mirror of
https://github.com/e-ago/bitcracker.git
synced 2025-10-27 07:29:18 +00:00
Temporary fix: adding a new possible offset for AES-CCM metadata according to issue #4. The extractor code needs to be reworked
This commit is contained in:
parent
e39a3889b3
commit
13e53888b9
@ -95,34 +95,46 @@ static void print_hex(unsigned char *str, int len, FILE *out)
|
||||
fprintf(out, "%02x", str[i]);
|
||||
}
|
||||
|
||||
#define TEST_AES_CCM(slen) { \
|
||||
fprintf(stderr, "Searching AES-CCM from 0x%08lx\n", ftell(encryptedImage)); \
|
||||
fseek(encryptedImage, slen, SEEK_CUR); \
|
||||
fillBuffer(encryptedImage, r_salt, SALT_SIZE); \
|
||||
printf("Salt: "); \
|
||||
print_hex(r_salt, SALT_SIZE, stdout); \
|
||||
printf("\n"); \
|
||||
fseek(encryptedImage, 147, SEEK_CUR); \
|
||||
char a=(unsigned char)fgetc(encryptedImage); \
|
||||
char b=(unsigned char)fgetc(encryptedImage); \
|
||||
#define SERACH_AESCCM(elen) { \
|
||||
fseek(encryptedImage, elen, SEEK_CUR); \
|
||||
fprintf(stderr, "Offset=0x%08lx\n", (ftell(encryptedImage)-2)); \
|
||||
a=(uint8_t)fgetc(encryptedImage); \
|
||||
b=(uint8_t)fgetc(encryptedImage); \
|
||||
if (( a != value_type[0]) || (b != value_type[1])) { \
|
||||
fprintf(stderr, "Error: VMK not encrypted with AES-CCM (%x,%x)\n",a ,b); \
|
||||
fprintf(stderr, "Error: VMK not encrypted with AES-CCM (0x%x,0x%x), offset=0x%08lx\n",a ,b, (ftell(encryptedImage)-2)); \
|
||||
found_ccm=0; \
|
||||
} \
|
||||
else \
|
||||
{ \
|
||||
fprintf(stderr, "VMK encrypted with AES-CCM (%lx)\n", (ftell(encryptedImage)-2)); \
|
||||
fprintf(stderr, "VMK encrypted with AES-CCM (0x%08lx)\n", (ftell(encryptedImage)-2)); \
|
||||
found_ccm=1; \
|
||||
fseek(encryptedImage, 3, SEEK_CUR); \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SERACH_SALT(slen) { \
|
||||
fprintf(stderr, "Searching AES-CCM from 0x%08lx\n", ftell(encryptedImage)); \
|
||||
fseek(encryptedImage, slen, SEEK_CUR); \
|
||||
fillBuffer(encryptedImage, r_salt, SALT_SIZE); \
|
||||
printf("Salt: "); \
|
||||
print_hex(r_salt, SALT_SIZE, stdout); \
|
||||
printf("\n"); \
|
||||
startfp=ftell(encryptedImage); \
|
||||
SERACH_AESCCM(147) \
|
||||
if(found_ccm==0) \
|
||||
{ \
|
||||
fseek(encryptedImage, startfp, SEEK_SET); \
|
||||
SERACH_AESCCM(67) \
|
||||
} \
|
||||
}
|
||||
|
||||
int userPasswordFound=0, recoveryPasswordFound=0;
|
||||
|
||||
int parse_image(char * encryptedImagePath, char * outHashUser, char * outHashRecovery)
|
||||
{
|
||||
int version = 0, i = 0, match = 0, found_ccm=0;
|
||||
long int fileLen = 0, j=0;
|
||||
int startfp=0;
|
||||
const char signature[SIGNATURE_LEN] = "-FVE-FS-";
|
||||
unsigned char vmk_entry[4] = { 0x02, 0x00, 0x08, 0x00 };
|
||||
unsigned char key_protection_clear[2] = { 0x00, 0x00 };
|
||||
@ -132,7 +144,8 @@ int parse_image(char * encryptedImagePath, char * outHashUser, char * outHashRec
|
||||
unsigned char key_protection_password[2] = { 0x00, 0x20 };
|
||||
unsigned char value_type[2] = { 0x00, 0x05 };
|
||||
unsigned char padding[16] = {0};
|
||||
char c,d;
|
||||
uint8_t a,b;
|
||||
unsigned char c,d;
|
||||
FILE *outFileUser, *outFileRecv, * encryptedImage;
|
||||
long int curr_fp=0;
|
||||
|
||||
@ -193,11 +206,11 @@ int parse_image(char * encryptedImagePath, char * outHashUser, char * outHashRec
|
||||
curr_fp = ftell(encryptedImage);
|
||||
fprintf(stderr, "VMK encrypted with Recovery Password found at 0x%08lx\n", curr_fp);
|
||||
|
||||
TEST_AES_CCM(12)
|
||||
SERACH_SALT(12)
|
||||
if (found_ccm == 0)
|
||||
{
|
||||
fseek(encryptedImage, curr_fp, SEEK_SET);
|
||||
TEST_AES_CCM(12+20)
|
||||
SERACH_SALT(12+20)
|
||||
}
|
||||
if (found_ccm == 0)
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user