-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support DPAPI masterkeys from Windows 10 1607+ #3419
Conversation
Cool, thanks! I'll let Dhiru review this. |
I will be back on the 19th October to review this. Thanks! CC @Fist0urs. Hey, does this look OK to you? |
src/dpapimk_fmt_plug.c
Outdated
} | ||
|
||
for (i = 0; i < sha256loops; i++) | ||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put the brace on the previous line itself. Applies to other places as well.
Hi! Thank you for this PR, it looks promising! Few questions:
This can be explained by the fact that this iteration number will vary upon Windows versions (it can also be custom by modifying the registry). I want to make sure that this is not a particular usecase :) Finally, the DPAPImk2john.py script also gives the ability to test passwords on provided samples. and the corresponding try_credential function that provided the ability to decrypt stuff: This would be awesome if you could add the version 3 support (ie. domain1607+) to this script. |
The local context remains unchanged, using the SHA-1 hash of the password directly.
These values are hardcoded in dpapi.dll. It is possible that they will change in future Windows versions (mainly once this knowledge becomes more public, as the changes are just an attempt at obscurity from Microsoft and add almost no real security), but they are not dependant on the masterkey file and as such cannot be variable.
I will udpate the script to support this scenario. |
Could you please insert a comment in your code stating this? So that if this iteration number happens to change (very unlikely though) someone wanting to add support in the format will spot directly where things should be added :) Edit: I could confirm that this value is hardcoded on Windows 10 version 1803 (build 17134) too
Great, thx. Ok for me when discussed elements will be added, thank you for your contribution 👍 |
* DPAPImk2john.py supports --password for new masterkey * Documented that the derivation algorithm is hardcoded in NtlmShared.dll!MsvpDeriveSecureCredKey * Code style
One of the builds timeouted for some reason, but as far as I'm concerned, all concerns raised so far were resolved. :) |
Please note I squashed the commits into a single one while merging. Thanks! |
Hello @jagotu When I test the script it seems the context is not working properly
Since the context is (I try all the option it's always version 1. Tested on windows server 2019) I can provide the file masterkey if you want. |
@mpgn you're looking at the wrong number. The second number is the context, which is 3 as it should be for domain1607+ |
Yep, my bad. Any idea how can I have a hash with version 2 ? meaning no DES since from what I understand DES is for xp and vista and AES for win7 and more.
My goal is to get a hash like this: DPAPI masterkey file v2 + Active Directory domain context Since with format Or john
|
@mpgn If for the same key the password checks out in the python script but isn't found by John that is, indeed, an issue. What I see is that while two lines are in the If not, could you open a new issue, preferably with the master key file attached? |
Since Windows 10 version 1607 (build 14393), DPAPI masterkeys in a domain context use a key derived from the NTLM hash instead of directly using the NTLM hash. That resulted in John being unable to crack these newer masterkeys.
Unfortunately, it's impossible to tell whether the masterkey is in the newer or older format just by having the file. This pull request adds context number 3 to DPAPImk, which prompts John to perform the key derivation step. Also, a modified DPAPImk2john.py script is provided, which defaults to outputting both variants unless the user specifies a context of "domain1607+" or "domain1607-". It's obviously two times slower to attempt to crack with both variants, but remember that until now, John wouldn't crack these newer masterkeys at all.