adding describe function

skelsec · Sep 19, 2022 · 6271025 · 6271025
1 parent 4b09080
commit 6271025
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 2 deletions.
diff --git a/pypykatz/_version.py b/pypykatz/_version.py
@@ -1,5 +1,5 @@
 
-__version__ = "0.6.1"
+__version__ = "0.6.2"
 __banner__ = \
 """
 # pypyKatz %s 

diff --git a/pypykatz/dpapi/cmdhelper.py b/pypykatz/dpapi/cmdhelper.py
@@ -2,6 +2,12 @@
 import argparse
 import platform
 
+from pypykatz.dpapi.structures.blob import DPAPI_BLOB
+from pypykatz.dpapi.structures.credentialfile import CredentialFile
+from pypykatz.dpapi.structures.masterkeyfile import MasterKeyFile
+from pypykatz.dpapi.structures.vault import VAULT_VPOL
+from winacl.dtyp.wcee.pvkfile import PVKFile
+
 
 class DPAPICMDHelper:
 	def __init__(self):
@@ -131,6 +137,10 @@ def add_args(self, parser, live_parser):
 		dpapi_wifi_group.add_argument('mkf', help= 'Keyfile generated by the masterkey -o command.')
 		dpapi_wifi_group.add_argument('wifixml', help='WIFI config XML file')
 
+		dpapi_describe_group = dpapi_subparsers.add_parser('describe', help='Print information on given structure')
+		dpapi_describe_group.add_argument('datatype', choices = ['blob', 'masterkey', 'pvk', 'vpol', 'credential'], help= 'Type of structure')
+		dpapi_describe_group.add_argument('data', help='filepath or hex-encoded data')
+
 
 	def execute(self, args):
 		if len(self.keywords) > 0 and args.command in self.keywords:
@@ -284,7 +294,34 @@ def run(self, args):
 			wificonfig_enc = DPAPI.parse_wifi_config_file(args.wifixml)
 			wificonfig = dpapi.decrypt_wifi_config_file_inner(wificonfig_enc)
 			print('%s : %s' % (wificonfig['name'], wificonfig['key']))
-
+
+		elif args.dapi_module == 'describe':
+			def read_file_or_hex(x):
+				data = None
+				try:
+					with open(x, 'rb') as f:
+						data=f.read()
+				except:
+					data = bytes.fromhex(x)
+				return data
+
+			try:
+				data = read_file_or_hex(args.data)
+			except:
+				raise Exception('Could not load data!')
+			if args.datatype.upper() == 'BLOB':
+				res = DPAPI_BLOB.from_bytes(data)
+			elif args.datatype.upper() == 'MASTERKEY':
+				res = MasterKeyFile.from_bytes(data)
+			elif args.datatype.upper() == 'VPOL':
+				res = VAULT_VPOL.from_bytes(data)
+			elif args.datatype.upper() == 'PVK':
+				res = PVKFile.from_bytes(data)
+			elif args.datatype.upper() == 'CREDENTIAL':
+				res = CredentialFile.from_bytes(data)
+			else:
+				raise Exception('Unknown data format %s' % args.datatype)
+			print(str(res))
 
 	def run_live(self, args):
 		if platform.system().lower() != 'windows':