyListBinaryFormat_v1_0, 0, None)) ## Insert the new ShadowHashData into the User's Plist Dictionary userPlist['ShadowHashData'][0] = userShadowHashData ## Convert the UserPlist back to data (plistData, _) = ( NSPropertyListSerialization.dataWithPropertyList_format_options_error_( userPlist, NSPropertyListBinaryFormat_v1_0, 0, None)) ## Write user's updated plist to disk stream = io.open('/var/db/dslocal/nodes/Default/users/%s.plist' % username, 'bw') stream.write(plistData) stream.close bashCommand(['dscacheutil', '-flushcache']) time.sleep(2)
def bin2str(token_bplist, account_bplist=None): # Convert the decrypted binary plist to an NSData object that can be read. bin_list = NSData.dataWithBytes_length_(token_bplist, len(token_bplist)) # Convert the binary NSData object into a dictionary object. token_plist = NSPropertyListSerialization.propertyListWithData_options_format_error_( bin_list, 0, None, None)[0] # Accounts DB cache if "$objects" in token_plist: # Because it is accounts db cache, we should also have been passed # account_bplist. bin_list = NSData.dataWithBytes_length_(account_bplist, len(account_bplist)) dsid_plist = NSPropertyListSerialization.propertyListWithData_options_format_error_( bin_list, 0, None, None)[0] for obj in dsid_plist["$objects"]: if "{}".format(obj).startswith("urn:ds:"): dsid = obj.replace("urn:ds:", "") token_dict = {"dsid": dsid} # Do some parsing to get the data out because it is not stored # in a format that is easy to process with stdlibs token_l = [ x.strip().replace(",", "") for x in "{}".format(token_plist["$objects"]).splitlines() ] pos_start = token_l.index("mmeBTMMInfiniteToken") pos_end = (token_l.index("cloudKitToken") - pos_start + 1) * 2 token_short = token_l[pos_start:pos_start + pos_end] zipped = zip(token_short[:len(token_short) / 2], token_short[len(token_short) / 2:]) for token_type, token_value in zipped: # Attempt to get generation time # this parsing is a little hacky, but it seems to be the best way # to handle all different kinds of iCloud tokens (new and old) gen_time = get_generation_time(token_value) token_dict[token_type] = (token_value, gen_time) return token_dict else: return token_plist
def _dataToPlist(data): """low-level function that parses a data object into a propertyList object""" darwin_vers = int(os.uname()[2].split(".")[0]) if darwin_vers > 10: ( plistObject, plistFormat, error, ) = NSPropertyListSerialization.propertyListWithData_options_format_error_( data, NSPropertyListMutableContainersAndLeaves, None, None ) else: # 10.5 doesn't support propertyListWithData:options:format:error: # 10.6's PyObjC wrapper for propertyListWithData:options:format:error: # is broken # so use the older NSPropertyListSerialization function ( plistObject, plistFormat, error, ) = NSPropertyListSerialization.propertyListFromData_mutabilityOption_format_errorDescription_( data, NSPropertyListMutableContainersAndLeaves, None, None ) if plistObject is None: if error is None: error = "Plist data is invalid and could not be deserialized." raise NSPropertyListSerializationException(error) else: return plistObject
def read_file(self, path): """Replace internal XML dict with data from plist at path. Args: path: String path to a plist file. Raises: PlistParseError: Error in reading plist file. """ # pylint: disable=unused-variable ( info, pformat, error, ) = NSPropertyListSerialization.propertyListWithData_options_format_error_( NSData.dataWithContentsOfFile_(os.path.expanduser(path)), NSPropertyListMutableContainersAndLeaves, None, None, ) # pylint: enable=unused-variable if info is None: if error is None: error = "Invalid plist file." raise PlistParseError("Can't read %s: %s" % (path, error)) return info
def readPlistFromString(data): '''Read a plist data from a string. Return the root object.''' plistData = buffer(data) (dataObject, plistFormat, error) = ( NSPropertyListSerialization.propertyListWithData_options_format_error_( plistData, NSPropertyListMutableContainersAndLeaves, None, None)) if error: raise NSPropertyListSerializationException(error) else: return dataObject
def readPlist(filepath): '''Read a .plist file from filepath. Return the unpacked root object (which is usually a dictionary).''' plistData = NSData.dataWithContentsOfFile_(filepath) (dataObject, plistFormat, error) = ( NSPropertyListSerialization.propertyListWithData_options_format_error_( plistData, NSPropertyListMutableContainersAndLeaves, None, None)) if error: errmsg = u"%s in file %s" % (error, filepath) raise NSPropertyListSerializationException(errmsg) else: return dataObject
def read_recipe(self, path): """Read a recipe into a dict.""" path = os.path.expanduser(path) if not (os.path.isfile(path)): raise Exception("File does not exist: %s" % path) info, pformat, error = \ NSPropertyListSerialization.propertyListWithData_options_format_error_( NSData.dataWithContentsOfFile_(path), NSPropertyListMutableContainers, None, None ) if error: raise Exception("Can't read %s: %s" % (path, error)) self._xml = info
def read(plist_path: str) -> Dict: """Read a plist file and return its contents as a dictionary.""" exc.raise_if_falsy(plist_path=plist_path) data, error = NSData.dataWithContentsOfFile_options_error_( plist_path, 0, objc.nil) if not data: msg = 'Failed to load plist file at path: {}'.format(plist_path) _raise_ioerror_from_nserror(error, msg) contents, dummy, error = NSPropertyListSerialization.propertyListWithData_options_format_error_( data, NSPropertyListMutableContainersAndLeaves, objc.nil, objc.nil) if not contents: msg = 'Failed to deserialize plist at path: {}'.format(plist_path) _raise_ioerror_from_nserror(error, msg) return contents
def retrieve_account_identifiers(): path = NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, NSUserDomainMask, True).firstObject() path = os.path.join(path, 'Group Containers', 'Q8B696Y8U4.com.ddeville.spillo', 'Library', 'Preferences', 'Q8B696Y8U4.com.ddeville.spillo.plist') data = NSData.dataWithContentsOfFile_(path) if data is None: return None defaults = NSPropertyListSerialization.propertyListWithData_options_format_error_( data, 0, None, None)[0] if defaults is None: return None accounts = defaults.get("accounts") if accounts is None: return None return accounts.valueForKey_("identifier")
def _dataToPlist(data): '''low-level function that parses a data object into a propertyList object''' darwin_vers = int(os.uname()[2].split('.')[0]) if darwin_vers > 10: (plistObject, plistFormat, error) = ( NSPropertyListSerialization.propertyListWithData_options_format_error_( data, NSPropertyListMutableContainersAndLeaves, None, None)) else: # 10.5 doesn't support propertyListWithData:options:format:error: # 10.6's PyObjC wrapper for propertyListWithData:options:format:error: # is broken # so use the older NSPropertyListSerialization function (plistObject, plistFormat, error) = ( NSPropertyListSerialization.propertyListFromData_mutabilityOption_format_errorDescription_( data, NSPropertyListMutableContainersAndLeaves, None, None ) ) if plistObject is None: if error is None: error = "Plist data is invalid and could not be deserialized." raise NSPropertyListSerializationException(error) else: return plistObject
def read_file(self, path): """Replace internal XML dict with data from plist at path. Args: path: String path to a plist file. Raises: PlistParseError: Error in reading plist file. """ # pylint: disable=unused-variable info, pformat, error = ( NSPropertyListSerialization.propertyListWithData_options_format_error_( NSData.dataWithContentsOfFile_(os.path.expanduser(path)), NSPropertyListMutableContainersAndLeaves, None, None )) # pylint: enable=unused-variable if info is None: if error is None: error = "Invalid plist file." raise PlistParseError("Can't read %s: %s" % (path, error)) return info
def unplist(s): from Foundation import NSData, NSPropertyListSerialization d = NSData.dataWithBytes_length_(s, len(s)) return NSPropertyListSerialization.propertyListWithData_options_format_error_( d, 0, None, None)
def unplist(s): from Foundation import NSData, NSPropertyListSerialization d = NSData.dataWithBytes_length_(s, len(s)) return NSPropertyListSerialization.propertyListWithData_options_format_error_(d, 0, None, None)
sys.exit() msg = base64.b64decode(icloud_key) key = "t9s\"lx^awe.580Gj%'ld+0LG<#9xa?>vb)-fkwb92[}" # Constant key used for hashing Hmac on all versions of macOS. # Create Hmac with this key and icloud_key using MD5 hashed = hmac.new(key, msg, digestmod=hashlib.md5).digest() hexed_key = binascii.hexlify(hashed) # Turn into hex for openssl subprocess IV = 16 * '0' mme_token_file = glob.glob("%s/Library/Application Support/iCloud/Accounts/*" % os.path.expanduser("~")) for x in mme_token_file: try: int(x.split("/")[-1]) # If we can cast to int we have the DSID / account file. mme_token_file = x except ValueError: continue if not isinstance(mme_token_file, str): print "Failed to find MMeTokenFile." sys.exit() # Perform decryption with zero dependencies by using openssl binary decrypted_binary = subprocess.check_output( "openssl enc -d -aes-128-cbc -iv '%s' -K %s < '%s'" % (IV, hexed_key, mme_token_file), shell=True) # Convert the decrypted binary plist to an NSData object that can be read bin_to_plist = NSData.dataWithBytes_length_(decrypted_binary, len(decrypted_binary)) # Convert the binary NSData object into a dictionary object token_plist = NSPropertyListSerialization.propertyListWithData_options_format_error_(bin_to_plist, 0, None, None)[0] print_tokens_json(token_plist)
def parse_plist(info_plist_string): # Use PyObjC, pre-installed in Apple's Python dist. data = NSData.dataWithBytes_length_(info_plist_string, len(info_plist_string)) return NSPropertyListSerialization.propertyListWithData_options_format_error_(data, 0, None, None)
def parse_plist(info_plist_string): # Use PyObjC, pre-installed in Apple's Python dist. data = NSData.dataWithBytes_length_(info_plist_string, len(info_plist_string)) return NSPropertyListSerialization.propertyListWithData_options_format_error_( data, 0, None, None)
# https://developer.apple.com/library/mac/documentation/cocoa/conceptual/PropertyLists/Introduction/Introduction.html from Foundation import NSData from Foundation import NSPropertyListSerialization from Foundation import NSPropertyListMutableContainersAndLeaves filename = "/Library/Preferences/com.apple.loginwindow.plist" plist_data = NSData.dataWithContentsOfFile_(filename) (dataObject, plistFormat, error) = ( NSPropertyListSerialization.propertyListWithData_options_format_error_( plist_data, NSPropertyListMutableContainersAndLeaves, None, None)) print dataObject