dissect.target.plugins.os.windows.dpapi.blob

Module Contents

Classes

Blob	Represents a DPAPI blob.

Attributes

blob_def
c_blob

dissect.target.plugins.os.windows.dpapi.blob.blob_def = Multiline-String

Show Value

"""
struct DPAPIBlob {
    DWORD   dwVersion;
    char    provider[16];
    DWORD   mkVersion;
    char    guid[16];
    DWORD   flags;
    DWORD   descriptionLength;
    char    description[descriptionLength];
    DWORD   CipherAlgId;
    DWORD   keyLen;
    DWORD   saltLength;
    char    salt[saltLength];
    DWORD   strongLength;
    char    strong[strongLength];
    DWORD   CryptAlgId;
    DWORD   hashLen;
    DWORD   hmacLength;
    char    hmac[hmacLength];
    DWORD   cipherTextLength;
    char    cipherText[cipherTextLength];
    DWORD   signLength;
    char    sign[signLength];
};
"""

dissect.target.plugins.os.windows.dpapi.blob.c_blob

class dissect.target.plugins.os.windows.dpapi.blob.Blob(data: bytes)

Represents a DPAPI blob.

decrypt(master_key: bytes, entropy: bytes | None = None, strong_password: str | None = None, smart_card_secret: bytes | None = None) → bool

Try to decrypt the blob with the given master key.

Parameters:

• master_key – Decrypted master key value.

• entropy – Optional entropy for decrypting the blob.

• strong_password – Optional password for decrypting the blob.

• smart_card_secret – MS Next Gen Crypto secret (e.g. from PIN code).

Returns:

True if decryption is succesful, False otherwise.

__repr__() → str

Return repr(self).