From 8650d92ea8ce0f64e95caf48ed309cafd58c8860 Mon Sep 17 00:00:00 2001 From: Haochen Tong Date: Fri, 19 May 2023 23:31:19 +0800 Subject: [PATCH 1/3] Fix dumping of keychain password hash --- chainbreaker/__init__.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/chainbreaker/__init__.py b/chainbreaker/__init__.py index 0ab8c7b..2d7dcf8 100644 --- a/chainbreaker/__init__.py +++ b/chainbreaker/__init__.py @@ -410,10 +410,10 @@ def _find_wrapping_key(self, master): def dump_keychain_password_hash(self): cyphertext = hexlify(self.kc_buffer[self.base_addr + self.dbblob.StartCryptoBlob:self.base_addr - + self.dbblob.TotalLength]) + + self.dbblob.TotalLength]).decode() - iv = hexlify(self.dbblob.IV) - salt = hexlify(self.dbblob.Salt) + iv = hexlify(self.dbblob.IV).decode() + salt = hexlify(self.dbblob.Salt).decode() return self.KeychainPasswordHash(salt, iv, cyphertext) From 43ad0a37fc1b84fab685da050da4e95941d464fb Mon Sep 17 00:00:00 2001 From: Haochen Tong Date: Fri, 19 May 2023 23:31:57 +0800 Subject: [PATCH 2/3] Fix export file names for passwords and certificates --- chainbreaker/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chainbreaker/__init__.py b/chainbreaker/__init__.py index 2d7dcf8..0742f58 100644 --- a/chainbreaker/__init__.py +++ b/chainbreaker/__init__.py @@ -959,7 +959,7 @@ def exportable(self): @property def file_name(self): - return "".join(str(x) for x in self.PrintName if type(x) is int) + return self.PrintName.decode(errors='ignore') @property def file_ext(self): @@ -1011,7 +1011,7 @@ def exportable(self): @property def file_name(self): - return "".join(str(x) for x in self.PrintName if type(x) is int) + return self.PrintName.decode(errors='ignore') @property def file_ext(self): From 4bd17b6df95a71a8dc599818537665c0ac3d4f97 Mon Sep 17 00:00:00 2001 From: Haochen Tong Date: Fri, 19 May 2023 23:41:33 +0800 Subject: [PATCH 3/3] Make sure function return values are consistent in type --- chainbreaker/__init__.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/chainbreaker/__init__.py b/chainbreaker/__init__.py index 0742f58..a1faa1c 100644 --- a/chainbreaker/__init__.py +++ b/chainbreaker/__init__.py @@ -342,14 +342,14 @@ def _get_int(self, base_addr, pcol): # Get 4 character code from the keychain buffer def _get_four_char_code(self, base_addr, pcol): if pcol <= 0: - return '' + return b'' else: return _FOUR_CHAR_CODE(self.kc_buffer[base_addr + pcol:base_addr + pcol + 4]).Value # Get a lv from the keychain buffer def _get_lv(self, base_addr, pcol): if pcol <= 0: - return '' + return b'' str_length = _INT(self.kc_buffer[base_addr + pcol:base_addr + pcol + 4]).Value # 4byte arrangement @@ -362,7 +362,7 @@ def _get_lv(self, base_addr, pcol): data = _LV(self.kc_buffer[base_addr + pcol + 4:base_addr + pcol + 4 + real_str_len], real_str_len).Value except struct.error: self.logger.debug('LV string length is too long.') - return '' + return b'' return data @@ -372,7 +372,7 @@ def _private_key_decryption(self, encryptedblob, iv): plain = Chainbreaker._kcdecrypt(self.db_key, Chainbreaker.MAGIC_CMS_IV, encryptedblob) if len(plain) == 0: - return '', '' + return b'', b'' # reverse the plaintext before decrypting again plain = bytes(reversed(plain)) @@ -398,7 +398,7 @@ def _find_wrapping_key(self, master): plain = Chainbreaker._kcdecrypt(master, self.dbblob.IV, ciphertext) if len(plain) < Chainbreaker.KEYLEN: - return '' + return b'' dbkey = plain[:Chainbreaker.KEYLEN]