wbowling/decrypt.py

## decrypt.py
#!/usr/bin/env python3

"""
Based on https://github.com/xperylabhub/ios_keychain_decrypter/blob/d7f3089067816cd2adc1ce910c9e1b927a356f37/keychain_decrypt.py#L113
"""

import plistlib
from bpylist import archiver, archive_types
import dataclasses
from Crypto.Cipher import AES
from pyasn1.codec.der.decoder import decode


@dataclasses.dataclass
class SFAuthenticatedCiphertext(archive_types.DataclassArchiver):
    SFCiphertext: bytes = b""
    SFInitializationVector: bytes = b""
    SFAuthenticationCode: bytes = b""


archiver.update_class_map({'_SFAuthenticatedCiphertext': SFAuthenticatedCiphertext})


def decript_entry(entry):
    if 'data' not in entry:
        return None
    c = archiver.unarchive(entry['data']['ciphertext'])

    unwrapedKey = entry['data']['unwrappedKey']
    authCode = c.SFAuthenticationCode
    iv = c.SFInitializationVector
    ciphertext = c.SFCiphertext

    gcm = AES.new(unwrapedKey, AES.MODE_GCM, iv)
    decrypted = gcm.decrypt_and_verify(ciphertext, authCode)
    decoded = decode(decrypted)[0]
    data = {}
    for k in decoded:
        if 'Octet' in str(type(k[1])):
            data.update({str(k[0]): bytes(k[1])})
        else:
            data.update({str(k[0]): str(k[1])})
    return data


if __name__ == "__main__":

    with open("backup_keychain_v2.plist", "rb") as f:
        plist = plistlib.load(f)

    for i in range(len(plist['keychainEntries'])):
        print("Entry {}".format(i))
        print(decript_entry(plist['keychainEntries'][i]))
        print("\n")
	#!/usr/bin/env python3

	"""
	Based on https://github.com/xperylabhub/ios_keychain_decrypter/blob/d7f3089067816cd2adc1ce910c9e1b927a356f37/keychain_decrypt.py#L113
	"""

	import plistlib
	from bpylist import archiver, archive_types
	import dataclasses
	from Crypto.Cipher import AES
	from pyasn1.codec.der.decoder import decode


	@dataclasses.dataclass
	class SFAuthenticatedCiphertext(archive_types.DataclassArchiver):
	SFCiphertext: bytes = b""
	SFInitializationVector: bytes = b""
	SFAuthenticationCode: bytes = b""


	archiver.update_class_map({'_SFAuthenticatedCiphertext': SFAuthenticatedCiphertext})


	def decript_entry(entry):
	if 'data' not in entry:
	return None
	c = archiver.unarchive(entry['data']['ciphertext'])

	unwrapedKey = entry['data']['unwrappedKey']
	authCode = c.SFAuthenticationCode
	iv = c.SFInitializationVector
	ciphertext = c.SFCiphertext

	gcm = AES.new(unwrapedKey, AES.MODE_GCM, iv)
	decrypted = gcm.decrypt_and_verify(ciphertext, authCode)
	decoded = decode(decrypted)[0]
	data = {}
	for k in decoded:
	if 'Octet' in str(type(k[1])):
	data.update({str(k[0]): bytes(k[1])})
	else:
	data.update({str(k[0]): str(k[1])})
	return data


	if __name__ == "__main__":

	with open("backup_keychain_v2.plist", "rb") as f:
	plist = plistlib.load(f)

	for i in range(len(plist['keychainEntries'])):
	print("Entry {}".format(i))
	print(decript_entry(plist['keychainEntries'][i]))
	print("\n")