DPAPI Toolkit is a DPAPI(Data Protection API) and DPAPI-NG(Data Protection API Next Generation) decryption toolkit based on Golang, providing APIs for offline data decryption on different operating systems. It supports decryption methods such as password, hash, and domain backup key.
go get github.com/wat4r/dpapitk
package main
import (
"fmt"
"github.com/wat4r/dpapitk/utils"
"github.com/wat4r/dpapitk/masterkey"
)
func main() {
data := utils.ReadFile("./ea80d547-868c-4fc3-83cf-07203330d3be")
masterKeyFile := masterkey.InitMasterKeyFile(data)
sid := "S-1-5-21-3461634040-4115545689-1944680405-500"
password := "123456"
masterKeyFile.DecryptWithPassword(sid, password)
// hash := "aa647b916a1fad374df9c30711d58a7a"
// masterKeyFile.DecryptWithHash(sid, hash)
// pvkFileData := dpapitk.utils.ReadFile("./domain_backup_key.pvk")
// masterKeyFile.DecryptWithPvk(pvkFileData)
fmt.Printf("Status: %v, Master key: %x\n", masterKeyFile.Decrypted, masterKeyFile.Key)
}
package main
import (
"fmt"
"github.com/wat4r/dpapitk/blob"
"github.com/wat4r/dpapitk/utils"
)
func main() {
blobData := []byte{...}
masterKey := []byte{...}
entropy := nil
dataBlob := blob.ParseDataBlob(blobData)
fmt.Printf("GuidMasterKey: %s\n", utils.GuidMasterKeyConvert(dataBlob.GuidMasterKey))
data, err := dataBlob.DecryptWithMasterKey(masterKey, entropy)
if err != nil {
panic(err)
}
fmt.Printf("Data: %x\n", data)
}
package main
import (
"fmt"
"github.com/wat4r/dpapitk/cngblob"
)
func main() {
blobData := []byte{...}
masterKey := []byte{...}
entropy := nil
data, err := cngblob.DecryptWithMasterKey(blobData, masterKey, entropy)
if err != nil {
panic(err)
}
fmt.Printf("Data: %x\n", data)
}
✔️ DPAPI-NG(CNG DPAPI) data blob decrypt
This project is licensed under the Apache 2.0 license.
If you have any issues or feature requests, please contact us. PR is welcomed.