def get_hbootkey(samaddr, bootkey):
sam_account_path = ["SAM", "Domains", "Account"]
root = get_root(samaddr)
if not root: return None
sam_account_key = open_key(root, sam_account_path)
if not sam_account_key: return None
F = None
for v in values(sam_account_key):
if v.Name == 'F':
F = samaddr.read(v.Data.value, v.DataLength.value)
if not F: return None
md5 = MD5.new()
md5.update(F[0x70:0x80] + aqwerty + bootkey + anum)
rc4_key = md5.digest()
rc4 = ARC4.new(rc4_key)
hbootkey = rc4.encrypt(F[0x80:0xA0])
return hbootkey
评论列表
文章目录
