pysap.SAPLPS module¶
-
class
pysap.SAPLPS.
SAPLPSCipher
(_pkt='', post_transform=None, _internal=0, _underlayer=None, **fields)[source]¶ Bases:
scapy.packet.Packet
SAP LPS cipher packet. This is the data stored inside an LPS encrypted blob (credential or PSE file). It contains all the required data to decrypt and validate the stored context.
Context length should be <28h Restriction length should be <400h
-
LPS_DPAPI
= 1¶
-
LPS_FALLBACK
= 0¶
-
LPS_TPM
= 2¶
-
aliastypes
= [<class 'pysap.SAPLPS.SAPLPSCipher'>, <class 'scapy.packet.Packet'>]¶
-
decrypt
()[source]¶ Decrypt a blob using LPS. Implements FALLBACK and DP methods to derive or obtain the encryption key from the one stored in the PSE/credential file and then uses that encryption key to decrypt the credential using the AES cipher.
LPS-protected PSEs/credentials are verified with both a CRC32 checksum and an HMAC. Validation of the checksum and HMAC is not implemented.
Returns: decrypted object
Return type: string
Raises: - NotImplementedError – if the LPS method is not implemented
- SAP_LPS_Decryption_Error – if there’s an error decrypting the object
-
decrypt_encryption_key_dpapi
()[source]¶ Decrypts the encryption key using the DP API. The key is encrypted using the DP API without any additional entropy.
Returns: Encryption key decrypted Return type: string
-
decrypt_encryption_key_fallback
()[source]¶ Decrypts the encryption key using the FALLBACK method. In this method, the context string, usually “CredEncryption” or “PSEEncryption”, is encrypted using a derivation of a fixed key hardcoded in CommonCryptoLib, and used as key to encrypt the actual encryption key used in the file with the AES cipher.
Returns: Encryption key decrypted Return type: string
-
decrypt_encryption_key_tpm
()[source]¶ Decrypts the encryption key using the TPM method.
Returns: Encryption key decrypted Return type: string
-
fields_desc
= [<Field (SAPLPSCipher).version>, <Field (SAPLPSCipher).lps_type>, <Field (SAPLPSCipher).context_length>, <Field (SAPLPSCipher).context>, <Field (SAPLPSCipher).restriction_length>, <Field (SAPLPSCipher).restriction>, <Field (SAPLPSCipher).encrypted_key_length>, <Field (SAPLPSCipher).encrypted_key>, <Field (SAPLPSCipher).unknown_length>, <Field (SAPLPSCipher).unknown>, <Field (SAPLPSCipher).encrypted_data_length>, <Field (SAPLPSCipher).encrypted_data>, <Field (SAPLPSCipher).hmac>, <Field (SAPLPSCipher).checksum>]¶
-
lps_types
= {0: 'FALLBACK', 1: 'DPAPI', 2: 'TPM'}¶ LPS types
-
-
pysap.SAPLPS.
cred_key_lps_fallback
= '\xe7j\xd2\xceK\xa7\xc7\x9e\xf9y_\xa8.n\xaa\x1dv\x02.\xcd\xd7t8Q'¶ Fixed key embedded in CommonCryptoLib for encrypted credentials using LPS in fallback mode
-
pysap.SAPLPS.
lps_encryption_key_decryptor
= {0: <unbound method SAPLPSCipher.decrypt_encryption_key_fallback>, 1: <unbound method SAPLPSCipher.decrypt_encryption_key_dpapi>, 2: <unbound method SAPLPSCipher.decrypt_encryption_key_tpm>}¶ LPS encryption key decryptor functions