Merge pull request #19 from login-securite/dpapikey_fuckup

Patching PVK decryption fuckup
2022-01-29 15:49:22 +01:00 · 2022-01-29 15:49:22 +01:00 · e7bc3e0a3e
parent 98729b1596 9fb50bfef7
commit e7bc3e0a3e
1 changed files with 13 additions and 7 deletions
--- a/lib/dpapi.py
+++ b/lib/dpapi.py
@ -268,11 +268,17 @@ class DPAPI:

 			decryptedKey = cipher.decrypt(dk['SecretData'][::-1], None)
 			if decryptedKey:
+				try:
 					domain_master_key = DPAPI_DOMAIN_RSA_MASTER_KEY(decryptedKey)
 					key = domain_master_key['buffer'][:domain_master_key['cbMasterKey']]
 					self.logging.debug('Decrypted key with domain backup key provided')
 					self.logging.debug('Decrypted key: 0x%s' % hexlify(key).decode('latin-1'))
 					return '0x%s' % hexlify(key).decode('latin-1')
+				except:  # on extrait l'info en dur
+					self.logging.debug('excepted, maybe because of a known DPAPI_PVK fuckup. trying to adjust ... ')
+					key = decryptedKey[8:96 + 8 - 32]
+					self.logging.debug('Decrypted key: 0x%s' % hexlify(key).decode('latin-1'))
+					return '0x%s' % hexlify(key).decode('latin-1')
 			else:
 				logging.debug("Error in decryptedKey with PVK")
 		# Lets try to decrypt it with another method