Created
May 16, 2021 05:43
-
-
Save ambroff/09b6084c3ea2c5af2288b25c39f51552 to your computer and use it in GitHub Desktop.
Extract the dataset encryption keys from a truenas settings export file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import base64 | |
import sys | |
import sqlite3 | |
from Crypto.Cipher import AES | |
from Crypto.Util import Counter | |
def main(argv): | |
aes_key = read_aes_key() | |
keys = load_encrypted_keys() | |
for dataset_name, encrypted_key in keys.items(): | |
decrypted = decrypt(encrypted_key, aes_key) | |
print(dataset_name) | |
print(decrypted) | |
print() | |
return 0 | |
def read_aes_key(): | |
with open('pwenc_secret', 'rb') as f: | |
return f.read() | |
def load_encrypted_keys(): | |
d = {} | |
with sqlite3.connect('freenas-v1.db') as conn: | |
for row in conn.execute('SELECT name, encryption_key FROM storage_encrypteddataset'): | |
d[row[0]] = row[1] | |
return d | |
def decrypt(encrypted, key): | |
if not encrypted: | |
return '' | |
encrypted = base64.b64decode(encrypted) | |
nonce = encrypted[:8] | |
encrypted = encrypted[8:] | |
cipher = AES.new(key, AES.MODE_CTR, counter=Counter.new(64, prefix=nonce)) | |
return cipher.decrypt(encrypted).rstrip(b'{').decode('utf8') | |
if __name__ == '__main__': | |
sys.exit(main(sys.argv)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment