pysap.SAPLPS module

class pysap.SAPLPS.SAPLPSCipher(_pkt='', post_transform=None, _internal=0, _underlayer=None, **fields)[source]

Bases: scapy.packet.Packet

SAP LPS cipher packet. This is the data stored inside an LPS encrypted blob (credential or PSE file). It contains all the required data to decrypt and validate the stored context.

Context length should be <28h Restriction length should be <400h

aliastypes = [<class 'pysap.SAPLPS.SAPLPSCipher'>, <class 'scapy.packet.Packet'>]

Decrypt a blob using LPS. Implements FALLBACK and DP methods to derive or obtain the encryption key from the one stored in the PSE/credential file and then uses that encryption key to decrypt the credential using the AES cipher.

LPS-protected PSEs/credentials are verified with both a CRC32 checksum and an HMAC. Validation of the checksum and HMAC is not implemented.


decrypted object

Return type:


  • NotImplementedError – if the LPS method is not implemented
  • SAP_LPS_Decryption_Error – if there’s an error decrypting the object

Decrypts the encryption key using the DP API. The key is encrypted using the DP API without any additional entropy.

Returns:Encryption key decrypted
Return type:string

Decrypts the encryption key using the FALLBACK method. In this method, the context string, usually “CredEncryption” or “PSEEncryption”, is encrypted using a derivation of a fixed key hardcoded in CommonCryptoLib, and used as key to encrypt the actual encryption key used in the file with the AES cipher.

Returns:Encryption key decrypted
Return type:string

Decrypts the encryption key using the TPM method.

Returns:Encryption key decrypted
Return type:string
fields_desc = [<Field (SAPLPSCipher).version>, <Field (SAPLPSCipher).lps_type>, <Field (SAPLPSCipher).context_length>, <Field (SAPLPSCipher).context>, <Field (SAPLPSCipher).restriction_length>, <Field (SAPLPSCipher).restriction>, <Field (SAPLPSCipher).encrypted_key_length>, <Field (SAPLPSCipher).encrypted_key>, <Field (SAPLPSCipher).unknown_length>, <Field (SAPLPSCipher).unknown>, <Field (SAPLPSCipher).encrypted_data_length>, <Field (SAPLPSCipher).encrypted_data>, <Field (SAPLPSCipher).hmac>, <Field (SAPLPSCipher).checksum>]
lps_types = {0: 'FALLBACK', 1: 'DPAPI', 2: 'TPM'}

LPS types

exception pysap.SAPLPS.SAPLPSDecryptionError[source]

Bases: exceptions.Exception

pysap.SAPLPS.cred_key_lps_fallback = '\xe7j\xd2\xceK\xa7\xc7\x9e\xf9y_\xa8.n\xaa\x1dv\x02.\xcd\xd7t8Q'

Fixed key embedded in CommonCryptoLib for encrypted credentials using LPS in fallback mode

pysap.SAPLPS.lps_encryption_key_decryptor = {0: <unbound method SAPLPSCipher.decrypt_encryption_key_fallback>, 1: <unbound method SAPLPSCipher.decrypt_encryption_key_dpapi>, 2: <unbound method SAPLPSCipher.decrypt_encryption_key_tpm>}

LPS encryption key decryptor functions