MCPcopy
hub / github.com/fortra/impacket / decrypt

Method decrypt

impacket/dpapi.py:302–331  ·  view source on GitHub ↗
(self, key)

Source from the content-addressed store, hash-verified

300 return keyMaterial[:keylen]
301
302 def decrypt(self, key):
303 if self['HashAlgo'] == ALGORITHMS.CALG_HMAC.value:
304 hashModule = SHA1
305 else:
306 hashModule = ALGORITHMS_DATA[self['HashAlgo']][1]
307
308 prf = lambda p, s: HMAC.new(p, s, hashModule).digest()
309 derivedBlob = self.deriveKey(key, self['Salt'],
310 ALGORITHMS_DATA[self['CryptAlgo']][0] + ALGORITHMS_DATA[self['CryptAlgo']][3],
311 count=self['MasterKeyIterationCount'], hashFunction=prf)
312
313 cryptKey = derivedBlob[:ALGORITHMS_DATA[self['CryptAlgo']][0]]
314 iv = derivedBlob[ALGORITHMS_DATA[self['CryptAlgo']][0]:][:ALGORITHMS_DATA[self['CryptAlgo']][3]]
315
316 cipher = ALGORITHMS_DATA[self['CryptAlgo']][1].new(cryptKey, mode = ALGORITHMS_DATA[self['CryptAlgo']][2], iv = iv)
317 cleartext = cipher.decrypt(self['data'])
318
319 decryptedKey = cleartext[-64:]
320 hmacSalt = cleartext[:16]
321 hmac = cleartext[16:][:ALGORITHMS_DATA[self['HashAlgo']][0]]
322
323 hmacKey = HMAC.new(key, hmacSalt, hashModule).digest()
324
325 hmacCalculated = HMAC.new(hmacKey, decryptedKey, hashModule ).digest()
326
327 if hmacCalculated[:ALGORITHMS_DATA[self['HashAlgo']][0]] == hmac:
328 self.decryptedKey = decryptedKey
329 return decryptedKey
330 else:
331 return None
332
333class CredHist(Structure):
334 structure = (

Callers 15

runMethod · 0.95
dumpMethod · 0.95
aes_unwrapFunction · 0.45
decrypt_plaintextFunction · 0.45
recvSMBMethod · 0.45
kerberosLoginMethod · 0.45
_kerberos_authMethod · 0.45
decryptSecretFunction · 0.45
SamDecryptNTLMHashFunction · 0.45
decryptMethod · 0.45

Calls 1

deriveKeyMethod · 0.95

Tested by 2