-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdpapi.c
More file actions
79 lines (67 loc) · 2.24 KB
/
dpapi.c
File metadata and controls
79 lines (67 loc) · 2.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#include "dpapi.h"
wchar_t* string_getrandomGUID() {
UNICODE_STRING uString;
GUID guid;
HCRYPTPROV hTmpCryptProv;
wchar_t* buffer = NULL;
if (CryptAcquireContext(&hTmpCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
if (CryptGenRandom(hTmpCryptProv, sizeof(GUID), (BYTE*)&guid)) {
if (NT_SUCCESS(RtlStringFromGUID(&guid, &uString))) {
buffer = (wchar_t*)my_heapalloc(uString.MaximumLength);
if (buffer) {
my_memcpy(buffer, uString.Buffer, uString.MaximumLength);
}
myRtlFreeUnicodeString(&uString);
}
}
CryptReleaseContext(hTmpCryptProv, 0);
}
return buffer;
}
BOOL dpapi_unprotect_blob(PKULL_M_DPAPI_BLOB blob, LPCVOID masterkey, DWORD masterkeyLen, PVOID* dataOut, DWORD* dataOutLen) {
BOOL status = FALSE;
PVOID hmac, key;
HCRYPTPROV hSessionProv;
HCRYPTKEY hSessionKey;
DWORD hashLen = blob->dwAlgHashLen / 8, cryptLen = blob->dwAlgCryptLen / 8;
if (hmac = LocalAlloc(LPTR, hashLen))
{
if (kull_m_dpapi_sessionkey(masterkey, masterkeyLen, blob->pbSalt, blob->dwSaltLen, NULL, 0, NULL, 0, blob->algHash, hmac, hashLen))
{
if (key = LocalAlloc(LPTR, cryptLen))
{
if (kull_m_crypto_DeriveKeyRaw(blob->algHash, hmac, hashLen, key, cryptLen))
{
if (kull_m_crypto_hkey_session(blob->algCrypt, key, cryptLen, 0, &hSessionKey, &hSessionProv))
{
if (*dataOut = LocalAlloc(LPTR, blob->dwDataLen))
{
RtlCopyMemory(*dataOut, blob->pbData, blob->dwDataLen);
*dataOutLen = blob->dwDataLen;
status = CryptDecrypt(hSessionKey, 0, TRUE, 0, (LPBYTE)*dataOut, dataOutLen);
//if (!status){LocalFree(*dataOut);}
}
CryptDestroyKey(hSessionKey);
kull_m_crypto_close_hprov_delete_container(hSessionProv);
}
}
LocalFree(key);
}
}
LocalFree(hmac);
}
return status;
}
int dpapi_unprotect(void* data, BYTE* masterkey, DWORD masterkey_len) {
int status = 0;
//PVOID dataOut;
PKULL_M_DPAPI_BLOB blob;
blob = kull_m_dpapi_blob_create(data);
if (blob) {
if (masterkey && masterkey_len) {
status = dpapi_unprotect_blob(blob, masterkey, masterkey_len, (PVOID*)&Output.pbData, &Output.cbData);
}
kull_m_dpapi_blob_delete(blob);
}
return status;
}