dissect.target.plugins.os.windows.dpapi.blob
#
Module Contents#
Classes#
Represents a DPAPI blob. |
Attributes#
- dissect.target.plugins.os.windows.dpapi.blob.blob_def = Multiline-String#
Show Value
""" struct DPAPIBlob { DWORD dwVersion; char provider[16]; DWORD mkVersion; char guid[16]; DWORD flags; DWORD descriptionLength; char description[descriptionLength]; DWORD CipherAlgId; DWORD keyLen; DWORD saltLength; char salt[saltLength]; DWORD strongLength; char strong[strongLength]; DWORD CryptAlgId; DWORD hashLen; DWORD hmacLength; char hmac[hmacLength]; DWORD cipherTextLength; char cipherText[cipherTextLength]; DWORD signLength; char sign[signLength]; }; """
- dissect.target.plugins.os.windows.dpapi.blob.c_blob#
- class dissect.target.plugins.os.windows.dpapi.blob.Blob(data: bytes)#
Represents a DPAPI blob.
- decrypt(master_key: bytes, entropy: bytes | None = None, strong_password: str | None = None, smart_card_secret: bytes | None = None) bool #
Try to decrypt the blob with the given master key.
- Parameters:
master_key – Decrypted master key value.
entropy – Optional entropy for decrypting the blob.
strong_password – Optional password for decrypting the blob.
smart_card_secret – MS Next Gen Crypto secret (e.g. from PIN code).
- Returns:
True if decryption is succesful, False otherwise.
- __repr__() str #
Return repr(self).