| 276 | unhexlify('756ff73b0ee4980e2dd722fbcd0badb9a6be89590304eb6d58b6e8ab7aaaec1d')) |
| 277 | |
| 278 | def test_decryptVCrd(self): |
| 279 | blob = VAULT_VCRD(self.vcrdFile) |
| 280 | blob.dump() |
| 281 | key = unhexlify('acf4ff323558de5514be1731598e37c1ae5a6bf9016d5906097aee46712a5fe7') |
| 282 | |
| 283 | cleartext = None |
| 284 | for i, entry in enumerate(blob.attributesLen): |
| 285 | if entry > 28: |
| 286 | attribute = blob.attributes[i] |
| 287 | if 'IV' in attribute.fields and len(attribute['IV']) == 16: |
| 288 | cipher = AES.new(key, AES.MODE_CBC, iv=attribute['IV']) |
| 289 | else: |
| 290 | cipher = AES.new(key, AES.MODE_CBC) |
| 291 | cleartext = cipher.decrypt(attribute['Data']) |
| 292 | |
| 293 | if cleartext is not None: |
| 294 | # Lookup schema Friendly Name and print if we find one |
| 295 | if blob['FriendlyName'].decode('utf-16le')[:-1] in VAULT_KNOWN_SCHEMAS: |
| 296 | # Found one. Cast it and print |
| 297 | vault = VAULT_KNOWN_SCHEMAS[blob['FriendlyName'].decode('utf-16le')[:-1]](cleartext) |
| 298 | vault.dump() |
| 299 | self.assertEqual(vault['Username'], 'CONTOSO\\Administrator\x00'.encode('utf-16le')) |
| 300 | else: |
| 301 | raise Exception('No valid Schema') |
| 302 | |
| 303 | |
| 304 | # Process command-line arguments. |