#!/usr/bin/env python3
import sys
from argparse import ArgumentParser
from collections import namedtuple
from dataclasses import dataclass
from os import SEEK_SET
from struct import Struct
from sys import stderr
from typing import List
try:
from enum import auto, IntEnum, StrEnum
except ImportError:
from enum import auto, Enum, IntEnum
class StrEnum(str, Enum):
def _generate_next_value_(name, start, count, last_values):
return name.lower()
__str__ = str.__str__
__format__ = str.__format__
# consts
SIGNATURE = "$luks$"
SECTOR_SIZE = 512
# utils
def bytes_to_str(value):
"""
Convert encoded padded bytes string into str.
"""
return value.rstrip(b"\0").decode()
# pre-header
TmpHeaderPre = namedtuple(
"TmpHeaderPre",
(
"magic",
"version",
),
)
# version 1
TmpKeyVersion1 = namedtuple(
"TmpKeyVersion1",
(
"active",
"iterations",
"salt",
"material_offset",
"stripes",
),
)
@dataclass(init=False)
class KeyVersion1:
class Active(IntEnum):
ENABLED = 0x00AC71F3
DISABLED = 0x0000DEAD
ENABLED_OLD = 0xCAFE
DISABLED_OLD = 0x0000
active: Active
iterations: int
salt: bytes
af: bytes
def __init__(self, active, iterations, salt, af):
self.active = self.Active(active)
assert iterations >= 0, "key iterations cannot be less than zero"
self.iterations = iterations
self.salt = salt
self.af = af
TmpHeaderVersion1 = namedtuple(
"TmpHeaderVersion1",
(
"magic",
"version",
"cipher",
"mode",
"hash",
"payload_offset",
"key_bytes",
"digest",
"salt",
"iterations",
"uuid",
"keys",
),
)
@dataclass(init=False)
class HeaderVersion1:
MAGIC = b"LUKS\xba\xbe"
VERSION = 0x0001
class Cipher(StrEnum):
AES = auto()
TWOFISH = auto()
SERPENT = auto()
class Mode(StrEnum):
CBC_ESSIV_SHA256 = "cbc-essiv:sha256"
CBC_PLAIN = "cbc-plain"
CBC_PLAIN64 = "cbc-plain64"
XTS_PLAIN = "xts-plain"
XTS_PLAIN64 = "xts-plain64"
class Hash(StrEnum):
RIPEMD160 = auto()
SHA1 = auto()
SHA256 = auto()
SHA512 = auto()
WHIRLPOOL = auto()
class KeySize(IntEnum):
SIZE_128 = 128
SIZE_256 = 256
SIZE_512 = 512
magic: bytes
version: int
cipher: Cipher
mode: Mode
hash: Hash
payload: bytes
key_size: KeySize
digest: bytes
salt: bytes
iterations: int
uuid: str
keys: List[KeyVersion1]
def __init__(self, magic, version, cipher, mode, hash, payload, key_size, digest, salt, iterations, uuid, keys):
assert magic == self.MAGIC, "Invalid magic bytes"
self.magic = magic
assert version == self.VERSION, "Invalid version"
self.version = version
if isinstance(cipher, bytes):
try:
cipher = bytes_to_str(cipher)
except UnicodeDecodeError as e:
raise ValueError("Cannot decode cipher") from e
self.cipher = self.Cipher(cipher)
if isinstance(mode, bytes):
try:
mode = bytes_to_str(mode)
except UnicodeDecodeError as e:
raise ValueError("Cannot decode mode") from e
self.mode = self.Mode(mode)
if isinstance(hash, bytes):
try:
hash = bytes_to_str(hash)
except UnicodeDecodeError as e:
raise ValueError("Cannot decode hash") from e
self.hash = self.Hash(hash)
self.payload = payload
self.key_size = self.KeySize(key_size)
self.digest = digest
self.salt = salt
assert iterations > 0, "Iterations cannot be less or equal to zero"
self.iterations = iterations
if isinstance(uuid, bytes):
try:
uuid = bytes_to_str(uuid)
except UnicodeDecodeError as e:
raise ValueError("Cannot decode UUID") from e
self.uuid = uuid
if all(isinstance(key, tuple) for key in keys):
keys = [KeyVersion1(*key) for key in keys]
elif all(isinstance(key, dict) for key in keys):
keys = [KeyVersion1(**key) for key in keys]
assert all(isinstance(key, KeyVersion1) for key in keys), "Not a key object provided"
self.keys = keys
def extract_version1(file):
# consts
KEYS_COUNT = 8
PADDING_LENGTH = 432
PAYLOAD_SIZE = 512 # sizeof (u32) * 128
# prepare structs
key_struct = Struct(">LL32sLL")
header_struct = Struct(
">6sH32s32s32sLL20s32sL40s"
+ str(key_struct.size * KEYS_COUNT)
+ "s"
+ str(PADDING_LENGTH)
+ "x"
)
# read header
header = file.read(header_struct.size)
assert len(header) == header_struct.size, "File contains less data than needed"
# convert bytes into temporary header
header = header_struct.unpack(header)
header = TmpHeaderVersion1(*header)
# convert bytes into temporary keys
tmp_keys = [TmpKeyVersion1(*key) for key in key_struct.iter_unpack(header.keys)]
# read keys' af
keys = []
for key in tmp_keys:
file.seek(key.material_offset * SECTOR_SIZE, SEEK_SET)
af = file.read(header.key_bytes * key.stripes)
assert len(af) == (header.key_bytes * key.stripes), "File contains less data than needed"
key = KeyVersion1(key.active, key.iterations, key.salt, af)
keys.append(key)
# read payload
file.seek(header.payload_offset * SECTOR_SIZE, SEEK_SET)
payload = file.read(PAYLOAD_SIZE)
assert len(payload) == PAYLOAD_SIZE, "File contains less data than needed"
# convert into header
header = HeaderVersion1(
header.magic,
header.version,
header.cipher,
header.mode,
header.hash,
payload,
header.key_bytes * 8,
header.digest,
header.salt,
header.iterations,
header.uuid,
keys,
)
# check for any active key
for key in header.keys:
if key.active not in [KeyVersion1.Active.ENABLED, KeyVersion1.Active.ENABLED_OLD]:
continue
hash = SIGNATURE + "$".join(
map(
str,
[
header.version,
header.hash,
header.cipher,
header.mode,
int(header.key_size),
key.iterations,
key.salt.hex(),
key.af.hex(),
header.payload.hex(),
],
)
)
print(hash)
break
else:
# all keys are disabled
raise ValueError("All keys are disabled")
# main
def main(args):
# prepare parser and parse args
parser = ArgumentParser(description="luks2hashcat extraction tool")
parser.add_argument("path", type=str, help="path to LUKS container")
args = parser.parse_args(args)
# prepare struct
header_struct = Struct(">6sH")
with open(args.path, "rb") as file:
# read pre header
header = file.read(header_struct.size)
assert len(header) == header_struct.size, "File contains less data than needed"
# convert bytes into temporary pre header
header = header_struct.unpack(header)
header = TmpHeaderPre(*header)
# check magic bytes
magic_bytes = {
HeaderVersion1.MAGIC,
}
assert header.magic in magic_bytes, "Improper magic bytes"
# back to start of the file
file.seek(0, SEEK_SET)
# extract with proper function
try:
mapping = {
HeaderVersion1.VERSION: extract_version1,
}
extract = mapping[header.version]
extract(file)
except KeyError as e:
raise ValueError("Unsupported version") from e
if __name__ == "__main__":
try:
main(sys.argv[1:])
except IOError as e:
print('Error:', e.strerror, file=stderr)
except (AssertionError, ValueError) as e:
print('Error:', e, file=stderr)