Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
S
slips
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
DeStream-public
slips
Commits
05b7126a
Unverified
Commit
05b7126a
authored
Feb 18, 2016
by
Pavol Rusnak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
cleanup pwdreader
parent
98357061
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
59 additions
and
53 deletions
+59
-53
pwdreader.py
slip-0016/pwdreader.py
+59
-53
No files found.
slip-0016/pwdreader.py
View file @
05b7126a
...
@@ -5,18 +5,20 @@ from trezorlib.transport_hid import HidTransport
...
@@ -5,18 +5,20 @@ from trezorlib.transport_hid import HidTransport
from
binascii
import
hexlify
,
unhexlify
from
binascii
import
hexlify
,
unhexlify
from
cryptography.hazmat.primitives.ciphers
import
Cipher
,
algorithms
,
modes
from
cryptography.hazmat.primitives.ciphers
import
Cipher
,
algorithms
,
modes
from
cryptography.hazmat.backends
import
default_backend
from
cryptography.hazmat.backends
import
default_backend
import
hmac
,
hashlib
,
base58
,
json
,
sys
import
hmac
import
hashlib
import
json
import
os
# Return path by BIP-32
#return path by BIP-32
def
getPath
():
def
getPath
():
return
client
.
expand_path
(
"10016'/0"
)
;
return
client
.
expand_path
(
"10016'/0"
)
#Deriving master key
#
Deriving master key
def
getMasterKey
():
def
getMasterKey
():
bip32_path
=
getPath
()
bip32_path
=
getPath
()
ENC_KEY
=
"Activate TREZOR Password Manager?"
ENC_KEY
=
'Activate TREZOR Password Manager?'
ENC_VALUE
=
unhexlify
(
"2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee"
)
ENC_VALUE
=
unhexlify
(
'2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee'
)
key
=
hexlify
(
client
.
encrypt_keyvalue
(
key
=
hexlify
(
client
.
encrypt_keyvalue
(
bip32_path
,
bip32_path
,
ENC_KEY
,
ENC_KEY
,
...
@@ -24,29 +26,25 @@ def getMasterKey():
...
@@ -24,29 +26,25 @@ def getMasterKey():
True
,
True
,
True
True
))
))
return
key
;
return
key
#Deriving file name and encryption key
#
Deriving file name and encryption key
def
getFileEncKey
(
key
):
def
getFileEncKey
(
key
):
filekey
,
enckey
=
key
[:
len
(
key
)
/
2
],
key
[
len
(
key
)
/
2
:]
filekey
,
enckey
=
key
[:
len
(
key
)
/
2
],
key
[
len
(
key
)
/
2
:]
FILENAME_MESS
=
"5f91add3fa1c3c76e90c90a3bd0999e2bd7833d06a483fe884ee60397aca277a"
FILENAME_MESS
=
'5f91add3fa1c3c76e90c90a3bd0999e2bd7833d06a483fe884ee60397aca277a'
digest
=
hmac
.
new
(
filekey
,
FILENAME_MESS
,
hashlib
.
sha256
)
.
hexdigest
()
digest
=
hmac
.
new
(
filekey
,
FILENAME_MESS
,
hashlib
.
sha256
)
.
hexdigest
()
filename
=
''
.
join
((
digest
,
'.pswd'
))
filename
=
''
.
join
((
digest
,
'.pswd'
))
return
[
filename
,
filekey
,
enckey
];
return
[
filename
,
filekey
,
enckey
]
#Path to locally stored file
def
getFilePath
():
return
'/home/chren/'
;
#File level decryption and file reading
#
File level decryption and file reading
def
decryptStorage
(
path
,
key
):
def
decryptStorage
(
path
,
key
):
cipherkey
=
unhexlify
(
key
)
cipherkey
=
unhexlify
(
key
)
with
open
(
path
,
"rb"
)
as
f
:
with
open
(
path
,
'rb'
)
as
f
:
iv
=
f
.
read
(
12
)
iv
=
f
.
read
(
12
)
tag
=
f
.
read
(
16
)
tag
=
f
.
read
(
16
)
cipher
=
Cipher
(
algorithms
.
AES
(
cipherkey
),
modes
.
GCM
(
iv
,
tag
),
backend
=
default_backend
())
cipher
=
Cipher
(
algorithms
.
AES
(
cipherkey
),
modes
.
GCM
(
iv
,
tag
),
backend
=
default_backend
())
decryptor
=
cipher
.
decryptor
()
decryptor
=
cipher
.
decryptor
()
data
=
""
;
data
=
''
while
True
:
while
True
:
block
=
f
.
read
(
16
)
block
=
f
.
read
(
16
)
# data are not authenticated yet
# data are not authenticated yet
...
@@ -56,7 +54,7 @@ def decryptStorage(path, key):
...
@@ -56,7 +54,7 @@ def decryptStorage(path, key):
break
break
# throws exception when the tag is wrong
# throws exception when the tag is wrong
data
=
data
+
decryptor
.
finalize
()
data
=
data
+
decryptor
.
finalize
()
return
json
.
loads
(
data
)
;
return
json
.
loads
(
data
)
def
decryptEntryValue
(
nonce
,
val
):
def
decryptEntryValue
(
nonce
,
val
):
cipherkey
=
unhexlify
(
nonce
)
cipherkey
=
unhexlify
(
nonce
)
...
@@ -64,7 +62,7 @@ def decryptEntryValue(nonce, val):
...
@@ -64,7 +62,7 @@ def decryptEntryValue(nonce, val):
tag
=
val
[
12
:
28
]
tag
=
val
[
12
:
28
]
cipher
=
Cipher
(
algorithms
.
AES
(
cipherkey
),
modes
.
GCM
(
iv
,
tag
),
backend
=
default_backend
())
cipher
=
Cipher
(
algorithms
.
AES
(
cipherkey
),
modes
.
GCM
(
iv
,
tag
),
backend
=
default_backend
())
decryptor
=
cipher
.
decryptor
()
decryptor
=
cipher
.
decryptor
()
data
=
""
;
data
=
''
inputData
=
val
[
28
:]
inputData
=
val
[
28
:]
while
True
:
while
True
:
block
=
inputData
[:
16
]
block
=
inputData
[:
16
]
...
@@ -75,11 +73,13 @@ def decryptEntryValue(nonce, val):
...
@@ -75,11 +73,13 @@ def decryptEntryValue(nonce, val):
break
break
# throws exception when the tag is wrong
# throws exception when the tag is wrong
data
=
data
+
decryptor
.
finalize
()
data
=
data
+
decryptor
.
finalize
()
return
json
.
loads
(
data
)
;
return
json
.
loads
(
data
)
#decrypt give entry nonce
#
decrypt give entry nonce
def
getDecryptedNonce
(
entry
):
def
getDecryptedNonce
(
entry
):
print
'
\n
Waiting for TREZOR input!
\n
'
print
print
'Waiting for TREZOR input ...'
print
ENC_KEY
=
''
.
join
((
'Unlock '
,
entry
[
'title'
],
' for user '
,
entry
[
'username'
],
'?'
))
ENC_KEY
=
''
.
join
((
'Unlock '
,
entry
[
'title'
],
' for user '
,
entry
[
'username'
],
'?'
))
ENC_VALUE
=
entry
[
'nonce'
]
ENC_VALUE
=
entry
[
'nonce'
]
decrypted_nonce
=
hexlify
(
client
.
decrypt_keyvalue
(
decrypted_nonce
=
hexlify
(
client
.
decrypt_keyvalue
(
...
@@ -89,61 +89,67 @@ def getDecryptedNonce(entry):
...
@@ -89,61 +89,67 @@ def getDecryptedNonce(entry):
False
,
False
,
True
True
))
))
return
decrypted_nonce
;
return
decrypted_nonce
#list whatever
# pretty print of list
def
printList
(
obj
,
val
):
def
printEntries
(
entries
):
objList
=
obj
[
val
]
print
'Password entries'
print
'
\n
'
print
'================'
print
'Entry list:'
print
for
x
in
xrange
(
len
(
objList
)):
for
k
,
v
in
entries
.
iteritems
():
keys
=
objList
[
str
(
x
)]
.
keys
()
print
'Entry id: #
%
s'
%
k
print
'Entry id '
,
x
print
'-------------'
for
y
in
xrange
(
len
(
keys
)):
for
kk
,
vv
in
v
.
iteritems
():
print
keys
[
y
],
': '
,
objList
[
str
(
x
)][
keys
[
y
]]
if
kk
in
[
'nonce'
,
'safe_note'
,
'password'
]:
continue
# skip these fields
print
'
\n
'
print
'*'
,
kk
,
': '
,
vv
return
;
print
return
def
main
():
def
main
():
print
print
'Confirm operation on TREZOR'
print
masterKey
=
getMasterKey
()
masterKey
=
getMasterKey
()
#print 'master key:
', masterKey
#print 'master key:', masterKey
fileName
=
getFileEncKey
(
masterKey
)[
0
]
fileName
=
getFileEncKey
(
masterKey
)[
0
]
#print 'file name:
', fileName
#print 'file name:', fileName
path
=
getFilePath
(
)
path
=
os
.
path
.
expanduser
(
'~/Dropbox/Apps/TREZOR Password Manager/'
)
#print 'path to file:
', path
#print 'path to file:', path
encKey
=
getFileEncKey
(
masterKey
)[
2
]
encKey
=
getFileEncKey
(
masterKey
)[
2
]
#print 'enckey:
', encKey
#print 'enckey:', encKey
full_path
=
''
.
join
((
path
,
fileName
))
full_path
=
''
.
join
((
path
,
fileName
))
parsed_json
=
decryptStorage
(
full_path
,
encKey
)
parsed_json
=
decryptStorage
(
full_path
,
encKey
)
#list entries
#list entries
printList
(
parsed_json
,
'entries'
)
entries
=
parsed_json
[
'entries'
]
entries
=
parsed_json
[
'entries'
]
printEntries
(
entries
)
entry_id
=
raw_input
(
'Select entry number to decrypt: '
)
entry_id
=
raw_input
(
'Select entry number to decrypt: '
)
entry_id
=
str
(
entry_id
)
plain_nonce
=
getDecryptedNonce
(
entries
[
str
(
entry_id
)
])
plain_nonce
=
getDecryptedNonce
(
entries
[
entry_id
])
pwdArr
=
entries
[
entry_id
][
'password'
][
'data'
]
pwdArr
=
entries
[
str
(
entry_id
)][
'password'
][
'data'
]
pwdHex
=
''
.
join
([
hex
(
x
)[
2
:]
.
zfill
(
2
)
for
x
in
pwdArr
])
pwdHex
=
''
.
join
([
hex
(
x
)[
2
:]
.
zfill
(
2
)
for
x
in
pwdArr
])
print
'password
: '
,
decryptEntryValue
(
plain_nonce
,
unhexlify
(
pwdHex
))
print
'password: '
,
decryptEntryValue
(
plain_nonce
,
unhexlify
(
pwdHex
))
safeNoteArr
=
entries
[
str
(
entry_id
)
][
'safe_note'
][
'data'
]
safeNoteArr
=
entries
[
entry_id
][
'safe_note'
][
'data'
]
safeNoteHex
=
''
.
join
([
hex
(
x
)[
2
:]
.
zfill
(
2
)
for
x
in
safeNoteArr
])
safeNoteHex
=
''
.
join
([
hex
(
x
)[
2
:]
.
zfill
(
2
)
for
x
in
safeNoteArr
])
print
'safe_note : '
,
decryptEntryValue
(
plain_nonce
,
unhexlify
(
safeNoteHex
))
print
'safe_note:'
,
decryptEntryValue
(
plain_nonce
,
unhexlify
(
safeNoteHex
))
return
;
return
if
__name__
==
"__main__"
:
if
__name__
==
'__main__'
:
try
:
try
:
# init T
rezor
transport
# init T
REZOR
transport
client
=
TrezorClient
(
HidTransport
(
HidTransport
.
enumerate
()[
0
]))
client
=
TrezorClient
(
HidTransport
(
HidTransport
.
enumerate
()[
0
]))
except
:
except
:
print
'TREZOR is not plugged in. Please, connect TREZOR and retry.'
print
'TREZOR is not plugged in. Please, connect TREZOR and retry.'
else
:
else
:
main
()
main
()
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment