NTSTATUS kuhl_m_dpapi_wwan(int argc, wchar_t * argv[])
{
PBYTE pFile, hex, dataOut;
DWORD dwData, lenHex, lenDataOut;
LPWSTR dataU, dataF;
LPCWSTR infile;
PKULL_M_DPAPI_BLOB blob;
if(kull_m_string_args_byName(argc, argv, L"in", &infile, NULL))
{
if(kull_m_file_readData(infile, &pFile, &dwData))
{
if(dataU = kull_m_string_qad_ansi_to_unicode((const char *) pFile))
{
if(kull_m_string_quickxml_simplefind(dataU, L"Name", &dataF))
{
kprintf(L"Profile \'%s\'\n\n", dataF);
LocalFree(dataF);
}
if(kull_m_string_quickxml_simplefind(dataU, L"AccessString", &dataF))
{
kprintf(L" * AccessString : %s\n", dataF);
LocalFree(dataF);
}
if(kull_m_string_quickxml_simplefind(dataU, L"SubscriberID", &dataF))
{
if(kull_m_string_stringToHexBuffer(dataF, &hex, &lenHex))
{
if(blob = kull_m_dpapi_blob_create(hex))
{
kprintf(L"\n");
kull_m_dpapi_blob_descr(0, blob);
if(kuhl_m_dpapi_unprotect_raw_or_blob(hex, lenHex, NULL, argc, argv, NULL, 0, (LPVOID *) &dataOut, &lenDataOut, NULL))
{
kprintf(L" * SubscriberID : ");
kull_m_string_wprintf_hex(dataOut, lenDataOut, 0);
kprintf(L"\n");
kprintf(L"%.*s", lenDataOut / sizeof(wchar_t), dataOut);
LocalFree(dataOut);
}
kull_m_dpapi_blob_delete(blob);
}
LocalFree(hex);
}
LocalFree(dataF);
}
LocalFree(dataU);
}
LocalFree(pFile);
}
else PRINT_ERROR_AUTO(L"kull_m_file_readData");
}
else PRINT_ERROR(L"Input Wwan XML profile needed (/in:file)\n");
return STATUS_SUCCESS;
}
NTSTATUS kuhl_m_dpapi_protect(int argc, wchar_t * argv[])
{
DATA_BLOB dataIn, dataOut, dataEntropy = {0, NULL};
PKULL_M_DPAPI_BLOB blob;
PCWSTR description = NULL, szEntropy, outfile;
CRYPTPROTECT_PROMPTSTRUCT promptStructure = {sizeof(CRYPTPROTECT_PROMPTSTRUCT), CRYPTPROTECT_PROMPT_ON_PROTECT | CRYPTPROTECT_PROMPT_ON_UNPROTECT | CRYPTPROTECT_PROMPT_STRONG, NULL, MIMIKATZ}, *pPrompt;
DWORD flags = 0, outputMode = 1;
kull_m_string_args_byName(argc, argv, L"data", (PCWSTR *) &dataIn.pbData, MIMIKATZ);
kull_m_string_args_byName(argc, argv, L"description", &description, NULL);
if(kull_m_string_args_byName(argc, argv, L"entropy", &szEntropy, NULL))
kull_m_string_stringToHexBuffer(szEntropy, &dataEntropy.pbData, &dataEntropy.cbData);
if(kull_m_string_args_byName(argc, argv, L"machine", NULL, NULL))
flags |= CRYPTPROTECT_LOCAL_MACHINE;
pPrompt = kull_m_string_args_byName(argc, argv, L"prompt", NULL, NULL) ? &promptStructure : NULL;
if(kull_m_string_args_byName(argc, argv, L"c", NULL, NULL))
outputMode = 2;
kprintf(L"\ndata : %s\n", dataIn.pbData);
kprintf(L"description : %s\n", description ? description : L"");
kprintf(L"flags : "); kull_m_dpapi_displayProtectionFlags(flags); kprintf(L"\n");
kprintf(L"prompt flags: "); if(pPrompt) kull_m_dpapi_displayPromptFlags(pPrompt->dwPromptFlags); kprintf(L"\n");
kprintf(L"entropy : "); kull_m_string_wprintf_hex(dataEntropy.pbData, dataEntropy.cbData, 0); kprintf(L"\n\n");
dataIn.cbData = (DWORD) ((wcslen((PCWSTR) dataIn.pbData) + 1) * sizeof(wchar_t));
if(CryptProtectData(&dataIn, description, &dataEntropy, NULL, pPrompt, flags, &dataOut))
{
if(blob = kull_m_dpapi_blob_create(dataOut.pbData))
{
kull_m_dpapi_blob_descr(blob);
kull_m_dpapi_blob_delete(blob);
}
kprintf(L"\n");
if(kull_m_string_args_byName(argc, argv, L"out", &outfile, NULL))
{
if(kull_m_file_writeData(outfile, dataOut.pbData, dataOut.cbData))
kprintf(L"Write to file \'%s\' is OK\n", outfile);
}
else
{
kprintf(L"Blob:\n");
kull_m_string_wprintf_hex(dataOut.pbData, dataOut.cbData, outputMode | (16 << 16));
kprintf(L"\n");
}
LocalFree(dataOut.pbData);
}
else PRINT_ERROR_AUTO(L"CryptProtectData");
if(dataEntropy.pbData)
LocalFree(dataEntropy.pbData);
return STATUS_SUCCESS;
}
NTSTATUS kuhl_m_dpapi_blob(int argc, wchar_t * argv[])
{
PKULL_M_DPAPI_BLOB blob;
PBYTE buffer;
DWORD szBuffer;
if(argc && kull_m_file_readData(argv[0], &buffer, &szBuffer))
{
if(blob = kull_m_dpapi_blob_create(buffer))
{
kull_m_dpapi_blob_descr(blob);
kull_m_dpapi_blob_delete(blob);
}
LocalFree(buffer);
}
return STATUS_SUCCESS;
}
NTSTATUS kuhl_m_dpapi_unprotect(int argc, wchar_t * argv[])
{
DATA_BLOB dataIn, dataOut, dataEntropy = {0, NULL};
PKULL_M_DPAPI_BLOB blob;
PCWSTR szEntropy, outfile, infile, szMasterkey, szPassword = NULL;
PWSTR description = NULL;
CRYPTPROTECT_PROMPTSTRUCT promptStructure = {sizeof(CRYPTPROTECT_PROMPTSTRUCT), CRYPTPROTECT_PROMPT_ON_PROTECT | CRYPTPROTECT_PROMPT_ON_UNPROTECT | CRYPTPROTECT_PROMPT_STRONG, NULL, MIMIKATZ}, *pPrompt;
DWORD flags = 0;
UNICODE_STRING uString;
BOOL statusDecrypt = FALSE;
PBYTE masterkey = NULL;
DWORD masterkeyLen = 0;
if(kull_m_string_args_byName(argc, argv, L"entropy", &szEntropy, NULL))
kull_m_string_stringToHexBuffer(szEntropy, &dataEntropy.pbData, &dataEntropy.cbData);
if(kull_m_string_args_byName(argc, argv, L"machine", NULL, NULL))
flags |= CRYPTPROTECT_LOCAL_MACHINE;
pPrompt = kull_m_string_args_byName(argc, argv, L"prompt", NULL, NULL) ? &promptStructure : NULL;
if(kull_m_string_args_byName(argc, argv, L"masterkey", &szMasterkey, NULL))
kull_m_string_stringToHexBuffer(szMasterkey, &masterkey, &masterkeyLen);
kull_m_string_args_byName(argc, argv, L"password", &szPassword, NULL);
kprintf(L"\nflags : "); kull_m_dpapi_displayProtectionFlags(flags); kprintf(L"\n");
kprintf(L"prompt flags: "); if(pPrompt) kull_m_dpapi_displayPromptFlags(pPrompt->dwPromptFlags); kprintf(L"\n");
kprintf(L"entropy : "); kull_m_string_wprintf_hex(dataEntropy.pbData, dataEntropy.cbData, 0); kprintf(L"\n");
kprintf(L"masterkey : "); kull_m_string_wprintf_hex(masterkey, masterkeyLen, 0); kprintf(L"\n");
kprintf(L"password : %s\n\n", szPassword ? szPassword : L"");
if(kull_m_string_args_byName(argc, argv, L"in", &infile, NULL))
{
if(kull_m_file_readData(infile, &dataIn.pbData, &dataIn.cbData))
{
if(blob = kull_m_dpapi_blob_create(dataIn.pbData))
{
kull_m_dpapi_blob_descr(blob);
if(masterkey && masterkeyLen)
statusDecrypt = kull_m_dpapi_unprotect_blob(blob, masterkey, masterkeyLen, dataEntropy.pbData, dataEntropy.cbData, szPassword, (LPVOID *) &dataOut.pbData, &dataOut.cbData);
else
statusDecrypt = CryptUnprotectData(&dataIn, &description, &dataEntropy, NULL, pPrompt, 0, &dataOut);
if(statusDecrypt)
{
if(description)
{
kprintf(L"description : %s\n", description);
LocalFree(description);
}
if(kull_m_string_args_byName(argc, argv, L"out", &outfile, NULL))
{
if(kull_m_file_writeData(outfile, dataOut.pbData, dataOut.cbData))
kprintf(L"Write to file \'%s\' is OK\n", outfile);
}
else
{
uString.Length = uString.MaximumLength = (USHORT) dataOut.cbData;
uString.Buffer = (PWSTR) dataOut.pbData;
kprintf(L"data - ");
if((uString.Length <= USHRT_MAX) && (kull_m_string_suspectUnicodeString(&uString)))
kprintf(L"text : %s", dataOut.pbData);
else
{
kprintf(L"hex : ");
kull_m_string_wprintf_hex(dataOut.pbData, dataOut.cbData, 1 | (16 << 16));
}
kprintf(L"\n");
}
LocalFree(dataOut.pbData);
}
else if(!masterkey) PRINT_ERROR_AUTO(L"CryptUnprotectData");
kull_m_dpapi_blob_delete(blob);
}
LocalFree(dataIn.pbData);
}
}
if(dataEntropy.pbData)
LocalFree(dataEntropy.pbData);
if(masterkey)
LocalFree(masterkey);
return STATUS_SUCCESS;
}
NTSTATUS kuhl_m_dpapi_wifi(int argc, wchar_t * argv[])
{
PBYTE pFile, hex, dataOut;
DWORD dwData, lenHex, lenDataOut;
LPWSTR dataU, dataSSID, dataF, dataAuth;
LPCWSTR infile;
PKULL_M_DPAPI_BLOB blob;
if(kull_m_string_args_byName(argc, argv, L"in", &infile, NULL))
{
if(kull_m_file_readData(infile, &pFile, &dwData))
{
if(dataU = kull_m_string_qad_ansi_to_unicode((const char *) pFile))
{
if(kull_m_string_quickxml_simplefind(dataU, L"name", &dataF))
{
kprintf(L"Profile \'%s\'\n\n", dataF);
LocalFree(dataF);
}
if(kull_m_string_quickxml_simplefind(dataU, L"SSID", &dataSSID))
{
kprintf(L" * SSID ");
if(kull_m_string_quickxml_simplefind(dataSSID, L"name", &dataF))
{
kprintf(L"name : %s\n", dataF);
LocalFree(dataF);
}
else if(kull_m_string_quickxml_simplefind(dataSSID, L"hex", &dataF))
{
kprintf(L"hex : %s\n", dataF);
LocalFree(dataF);
}
else kprintf(L"?\n");
LocalFree(dataSSID);
}
if(kull_m_string_quickxml_simplefind(dataU, L"authentication", &dataAuth))
{
kprintf(L" * Authentication: %s\n", dataAuth);
if(kull_m_string_quickxml_simplefind(dataU, L"encryption", &dataF))
{
kprintf(L" * Encryption : %s\n", dataF);
LocalFree(dataF);
}
if(kull_m_string_quickxml_simplefind(dataU, L"keyMaterial", &dataF))
{
if(kull_m_string_stringToHexBuffer(dataF, &hex, &lenHex))
{
if(blob = kull_m_dpapi_blob_create(hex))
{
kprintf(L"\n");
kull_m_dpapi_blob_descr(0, blob);
if(kuhl_m_dpapi_unprotect_raw_or_blob(hex, lenHex, NULL, argc, argv, NULL, 0, (LPVOID *) &dataOut, &lenDataOut, NULL))
{
kprintf(L" * Key Material : ");
if(_wcsicmp(dataAuth, L"WEP") == 0)
{
kprintf(L"(hex) ");
kull_m_string_wprintf_hex(dataOut, lenDataOut, 0);
}
else
kprintf(L"%.*S", lenDataOut, dataOut);
kprintf(L"\n");
LocalFree(dataOut);
}
kull_m_dpapi_blob_delete(blob);
}
LocalFree(hex);
}
LocalFree(dataF);
}
LocalFree(dataAuth);
}
LocalFree(dataU);
}
LocalFree(pFile);
}
else PRINT_ERROR_AUTO(L"kull_m_file_readData");
}
else PRINT_ERROR(L"Input Wlan XML profile needed (/in:file)\n");
return STATUS_SUCCESS;
}
