Python tools: Print errors and usage to stderr

The concept of stderr was invented about 60 years ago.

Author: magnumripper

run/DPAPImk2john.py

@@ -548,7 +548,7 @@ def decryptWithPassword(self, userSID, pwd, context):
         if context == "domain1607-" or context == "domain":
             self.decryptWithHash(userSID, hashlib.new("md4", pwd.encode('UTF-16LE')).digest())
             if self.decrypted:
-                print("Decrypted succesfully as domain1607-")
+                print("Decrypted succesfully as domain1607-", file=sys.stderr)
                 return
         if context == "domain1607+" or context == "domain":
             SIDenc = userSID.encode("UTF-16LE")
@@ -557,7 +557,7 @@ def decryptWithPassword(self, userSID, pwd, context):
             derived = pbkdf2(derived, SIDenc, 16, 1, digest='sha256')
             self.decryptWithHash(userSID, derived)
             if self.decrypted:
-                print("Decrypted succesfully as domain1607+")
+                print("Decrypted succesfully as domain1607+", file=sys.stderr)
                 return
         if context == "local":
             self.decryptWithHash(userSID, hashlib.new("sha1", pwd.encode('UTF-16LE')).digest())
@@ -656,10 +656,10 @@ def __repr__(self):
     debug = options.debug
 
     if options.preferred and (options.masterkey or options.sid or options.context):
-        print("'Preferred' option cannot be used combined with any other, exiting.")
+        print("'Preferred' option cannot be used combined with any other, exiting.", file=sys.stderr)
         sys.exit(1)
     elif not options.preferred and not (options.masterkey and options.sid and options.context):
-        print("masterkey file, SID and context are mandatory in order to extract hash from masterkey file, exiting.")
+        print("masterkey file, SID and context are mandatory in order to extract hash from masterkey file, exiting.", file=sys.stderr)
         sys.exit(1)
     elif options.preferred:
         Preferred = open(options.preferred,'rb')

run/androidfde2john.py

@@ -140,7 +140,7 @@ def parse_footer(data):
         while True:
             footer = fh.read(CryptMntFtr.struct_size())
             if len(footer) < CryptMntFtr.struct_size():
-                print("Cannot read disk image footer")
+                print("Cannot read disk image footer", file=sys.stderr)
                 return
             idx = footer.find(b"\xC4\xB1\xB5\xD0")
             if idx == 0:
@@ -151,13 +151,12 @@ def parse_footer(data):
         crypt_ftr = CryptMntFtr(footer)
 
         if crypt_ftr.magic != CRYPT_MNT_MAGIC:
-            print(
-                    data, crypt_ftr, "Bad magic in disk image footer")
+            print(data, crypt_ftr, "Bad magic in disk image footer", file=sys.stderr)
         if crypt_ftr.major_version != 1:
             print(data, crypt_ftr,
                                 "Cannot understand major version {} in "
                                 "disk image footer".format(
-                                    crypt_ftr.major_version))
+                                    crypt_ftr.major_version), file=sys.stderr)
         if crypt_ftr.minor_version != 0:
             warn("crypto footer minor version {}, expected 0".format(
                 crypt_ftr.minor_version), UserWarning)
@@ -169,17 +168,17 @@ def parse_footer(data):
         if crypt_ftr.keysize != KEY_LEN_BYTES:
             print(data, crypt_ftr,
                                 "Keysize of {} bits not supported".format(
-                                    crypt_ftr.keysize*8))
+                                    crypt_ftr.keysize*8), file=sys.stderr)
         key = fh.read(crypt_ftr.keysize)
         if len(key) != crypt_ftr.keysize:
             print(data, crypt_ftr,
-                                "Cannot read key from disk image footer")
+                                "Cannot read key from disk image footer", file=sys.stderr)
 
         fh.seek(KEY_TO_SALT_PADDING, os.SEEK_CUR)
         salt = fh.read(SALT_LEN)
         if len(salt) != SALT_LEN:
             print(data, crypt_ftr,
-                                "Cannot read salt from disk image footer")
+                                "Cannot read salt from disk image footer", file=sys.stderr)
 
         return (crypt_ftr, key, salt)
 

run/apop2john.py

@@ -14,7 +14,7 @@
 try:
     from scapy.all import *
 except ImportError:
-    print("scapy is missing, run 'pip install --user scapy' to install it!")
+    print("scapy is missing, run 'pip install --user scapy' to install it!", file=sys.stderr)
     exit(1)
 
 from binascii import hexlify
@@ -23,7 +23,7 @@
 import re
 
 if len(argv) < 2:
-    print('Usage: ./apop2john.py <pcap files>')
+    print('Usage: ./apop2john.py <pcap files>', file=sys.stderr)
     exit(1)
 
 filenames = argv[1:]

run/authenticator2john.py

@@ -13,7 +13,7 @@
 from binascii import hexlify
 
 if len(sys.argv) < 2:
-    print('Usage: ./authenticator2john.py <authenticator.data files>')
+    print('Usage: ./authenticator2john.py <authenticator.data files>', file=sys.stderr)
     exit(1)
 
 filenames = sys.argv[1:]

run/axcrypt2john.py

@@ -98,7 +98,7 @@ def parse_axxfile(axxfile):
     sizeof_file = len(axxdata)
 
     if axxdata[:16] != GUID:
-        print("Be careful, GUID is different from AxCrypt's one...")
+        print("Be careful, GUID is different from AxCrypt's one...", file=sys.stderr)
 
     header_datalen_offset = 16
     headertype = b'\x02' # first type encountered
@@ -133,7 +133,7 @@ def parse_axxfile(axxfile):
         header_datalen_offset += header_datalen
 
         if header_datalen_offset >= sizeof_file:
-            print("Could not parse file, exiting...")
+            print("Could not parse file, exiting...", file=sys.stderr)
             sys.exit(0)
 
     return version, StructKeys[0]['KeyData'], StructKeys[0]['salt'], StructKeys[0]['Iteration'], None, None

run/bestcrypt2john.py

@@ -187,7 +187,7 @@ def process_file(filename):
     N = DATA_BLOCK_64_size
     data = f.read(N)
     if len(data) != N:
-        sys.stdout.write("%s : parsing failed\n" % filename)
+        sys.stderr.write("%s : parsing failed\n" % filename)
         return -1
 
     data = struct.unpack(DATA_BLOCK_64_fmt, data)
@@ -200,7 +200,7 @@ def process_file(filename):
     # libs/multi-lib/keygens/kgghost/datablock.cpp -> DataBlock_DecodeKey
     # libs/multi-lib/keygens/kgghost/datablock.cpp -> walkNotEncrypted
     if signature != DB_HEADER_SIGNATURE or volumeLabel != b"BC_KeyGenID":
-        print("%s: encrypted header found, not yet supported, patches welcome!" % os.path.basename(filename))
+        print("%s: encrypted header found, not yet supported, patches welcome!" % os.path.basename(filename), file=sys.stderr)
         # look at libs/multi-lib/keygens/kgghost/datablock.cpp -> DataBlock_DecodeKey
         return
 
@@ -211,20 +211,20 @@ def process_file(filename):
     else:
         resolved_version = iterations  # union of iterations and version
         if (resolved_version != 3) or wKeyGenId != kKGID:
-            print("Invalid header version %s, id %s" % (resolved_version, wKeyGenId))
+            print("Invalid header version %s, id %s" % (resolved_version, wKeyGenId), file=sys.stderr)
             return
 
     if alg_id != bcsaRIJN:
-        print("%s: cipher alg_id %s not supported, patches welcome!" % (os.path.basename(filename), alg_id))
+        print("%s: cipher alg_id %s not supported, patches welcome!" % (os.path.basename(filename), alg_id), file=sys.stderr)
         return
 
     if mode_id != kBCMode_CBC and mode_id != kBCMode_XTS:
-        print("%s: cipher mode_id %s not supported, patches welcome!" % (os.path.basename(filename), hex(mode_id)))
+        print("%s: cipher mode_id %s not supported, patches welcome!" % (os.path.basename(filename), hex(mode_id)), file=sys.stderr)
         return
 
     # handle hash_id and salt
     if hash_id != bchaWhirlpool512 and hash_id != bchaSHA256 and hash_id != pgphaSHA512:
-        print("%s: hash_id %s not supported, patches welcome!" % (os.path.basename(filename), hash_id))
+        print("%s: hash_id %s not supported, patches welcome!" % (os.path.basename(filename), hash_id), file=sys.stderr)
         return 0
     salt_size = -1
     if hash_id == bchaWhirlpool512:
@@ -236,7 +236,7 @@ def process_file(filename):
     salt = hexlify(keys[0:salt_size]).decode("ascii")  # this uses data from keys corresponding to slotnum = 0
     size, _type, param = struct.unpack(keymap_fmt, keymap[:keymap_size])  # this uses data from keymap with slotnum = 0
     if _type != kBCKeyType_Salt:
-        print("%s: internal error while processing salt, please report this problem!" % os.path.basename(filename))
+        print("%s: internal error while processing salt, please report this problem!" % os.path.basename(filename), file=sys.stderr)
         return
 
     dbsize = kBCV8_InitialDataBlockSize

run/bitlocker2john.py

@@ -60,29 +60,29 @@ def uint_to_int(b):
 def try_read_fp(fp, bytes_to_read):
     out = fp.read(bytes_to_read)
     if len(out) != bytes_to_read:
-        print("Error reading out of bounds of file, exiting.")
+        print("Error reading out of bounds of file, exiting.", file=sys.stderr)
         sys.exit(1)
 
     return out
 
 def parse_FVEK(fvek_data):
-    print("\nParsing FVEK...")
+    print("\nParsing FVEK...", file=sys.stderr)
     nonce    = fvek_data[:12]
     mac      = fvek_data[12:28]
     enc_data = fvek_data[28:]
 
-    print("Mac:", mac.hex())
-    print("Nonce:", nonce.hex())
-    print("Encrypted data:", enc_data.hex())
+    print("Mac:", mac.hex(), file=sys.stderr)
+    print("Nonce:", nonce.hex(), file=sys.stderr)
+    print("Encrypted data:", enc_data.hex(), file=sys.stderr)
 
     return nonce, mac, enc_data
 
 def parse_stretch_key(data):
-    print("\nParsing stretch key...")
+    print("\nParsing stretch key...", file=sys.stderr)
     encryption_method = hex(uint_to_int(data[0:4]))
     salt = data[4:20]
-    print("Encryption method:", encryption_method)
-    print("Salt:", salt.hex())
+    print("Encryption method:", encryption_method, file=sys.stderr)
+    print("Salt:", salt.hex(), file=sys.stderr)
     current_pos = 0
     aes_ccm_data = data[20:]
     current_pos, data, value_type = parse_fve_metadata_entry(current_pos, aes_ccm_data)
@@ -91,7 +91,7 @@ def parse_stretch_key(data):
     return salt, nonce, mac, enc_data
 
 def generate_hash(salt, nonce, mac, enc_data, protection_type):
-    print("\nFound hash!")
+    print("\nFound hash!", file=sys.stderr)
     if protection_type == 0x2000:
         versions = BITLOCKER_PASSWORD_HASH_VERSIONS
     if protection_type == 0x800:
@@ -102,29 +102,29 @@ def generate_hash(salt, nonce, mac, enc_data, protection_type):
         HASHES.append(generated_hash)
 
 def parse_aes_ccm_encrypted_key(data):
-    print("Parsing AES CCM key...")
+    print("Parsing AES CCM key...", file=sys.stderr)
     nonce, mac, enc_data = parse_FVEK(data)
     return nonce, mac, enc_data
 
 def parse_description(data):
-    print("\nParsing description...")
-    print(f"Info: {data.decode('utf-16')}")
+    print("\nParsing description...", file=sys.stderr)
+    print(f"Info: {data.decode('utf-16')}", file=sys.stderr)
     return
 
 def parse_volume_header_block(data):
-    print("\nParsing volume header block...")
+    print("\nParsing volume header block...", file=sys.stderr)
     block_offset = uint_to_int(data[0:8])
     block_size   = uint_to_int(data[8:16])
-    print(f"Block offset: {hex(block_offset)}")
-    print(f"Block size: {block_size}")
+    print(f"Block offset: {hex(block_offset)}", file=sys.stderr)
+    print(f"Block size: {block_size}", file=sys.stderr)
 
 def parse_VMK(VMK_data):
-    print("\nParsing VMK...")
+    print("\nParsing VMK...", file=sys.stderr)
     guid = hex_to_guid(VMK_data[:16].hex())
     protection_type = uint_to_int(VMK_data[26:28])
     properties = VMK_data[28:]
-    print("GUID:", guid)
-    print(f"Protection type: {hex(protection_type)} = {PROTECTION_TYPES.get(protection_type)}")
+    print("GUID:", guid, file=sys.stderr)
+    print(f"Protection type: {hex(protection_type)} = {PROTECTION_TYPES.get(protection_type)}", file=sys.stderr)
 
     # only try parse properties if correct protection type
     protection_type_str = PROTECTION_TYPES.get(protection_type)
@@ -143,7 +143,7 @@ def parse_VMK(VMK_data):
     return
 
 def parse_fve_metadata_block(block):
-    print('\nParsing FVE block...')
+    print('\nParsing FVE block...', file=sys.stderr)
     metadata_size = len(block)
 
     entry_size = uint_to_int(block[112:114])
@@ -166,16 +166,16 @@ def parse_fve_metadata_block(block):
             return
 
 def parse_fve_metadata_entry(current_pos, block):
-    print("\nParsing FVE metadata entry...")
+    print("\nParsing FVE metadata entry...", file=sys.stderr)
     entry_size = uint_to_int(block[0:2])
     entry_type = uint_to_int(block[2:4])
     value_type = uint_to_int(block[4:6])
     version = hex(uint_to_int(block[6:8]))
     data = block[8:entry_size]
 
-    print(f"Entry size: {entry_size}")
-    print(f"Entry type: {hex(entry_type)} = {FVE_ENTRY_TYPES.get(entry_type)}")
-    print(f"Value type: {hex(value_type)} = {FVE_VALUE_TYPES.get(value_type)}")
+    print(f"Entry size: {entry_size}", file=sys.stderr)
+    print(f"Entry type: {hex(entry_type)} = {FVE_ENTRY_TYPES.get(entry_type)}", file=sys.stderr)
+    print(f"Value type: {hex(value_type)} = {FVE_VALUE_TYPES.get(value_type)}", file=sys.stderr)
 
     current_pos = current_pos + entry_size
 
@@ -189,15 +189,15 @@ def parse_fve_metadata_header_data(header_data):
     return metadata_size
 
 def parse_fve_metadata_header(block):
-    print("\nParsing FVE metadata header...")
+    print("\nParsing FVE metadata header...", file=sys.stderr)
     metadata_size = uint_to_int(block[0:4])
     volume_guid = hex_to_guid(block[16:32].hex())
     nonce_counter = uint_to_int(block[32:36])
     encryption_method = hex(uint_to_int(block[36:40]))
 
-    print("Metadata size:", metadata_size)
-    print("Volume GUID:", volume_guid)
-    print("Encryption method:", encryption_method)
+    print("Metadata size:", metadata_size, file=sys.stderr)
+    print("Volume GUID:", volume_guid, file=sys.stderr)
+    print("Encryption method:", encryption_method, file=sys.stderr)
 
     return metadata_size
 
@@ -222,9 +222,9 @@ def main():
 
         header = try_read_fp(fp, 8)
         if header.decode('latin-1') not in [BITLOCKER_SIGNATURE, BITLOCKER_TO_GO_SIGNATURE]:
-            print("[!] Supplied image path is not a BitLocker partition. Try specifiying the offset of the BitLocker partition with -o")
+            print("[!] Supplied image path is not a BitLocker partition. Try specifiying the offset of the BitLocker partition with -o", file=sys.stderr)
             exit()
-        print(f'[+] BitLocker signature found: {header.decode()}')
+        print(f'[+] BitLocker signature found: {header.decode()}', file=sys.stderr)
         sector_size = uint_to_int(try_read_fp(fp, 2))
 
         if header.decode('latin-1') == BITLOCKER_SIGNATURE:
@@ -237,13 +237,13 @@ def main():
         volume_guid = hex_to_guid(volume_guid.hex())
         volume_guid_id = BITLOCKER_GUIDS.get(volume_guid)
         if volume_guid_id == None:
-            print("[!] Volume GUID not recognised. Exiting.")
+            print("[!] Volume GUID not recognised. Exiting.", file=sys.stderr)
             sys.exit(1)
-        print(f'[+] Identified volume GUID: {volume_guid} = {volume_guid_id}')
+        print(f'[+] Identified volume GUID: {volume_guid} = {volume_guid_id}', file=sys.stderr)
 
         # get FVE metadata block addresses
         FVE_metadata_offsets = [hex(uint_to_int(try_read_fp(fp, 8)) + bitlocker_offset) for _ in range(3)]
-        print(f'[+] FVE metadata info found at offsets {FVE_metadata_offsets}')
+        print(f'[+] FVE metadata info found at offsets {FVE_metadata_offsets}', file=sys.stderr)
 
         # all metadata blocks should be the same
         for f in FVE_metadata_offsets:
@@ -259,9 +259,10 @@ def main():
             break
 
     if HASHES == []:
-        print("\nNo hashes associated with the user password or recovery password found. Exiting...")
+        print("\nNo hashes associated with the user password or recovery password found. Exiting...", file=sys.stderr)
     else:
-        print("\nThe following hashes were found:")
+        if sys.stdout.isatty():
+            print("\nThe following hashes were found:")
         for bitlocker_hash in HASHES:
             print(bitlocker_hash)
 

run/ccache2john.py

@@ -745,8 +745,8 @@ def swap32(i):
 
 if __name__ == "__main__":
     if len(sys.argv) < 2:
-        print("Usage: {0} <input credential cache file>".format(sys.argv[0]))
-        print("\nExample: {0} /tmp/krb5cc_1000".format(sys.argv[0]))
+        print("Usage: {0} <input credential cache file>".format(sys.argv[0]), file=sys.stderr)
+        print("\nExample: {0} /tmp/krb5cc_1000".format(sys.argv[0]), file=sys.stderr)
         sys.exit(0)
 
     with open(sys.argv[1], 'rb') as f:
@@ -885,5 +885,5 @@ def swap32(i):
                 o.write(credential.tostring())
                 sys.exit(0)
         else:
-            print('Unknown File Type!')
+            print('Unknown File Type!', file=sys.stderr)
             sys.exit(0)