Support for extracting PassHashes from ADE
parent
620c90b695
commit
8986855a47
@ -0,0 +1,158 @@
|
||||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# adobekey_get_passhash.py, version 1
|
||||
# based on adobekey.pyw, version 7.2
|
||||
# Copyright © 2009-2021 i♥cabbages, Apprentice Harper et al.
|
||||
# Copyright © 2021 noDRM
|
||||
|
||||
# Released under the terms of the GNU General Public Licence, version 3
|
||||
# <http://www.gnu.org/licenses/>
|
||||
|
||||
# Revision history:
|
||||
# 1 - Initial release
|
||||
|
||||
"""
|
||||
Retrieve Adobe ADEPT user passhash keys
|
||||
"""
|
||||
|
||||
__license__ = 'GPL v3'
|
||||
__version__ = '1'
|
||||
|
||||
import sys, os, time
|
||||
import base64, hashlib
|
||||
try:
|
||||
from Cryptodome.Cipher import AES
|
||||
except:
|
||||
from Crypto.Cipher import AES
|
||||
|
||||
PASS_HASH_SECRET = "9ca588496a1bc4394553d9e018d70b9e"
|
||||
|
||||
def unpad(data):
|
||||
|
||||
if sys.version_info[0] == 2:
|
||||
pad_len = ord(data[-1])
|
||||
else:
|
||||
pad_len = data[-1]
|
||||
|
||||
return data[:-pad_len]
|
||||
|
||||
|
||||
try:
|
||||
from calibre.constants import iswindows, isosx
|
||||
except:
|
||||
iswindows = sys.platform.startswith('win')
|
||||
isosx = sys.platform.startswith('darwin')
|
||||
|
||||
|
||||
class ADEPTError(Exception):
|
||||
pass
|
||||
|
||||
def decrypt_passhash(passhash, fp):
|
||||
|
||||
serial_number = base64.b64decode(fp).hex()
|
||||
|
||||
hash_key = hashlib.sha1(bytearray.fromhex(serial_number + PASS_HASH_SECRET)).digest()[:16]
|
||||
|
||||
encrypted_cc_hash = base64.b64decode(passhash)
|
||||
cc_hash = unpad(AES.new(hash_key, AES.MODE_CBC, encrypted_cc_hash[:16]).decrypt(encrypted_cc_hash[16:]))
|
||||
return base64.b64encode(cc_hash).decode("ascii")
|
||||
|
||||
|
||||
if iswindows:
|
||||
try:
|
||||
import winreg
|
||||
except ImportError:
|
||||
import _winreg as winreg
|
||||
|
||||
PRIVATE_LICENCE_KEY_PATH = r'Software\Adobe\Adept\Activation'
|
||||
|
||||
def passhash_keys():
|
||||
cuser = winreg.HKEY_CURRENT_USER
|
||||
keys = []
|
||||
names = []
|
||||
try:
|
||||
plkroot = winreg.OpenKey(cuser, PRIVATE_LICENCE_KEY_PATH)
|
||||
except WindowsError:
|
||||
raise ADEPTError("Could not locate ADE activation")
|
||||
|
||||
idx = 1
|
||||
|
||||
fp = None
|
||||
|
||||
i = -1
|
||||
while True:
|
||||
i = i + 1 # start with 0
|
||||
try:
|
||||
plkparent = winreg.OpenKey(plkroot, "%04d" % (i,))
|
||||
except:
|
||||
# No more keys
|
||||
break
|
||||
|
||||
ktype = winreg.QueryValueEx(plkparent, None)[0]
|
||||
|
||||
if ktype == "activationToken":
|
||||
# find fingerprint for hash decryption
|
||||
j = -1
|
||||
while True:
|
||||
j = j + 1 # start with 0
|
||||
try:
|
||||
plkkey = winreg.OpenKey(plkparent, "%04d" % (j,))
|
||||
except WindowsError:
|
||||
break
|
||||
ktype = winreg.QueryValueEx(plkkey, None)[0]
|
||||
if ktype == 'fingerprint':
|
||||
fp = winreg.QueryValueEx(plkkey, 'value')[0]
|
||||
#print("Found fingerprint: " + fp)
|
||||
|
||||
if ktype == 'passHashList':
|
||||
|
||||
j = -1
|
||||
lastOperator = "Unknown"
|
||||
while True:
|
||||
j = j + 1 # start with 0
|
||||
try:
|
||||
plkkey = winreg.OpenKey(plkparent, "%04d" % (j,))
|
||||
except WindowsError:
|
||||
break
|
||||
ktype = winreg.QueryValueEx(plkkey, None)[0]
|
||||
if ktype == 'operatorURL':
|
||||
operatorURL = winreg.QueryValueEx(plkkey, 'value')[0]
|
||||
#print("Found operator URL: " + operatorURL)
|
||||
try:
|
||||
lastOperator = operatorURL.split('//')[1].split('/')[0]
|
||||
except:
|
||||
lastOperator = "Unknown"
|
||||
|
||||
elif ktype == "passHash":
|
||||
passhash_encrypted = winreg.QueryValueEx(plkkey, 'value')[0]
|
||||
names.append("ADE_key_" + lastOperator + "_" + str(int(time.time())) + "_" + str(idx))
|
||||
idx = idx + 1
|
||||
keys.append(passhash_encrypted)
|
||||
|
||||
if fp is None:
|
||||
#print("Didn't find fingerprint for decryption ...")
|
||||
return [], []
|
||||
|
||||
print("Found {0:d} passhashes".format(len(keys)))
|
||||
|
||||
keys_decrypted = []
|
||||
|
||||
for key in keys:
|
||||
decrypted = decrypt_passhash(key, fp)
|
||||
#print("Input key: " + key)
|
||||
#print("Output key: " + decrypted)
|
||||
keys_decrypted.append(decrypted)
|
||||
|
||||
return keys_decrypted, names
|
||||
|
||||
|
||||
else:
|
||||
def passhash_keys():
|
||||
raise ADEPTError("This script only supports Windows.")
|
||||
#TODO: Add MacOS support by parsing the activation.xml file.
|
||||
return [], []
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
print("This is a python calibre plugin. It can't be directly executed.")
|
Loading…
Reference in New Issue