This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import pgpy | |
import pandas | |
import sqlite3 | |
from Crypto.cipher import AES | |
import os | |
from base64 import b64decode | |
import plistllib | |
import ccl_bplist | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import multiprocessing | |
import itertools | |
from tqdm.contrib.concurrent import process_map | |
charset="1234567890" | |
salt = keychainVal['PinProtection.salt'] | |
encMainKey = keychainVal['PinProtection'] | |
IVsize = 16 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib | |
import plistlib | |
from Crypto.Cipher import AES | |
salt = keychainVal['PinProtection.salt'] | |
encMainKey = keychainVal['PinProtection'] | |
def getMainKeyFromPinProtection(pin): | |
iKey = hashlib.scrypt(pin, salt=salt, n=32768, r=8, p=1, maxmem=33*1024*1024, dklen=32) | |
cipher = AES.new(ikey, AES.MODE_CTR, initial_value=encMainKey[:IVsize], nonce=b'') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import pgpy | |
mainKey = keychainVal['NoneProtection'] | |
IVsize = 16 | |
def decryptWithMainKey(encrypted): | |
iv = encrypted[:IVsize] | |
cipher = AES.new(mainKey, AES.MODE_CTR, initial_value=iv, nonce=b'') | |
return cipher.decrypt(encrypted[IVsize:]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mainKey = keychainVal['NoneProtection'] | |
IVsize = 16 | |
def decryptWithMainKey(encrypted): | |
iv = encrypted[:IVsize] | |
cipher = AES.new(mainKey, AES.MODE_CTR, initial_value=iv, nonce=b'') | |
return cipher.decrypt(encrypted[IVsize:]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.Cipher import AES | |
from struct import unpack | |
import os | |
import plistlib | |
from base64 import b64encode | |
signal_enc_db_name = 'signal.sqlite' | |
keychain_plist_path = 'keychain_decrypted.plist' | |
out_path = signal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################################ | |
# # | |
# UFED keychain decrypter # | |
# # | |
# Copyright Matthieu Regnery 2020 # | |
# # | |
# This program is free software: you can redistribute it and/or modify # | |
# it under the terms of the GNU General Public License as published by # | |
# the Free Software Foundation, either version 3 of the License, or # | |
# (at your option) any later version. # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
syntax = "proto2"; | |
message root { | |
required string id = 2; | |
optional string key = 3; | |
optional string iv = 4; | |
required uint64 timestamp = 5; | |
optional chat_prop chat_props = 9; | |
required uint64 timestamp2 = 15; | |
required string timestamp3 = 20; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
from Crypto.Cipher import AES | |
enc_db = open('gallery.encrypteddb').read() | |
enc_db_size = os.path.size(db_path) | |
header_size = 0x10 | |
page_size=0x400 | |
header = enc_db.read(header_size) | |
salt_sz = 0x10 |