This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pgpy | |
| import pandas | |
| import sqlite3 | |
| from Crypto.cipher import AES | |
| import os | |
| from base64 import b64decode | |
| import plistllib | |
| import ccl_bplist | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import multiprocessing | |
| import itertools | |
| from tqdm.contrib.concurrent import process_map | |
| charset="1234567890" | |
| salt = keychainVal['PinProtection.salt'] | |
| encMainKey = keychainVal['PinProtection'] | |
| IVsize = 16 | |
xperylab
/ PMPinProtectionMainKey.py
Created
July 28, 2021 07:28
PM : get main key from PinProtection strategy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import plistlib | |
| from Crypto.Cipher import AES | |
| salt = keychainVal['PinProtection.salt'] | |
| encMainKey = keychainVal['PinProtection'] | |
| def getMainKeyFromPinProtection(pin): | |
| iKey = hashlib.scrypt(pin, salt=salt, n=32768, r=8, p=1, maxmem=33*1024*1024, dklen=32) | |
| cipher = AES.new(ikey, AES.MODE_CTR, initial_value=encMainKey[:IVsize], nonce=b'') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pgpy | |
| mainKey = keychainVal['NoneProtection'] | |
| IVsize = 16 | |
| def decryptWithMainKey(encrypted): | |
| iv = encrypted[:IVsize] | |
| cipher = AES.new(mainKey, AES.MODE_CTR, initial_value=iv, nonce=b'') | |
| return cipher.decrypt(encrypted[IVsize:]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mainKey = keychainVal['NoneProtection'] | |
| IVsize = 16 | |
| def decryptWithMainKey(encrypted): | |
| iv = encrypted[:IVsize] | |
| cipher = AES.new(mainKey, AES.MODE_CTR, initial_value=iv, nonce=b'') | |
| return cipher.decrypt(encrypted[IVsize:]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from Crypto.Cipher import AES | |
| from struct import unpack | |
| import os | |
| import plistlib | |
| from base64 import b64encode | |
| signal_enc_db_name = 'signal.sqlite' | |
| keychain_plist_path = 'keychain_decrypted.plist' | |
| out_path = signal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################################ | |
| # # | |
| # UFED keychain decrypter # | |
| # # | |
| # Copyright Matthieu Regnery 2020 # | |
| # # | |
| # This program is free software: you can redistribute it and/or modify # | |
| # it under the terms of the GNU General Public License as published by # | |
| # the Free Software Foundation, either version 3 of the License, or # | |
| # (at your option) any later version. # |
xperylab
/ snapchat_object_content.proto
Created
December 14, 2020 07:51
Snapchat CONTENT_OBJECT_TABLE protobuf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| syntax = "proto2"; | |
| message root { | |
| required string id = 2; | |
| optional string key = 3; | |
| optional string iv = 4; | |
| required uint64 timestamp = 5; | |
| optional chat_prop chat_props = 9; | |
| required uint64 timestamp2 = 15; | |
| required string timestamp3 = 20; |
xperylab
/ decrypt_gallery_encrypteddb.py
Created
December 12, 2020 23:23
gallery.encrypteddb decryption
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| from Crypto.Cipher import AES | |
| enc_db = open('gallery.encrypteddb').read() | |
| enc_db_size = os.path.size(db_path) | |
| header_size = 0x10 | |
| page_size=0x400 | |
| header = enc_db.read(header_size) | |
| salt_sz = 0x10 |