:py:mod:`dissect.target.plugins.os.windows.dpapi.master_key`
============================================================

.. py:module:: dissect.target.plugins.os.windows.dpapi.master_key


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.dpapi.master_key.MasterKey
   dissect.target.plugins.os.windows.dpapi.master_key.MasterKeyFile
   dissect.target.plugins.os.windows.dpapi.master_key.CredSystem




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.dpapi.master_key.HAS_CRYPTO
   dissect.target.plugins.os.windows.dpapi.master_key.log
   dissect.target.plugins.os.windows.dpapi.master_key.master_key_def
   dissect.target.plugins.os.windows.dpapi.master_key.c_master_key


.. py:data:: HAS_CRYPTO
   :value: True

   

.. py:data:: log

   

.. py:data:: master_key_def
   :value: Multiline-String

    .. raw:: html

        <details><summary>Show Value</summary>

    .. code-block:: python

        """
        struct DomainKey {
            DWORD   dwVersion;
            DWORD   secretLen;
            DWORD   accessCheckLen;
            char    guid[16];
            char    encryptedSecret[secretLen];
            char    accessCheckLen[accessCheckLen];
        };
        
        struct CredHist {
            DWORD   dwVersion;
            char    guid[16];
        };
        
        struct MasterKey {
            DWORD   dwVersion;
            char    pSalt[16];
            DWORD   dwPBKDF2IterationCount;
            DWORD   HMACAlgId;                  // This is actually ALG_ID
            DWORD   CryptAlgId;                 // This is actually ALG_ID
            // BYTE    pKey[];
        };
        
        struct CredSystem {
            DWORD   dwRevision;
            char    pMachine[20];
            char    pUser[20];
        };
        
        struct MasterKeyFileHeader {
            DWORD   dwVersion;                  // Masterkey version. Should be 1 or 2
            DWORD   dwReserved1;
            DWORD   dwReserved2;
            WCHAR   szGuid[36];                 // GUID of master key. Should match filename
            DWORD   dwUnused1;
            DWORD   dwUnused2;
            DWORD   dwPolicy;
            QWORD   qwUserKeySize;
            QWORD   qwLocalEncKeySize;
            QWORD   qwLocalKeySize;
            QWORD   qwDomainKeySize;
        };
        """

    .. raw:: html

        </details>

   

.. py:data:: c_master_key

   

.. py:class:: MasterKey(data: bytes)


   .. py:method:: decrypt_with_hash(user_sid: str, password_hash: bytes) -> bool

      Decrypts the master key with the given user's SID and password hash.


   .. py:method:: decrypt_with_hash_10(user_sid: str, password_hash: bytes) -> bool

      Decrypts the master key with the given user's hash and SID.

      Newer version of :meth:`~MasterKey.decrypt_with_hash`


   .. py:method:: decrypt_with_password(user_sid: str, pwd: str) -> bool

      Decrypts the master key with the given user's password and SID.


   .. py:method:: decrypt_with_key(key: bytes) -> bool

      Decrypts the master key with the given encryption key.

      This function also extracts the HMAC part of the decrypted data and compares it with the computed one.

      Note that once successfully decrypted, this function turns into a no-op.



.. py:class:: MasterKeyFile(fh: BinaryIO)


   .. py:property:: decrypted
      :type: bool


   .. py:property:: key
      :type: bytes


   .. py:method:: decrypt_with_hash(user_sid: str, password_hash: bytes) -> bool

      See :meth:`MasterKey.decrypt_with_hash` and :meth:`MasterKey.decrypt_with_hash_10`.


   .. py:method:: decrypt_with_password(user_sid: str, pwd: str) -> bool

      See :meth:`MasterKey.decrypt_with_password`.


   .. py:method:: decrypt_with_key(key: bytes) -> bool

      See :meth:`MasterKey.decrypt_with_key`.



.. py:class:: CredSystem(buf: bytes)