-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for decrypting System DPAPI secrets #305
Merged
Merged
Changes from all commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
25ecbf5
Added support for decrypting System DPAPI secrets
cobyge b20f082
Refactored crypto.py, removed DES support, refactored to adhere to va…
cobyge 8b070da
Pushed test data to LFS
cobyge 09138e9
Suggested changes
Schamper 4c26ea8
Small fixes
cobyge 6a53acf
Removed pre-vista "support"
cobyge c0813ed
Fixed iv access if None
cobyge 2a3b904
Small fixes
Schamper 2db8006
Make blob offset dynamic
Schamper 8339046
Remove unused import
Schamper 66c285e
Merge branch 'main' into feature/add_dpapi
Schamper 79bca33
Fix erronous merge
Schamper f160324
Fix circular import
Schamper 74dd79d
Address comments
Schamper e5f9124
Merge branch 'main' into feature/add_dpapi
Schamper File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,151 @@ | ||
from typing import Optional | ||
from uuid import UUID | ||
|
||
from dissect.cstruct import cstruct | ||
|
||
from dissect.target.plugins.os.windows.dpapi.crypto import ( | ||
CipherAlgorithm, | ||
HashAlgorithm, | ||
crypt_session_key_type1, | ||
crypt_session_key_type2, | ||
) | ||
|
||
blob_def = """ | ||
struct DPAPIBlob { | ||
DWORD dwVersion; | ||
char provider[16]; | ||
DWORD mkVersion; | ||
char guid[16]; | ||
DWORD flags; | ||
DWORD descriptionLength; | ||
char description[descriptionLength]; | ||
DWORD CipherAlgId; | ||
DWORD keyLen; | ||
DWORD saltLength; | ||
char salt[saltLength]; | ||
DWORD strongLength; | ||
char strong[strongLength]; | ||
DWORD CryptAlgId; | ||
DWORD hashLen; | ||
DWORD hmacLength; | ||
char hmac[hmacLength]; | ||
DWORD cipherTextLength; | ||
char cipherText[cipherTextLength]; | ||
DWORD signLength; | ||
char sign[signLength]; | ||
}; | ||
""" | ||
|
||
c_blob = cstruct() | ||
c_blob.load(blob_def) | ||
|
||
|
||
class Blob: | ||
"""Represents a DPAPI blob.""" | ||
|
||
def __init__(self, data: bytes): | ||
self._blob = c_blob.DPAPIBlob(data) | ||
|
||
self.version = self._blob.dwVersion | ||
self.provider = str(UUID(bytes_le=self._blob.provider)) | ||
self.mkversion = self._blob.mkVersion | ||
self.guid = str(UUID(bytes_le=self._blob.guid)) | ||
self.flags = self._blob.flags | ||
self.description = self._blob.description.decode("utf-16-le") | ||
self.cipher_algorithm = CipherAlgorithm.from_id(self._blob.CipherAlgId) | ||
self.key_len = self._blob.keyLen | ||
self.salt = self._blob.salt | ||
self.strong = self._blob.strong | ||
self.hash_algorithm = HashAlgorithm.from_id(self._blob.CryptAlgId) | ||
self.hash_len = self._blob.hashLen | ||
self.hmac = self._blob.hmac | ||
self.cipher_text = self._blob.cipherText | ||
|
||
# All the blob data between the version, provider and sign fields | ||
# TODO: Replace with future offsetof function in cstruct | ||
self.blob = data[c_blob.DPAPIBlob.lookup["mkVersion"].offset : -(self._blob.signLength + len(c_blob.DWORD))] | ||
self.sign = self._blob.sign | ||
|
||
self.clear_text = None | ||
self.decrypted = False | ||
self.sign_computed = None | ||
|
||
def decrypt( | ||
self, | ||
master_key: bytes, | ||
entropy: Optional[bytes] = None, | ||
strong_password: Optional[str] = None, | ||
smart_card_secret: Optional[bytes] = None, | ||
) -> bool: | ||
"""Try to decrypt the blob with the given master key. | ||
|
||
Args: | ||
master_key: Decrypted master key value. | ||
entropy: Optional entropy for decrypting the blob. | ||
strong_password: Optional password for decrypting the blob. | ||
smart_card_secret: MS Next Gen Crypto secret (e.g. from PIN code). | ||
|
||
Returns: | ||
True if decryption is succesful, False otherwise. | ||
""" | ||
if self.decrypted: | ||
return True | ||
|
||
for algo in [crypt_session_key_type1, crypt_session_key_type2]: | ||
session_key = algo( | ||
master_key, | ||
self.salt, | ||
self.hash_algorithm, | ||
entropy=entropy, | ||
smart_card_secret=smart_card_secret, | ||
strong_password=strong_password, | ||
) | ||
key = self.cipher_algorithm.derive_key(session_key, self.hash_algorithm) | ||
self.clear_text = self.cipher_algorithm.decrypt(self.cipher_text, key) | ||
|
||
padding = self.clear_text[-1] | ||
if padding <= self.cipher_algorithm.block_length: | ||
self.clear_text = self.clear_text[:-padding] | ||
|
||
# Check against provided HMAC | ||
self.sign_computed = algo( | ||
master_key, | ||
self.hmac, | ||
self.hash_algorithm, | ||
entropy=entropy, | ||
smart_card_secret=smart_card_secret, | ||
verify_blob=self.blob, | ||
) | ||
|
||
self.decrypted = self.sign_computed == self.sign | ||
if self.decrypted: | ||
return True | ||
|
||
self.decrypted = False | ||
return self.decrypted | ||
|
||
def __repr__(self) -> str: | ||
s = [ | ||
"DPAPI BLOB", | ||
"\n".join( | ||
( | ||
"\tversion = %(version)d", | ||
"\tprovider = %(provider)s", | ||
"\tmkey = %(guid)s", | ||
"\tflags = %(flags)#x", | ||
"\tdescr = %(description)s", | ||
"\tcipher_algo = %(cipher_algorithm)r", | ||
"\thash_algo = %(hash_algorithm)r", | ||
) | ||
) | ||
% self.__dict__, | ||
"\tsalt = %s" % self.salt.hex(), | ||
"\thmac = %s" % self.hmac.hex(), | ||
"\tcipher = %s" % self.cipher_text.hex(), | ||
"\tsign = %s" % self.sign.hex(), | ||
] | ||
if self.sign_computed is not None: | ||
s.append("\tsign_computed = %s" % self.sign_computed.hex()) | ||
if self.clear_text is not None: | ||
s.append("\tcleartext = %r" % self.clear_text) | ||
return "\n".join(s) | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a specific reason to attempt to read all files, instead of just the relevant ones?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly readability and ease of expansion. Especially the Unix-y based paths would quickly get hairy and easy to forget when adding new operating system support to Dissect (e.g. BSD). It's a small amount of paths so I feel it's okay to "bruteforce" it.