pysap.SAPCredv2 module¶

pysap.SAPCredv2.CIPHER_ALGORITHM_3DES = 0¶: Constant for 3DES encryption algorithm

pysap.SAPCredv2.CIPHER_ALGORITHM_AES256 = 1¶: Constant for AES256 encryption algorithm

class pysap.SAPCredv2.SAPCredv2(_pkt, /, *, creds=None)[source]¶

Bases: ASN1_Packet

SAP Credv2 Credential set definition

ASN1_codec = <ASN1Codec BER[1]>¶

ASN1_root = <ASN1F_SEQUENCE_OF creds>¶

aliastypes = [<class 'pysap.SAPCredv2.SAPCredv2'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]¶

fields_desc: List[AnyField] = [<ASN1F_SEQUENCE_OF creds>]¶

class pysap.SAPCredv2.SAPCredv2Cred(_pkt, /, *, cred=<SAPCredv2_Cred |>)[source]¶

Bases: ASN1_Packet

SAP Credv2 Credential definition

ASN1_codec = <ASN1Codec BER[1]>¶

ASN1_root = <pysap.utils.fields.ASN1F_CHOICE_SAFE object>¶

aliastypes = [<class 'pysap.SAPCredv2.SAPCredv2Cred'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]¶

fields_desc: List[AnyField] = [<pysap.utils.fields.ASN1F_CHOICE_SAFE object>]¶

class pysap.SAPCredv2.SAPCredv2_Cred(_pkt, /, *, cert_name=None, unknown1=None, pse_path=None, unknown2=None, cipher=None)[source]¶

Bases: ASN1_Packet

SAP Credv2 Credential without LPS definition

ASN1_codec = <ASN1Codec BER[1]>¶

ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_BIT_STRING object>)>¶

aliastypes = [<class 'pysap.SAPCredv2.SAPCredv2_Cred'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]¶

property cipher_algorithm¶

property cipher_format_version¶

property common_name¶

decrypt(username)[source]¶

Decrypt a credential given a particular username. Tries to identify the credential format and choose the decryption method to use.

Parameters:: username (string) – Username to use when decrypting
Returns:: decrypted object
Return type:: SAPCredv2_Cred_Plain

decrypt_simple(username)[source]¶

Decrypt a credential using the simple approach. It only handles 3DES. Tries to parse the decrypted object into a plain credential object type. If it fails, probably due to an invalid username use to decrypt it, raises an exception.

Parameters:: username (string) – Username to use when decrypting
Returns:: decrypted object
Return type:: SAPCredv2_Cred_Plain

decrypt_with_header(username)[source]¶

Decrypt a credential file using the header. It handles 3DES and AES256 algorithms. Tries to parse the decrypted object into a plain credential object type. If it fails, probably due to an invalid username use to decrypt it, raises an exception.

Parameters:: username (string) – Username to use when decrypting
Returns:: decrypted object
Return type:: SAPCredv2_Cred_Plain
Raises:: SAPCredv2_Decryption_Error – if there’s an error decrypting the object

derive_key(key, blob, header, username)[source]¶: Derive a key using SAP’s algorithm. The key is derived using SHA256 and xor from an initial key, a header, salt and username.

fields_desc: List[AnyField] = [<scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_BIT_STRING object>]¶

property lps_type¶

property lps_type_str¶

property pse_file_path¶

xor(string, start)[source]¶: XOR a given string using a fixed key and a starting number.

class pysap.SAPCredv2.SAPCredv2_Cred_Cipher(_pkt, /, *, version=2, algorithm=0, unknown=0, salt=None, iv=None, cipher_text=None)[source]¶

Bases: Packet

SAP Cred cipher packet. This is the header of an encrypted credential format 1. It contains all the required data to decrypt the stored credential.

aliastypes = [<class 'pysap.SAPCredv2.SAPCredv2_Cred_Cipher'>, <class 'scapy.packet.Packet'>]¶

fields_desc: List[AnyField] = [<ByteField (SAPCredv2_Cred_Cipher).version>, <ByteEnumField (SAPCredv2_Cred_Cipher).algorithm>, <ShortField (SAPCredv2_Cred_Cipher).unknown>, <StrFixedLenField (SAPCredv2_Cred_Cipher).salt>, <StrFixedLenField (SAPCredv2_Cred_Cipher).iv>, <StrField (SAPCredv2_Cred_Cipher).cipher_text>]¶

class pysap.SAPCredv2.SAPCredv2_Cred_LPS(_pkt, /, *, version=0x2 <ASN1_INTEGER[2]>, subject=[<X509_RDN rdn=[<X509_AttributeTypeAndValue |>] |>, <X509_RDN rdn=[<X509_AttributeTypeAndValue type=<ASN1_OID['organizationName']> value=<ASN1_PRINTABLE_STRING['pysap']> |>] |>, <X509_RDN rdn=[<X509_AttributeTypeAndValue type=<ASN1_OID['commonName']> value=<ASN1_PRINTABLE_STRING['pysap Default Subject']> |>] |>], pse_path=<ASN1_UTF8_STRING['']>, cipher=<ASN1_BIT_STRING[]=b'' (0 unused bit)>)[source]¶

Bases: ASN1_Packet

SAP Credv2 Credential with LPS definition

ASN1_codec = <ASN1Codec BER[1]>¶

ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <ASN1F_SEQUENCE_OF subject>, <scapy.asn1fields.ASN1F_UTF8_STRING object>, <scapy.asn1fields.ASN1F_BIT_STRING object>)>¶

aliastypes = [<class 'pysap.SAPCredv2.SAPCredv2_Cred_LPS'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]¶

property cipher_algorithm¶

property cipher_format_version¶

property common_name¶: This reassembles the issuer construction from Scapy’s X.509 Certificate class.

decrypt(username=None)[source]¶

Decrypt a credential file using LPS.

Parameters:: username (string) – Username to use when decrypting. Not used but kept to match signature
Returns:: decrypted object
Return type:: SAPCredv2_Cred_Plain

fields_desc: List[AnyField] = [<scapy.asn1fields.ASN1F_INTEGER object>, <ASN1F_SEQUENCE_OF subject>, <scapy.asn1fields.ASN1F_UTF8_STRING object>, <scapy.asn1fields.ASN1F_BIT_STRING object>]¶

get_subject()[source]¶

property lps_type¶

property lps_type_str¶

property pse_file_path¶

class pysap.SAPCredv2.SAPCredv2_Cred_Plain(_pkt, /, *, pin=None, option1=None, option2=None, option3=None)[source]¶

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>¶

ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>¶

PROVIDER_MSCryptProtect = b'MSCryptProtect'¶: Provider for Windows hosts using DPAPI

aliastypes = [<class 'pysap.SAPCredv2.SAPCredv2_Cred_Plain'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]¶

static decrypt_MSCryptProtect(plain, cred)[source]¶

Decrypts a credential using the Windows DP API. Requires the current logged-in user to have permissions to decrypt the blob stored in the credentials file.

Parameters:

plain (SAPCredv2_Cred_Plain) – plain credential extracted
cred (SAPCredv2_Cred) – credential from where the blob was extracted

Returns:

the content in the blob decrypted using the provider

Return type:

string

decrypt_provider(cred)[source]¶

Decrypts a credential file already decrypted using the specified provider. This is platform dependent.

Parameters:: cred (SAPCredv2_Cred) – credential from where the blob was extracted
Returns:: the content in the blob decrypted using the provider
Return type:: string
Raises:: Exception – if the provider is invalid or unsupported

fields_desc: List[AnyField] = [<scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_IA5_STRING object>, <scapy.asn1fields.ASN1F_IA5_STRING object>]¶

providers = {b'MSCryptProtect': <staticmethod(<function SAPCredv2_Cred_Plain.decrypt_MSCryptProtect>)>}¶: Definition of implemented providers

exception pysap.SAPCredv2.SAPCredv2_Decryption_Error[source]¶: Bases: Exception

pysap.SAPCredv2.cipher_algorithms = {0: '3DES', 1: 'AES256'}¶: Dict with encryption algorithms supported

pysap.SAPCredv2.cred_key_fmt = b'240657rsga&/%srwthgrtawe45hhtrtrsr35467b2dx3456j67mv67f89656f75'¶: Fixed key embedded in CommonCryptoLib for encrypted credentials

pysap.SAPCredv2 module¶

pysap

Navigation

Related Topics