Class: LastPass::Parser
- Inherits:
-
Object
- Object
- LastPass::Parser
- Defined in:
- lib/lastpass/parser.rb
Constant Summary collapse
- RSA_PKCS1_OAEP_PADDING =
OpenSSL constant
4
Class Method Summary collapse
-
.decode_aes256(cipher, iv, data, encryption_key) ⇒ Object
Decrypt AES-256 bytes.
-
.decode_aes256_auto(data, encryption_key) ⇒ Object
Guesses AES encoding/cipher from the length of the data.
-
.decode_aes256_cbc_base64(data, encryption_key) ⇒ Object
Decrypts base64 encoded AES-256 CBC bytes.
-
.decode_aes256_cbc_plain(data, encryption_key) ⇒ Object
Decrypts AES-256 CBC bytes.
-
.decode_aes256_ecb_base64(data, encryption_key) ⇒ Object
Decrypts base64 encoded AES-256 ECB bytes.
-
.decode_aes256_ecb_plain(data, encryption_key) ⇒ Object
Decrypts AES-256 ECB bytes.
-
.decode_base64(data) ⇒ Object
Decodes a base64 encoded string into raw bytes.
-
.decode_hex(data) ⇒ Object
Decodes a hex encoded string into raw bytes.
-
.extract_chunks(blob) ⇒ Object
Splits the blob into chucks grouped by kind.
-
.parse_ACCT(chunk, encryption_key) ⇒ Object
Parses an account chunk, decrypts and creates an Account object.
-
.parse_PRIK(chunk, encryption_key) ⇒ Object
Parse PRIK chunk which contains private RSA key.
- .parse_secure_note_server(notes) ⇒ Object
-
.parse_SHAR(chunk, encryption_key, rsa_key) ⇒ Object
TODO: Fake some data and make a test.
-
.read_chunk(stream) ⇒ Object
Reads one chunk from a stream and creates a Chunk object with the data read.
-
.read_id(stream) ⇒ Object
Reads a chunk ID from a stream.
-
.read_item(stream) ⇒ Object
Reads an item from a stream and returns it as a string of bytes.
-
.read_payload(stream, size) ⇒ Object
Reads a payload of a given size from a stream.
-
.read_size(stream) ⇒ Object
Reads a chunk or an item ID.
-
.read_uint32(stream) ⇒ Object
Reads an unsigned 32 bit integer from a stream.
-
.skip_item(stream) ⇒ Object
Skips an item in a stream.
Class Method Details
.decode_aes256(cipher, iv, data, encryption_key) ⇒ Object
Decrypt AES-256 bytes. Allowed ciphers are: :ecb, :cbc. If for :ecb iv is not used and should be set to “”.
268 269 270 271 272 273 274 |
# File 'lib/lastpass/parser.rb', line 268 def self.decode_aes256 cipher, iv, data, encryption_key aes = OpenSSL::Cipher::Cipher.new "aes-256-#{cipher}" aes.decrypt aes.key = encryption_key aes.iv = iv aes.update(data) + aes.final end |
.decode_aes256_auto(data, encryption_key) ⇒ Object
Guesses AES encoding/cipher from the length of the data. Possible combinations are:
- ciphers: AES-256 EBC, AES-256 CBC
- encodings: plain, base64
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 |
# File 'lib/lastpass/parser.rb', line 196 def self.decode_aes256_auto data, encryption_key length = data.length length16 = length % 16 length64 = length % 64 if length == 0 "" elsif length16 == 0 decode_aes256_ecb_plain data, encryption_key elsif length64 == 0 || length64 == 24 || length64 == 44 decode_aes256_ecb_base64 data, encryption_key elsif length16 == 1 decode_aes256_cbc_plain data, encryption_key elsif length64 == 6 || length64 == 26 || length64 == 50 decode_aes256_cbc_base64 data, encryption_key else raise RuntimeError, "'#{data.inspect}' doesn't seem to be AES-256 encrypted" end end |
.decode_aes256_cbc_base64(data, encryption_key) ⇒ Object
Decrypts base64 encoded AES-256 CBC bytes.
248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 |
# File 'lib/lastpass/parser.rb', line 248 def self.decode_aes256_cbc_base64 data, encryption_key if data.empty? "" else # LastPass AES-256/CBC/base64 encryted string starts with an "!". # Next 24 bytes are the base64 encoded IV for the cipher. # Then comes the "|". # And the rest is the base64 encoded encrypted payload. # TODO: Check for input validity! decode_aes256 :cbc, decode_base64(data[1, 24]), decode_base64(data[26..-1]), encryption_key end end |
.decode_aes256_cbc_plain(data, encryption_key) ⇒ Object
Decrypts AES-256 CBC bytes.
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 |
# File 'lib/lastpass/parser.rb', line 231 def self.decode_aes256_cbc_plain data, encryption_key if data.empty? "" else # LastPass AES-256/CBC encryted string starts with an "!". # Next 16 bytes are the IV for the cipher. # And the rest is the encrypted payload. # TODO: Check for input validity! decode_aes256 :cbc, data[1, 16], data[17..-1], encryption_key end end |
.decode_aes256_ecb_base64(data, encryption_key) ⇒ Object
Decrypts base64 encoded AES-256 ECB bytes.
226 227 228 |
# File 'lib/lastpass/parser.rb', line 226 def self.decode_aes256_ecb_base64 data, encryption_key decode_aes256_ecb_plain decode_base64(data), encryption_key end |
.decode_aes256_ecb_plain(data, encryption_key) ⇒ Object
Decrypts AES-256 ECB bytes.
217 218 219 220 221 222 223 |
# File 'lib/lastpass/parser.rb', line 217 def self.decode_aes256_ecb_plain data, encryption_key if data.empty? "" else decode_aes256 :ecb, "", data, encryption_key end end |
.decode_base64(data) ⇒ Object
Decodes a base64 encoded string into raw bytes.
187 188 189 190 |
# File 'lib/lastpass/parser.rb', line 187 def self.decode_base64 data # TODO: Check for input validity! Base64.decode64 data end |
.decode_hex(data) ⇒ Object
Decodes a hex encoded string into raw bytes.
179 180 181 182 183 184 |
# File 'lib/lastpass/parser.rb', line 179 def self.decode_hex data raise ArgumentError, "Input length must be multple of 2" unless data.size % 2 == 0 raise ArgumentError, "Input contains invalid characters" unless data =~ /^[0-9a-f]*$/i data.scan(/../).map { |i| i.to_i 16 }.pack "c*" end |
.extract_chunks(blob) ⇒ Object
Splits the blob into chucks grouped by kind.
10 11 12 13 14 15 16 17 18 19 20 |
# File 'lib/lastpass/parser.rb', line 10 def self.extract_chunks blob chunks = [] StringIO.open blob.bytes do |stream| while !stream.eof? chunks.push read_chunk stream end end chunks end |
.parse_ACCT(chunk, encryption_key) ⇒ Object
Parses an account chunk, decrypts and creates an Account object. May return nil when the chunk does not represent an account. All secure notes are ACCTs but not all of them strore account information.
TODO: Make a test case that covers secure note account
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/lastpass/parser.rb', line 28 def self.parse_ACCT chunk, encryption_key StringIO.open chunk.payload do |io| id = read_item io name = decode_aes256_auto read_item(io), encryption_key group = decode_aes256_auto read_item(io), encryption_key url = decode_hex read_item io notes = decode_aes256_auto read_item(io), encryption_key 2.times { skip_item io } username = decode_aes256_auto read_item(io), encryption_key password = decode_aes256_auto read_item(io), encryption_key 2.times { skip_item io } secure_note = read_item io # Parse secure note if secure_note == "1" 17.times { skip_item io } secure_note_type = read_item io # Only "Server" secure note stores account information if secure_note_type != "Server" return nil end url, username, password = parse_secure_note_server notes end Account.new id, name, username, password, url, group end end |
.parse_PRIK(chunk, encryption_key) ⇒ Object
Parse PRIK chunk which contains private RSA key
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/lastpass/parser.rb', line 59 def self.parse_PRIK chunk, encryption_key decrypted = decode_aes256 "cbc", encryption_key[0, 16], decode_hex(chunk.payload), encryption_key /^LastPassPrivateKey<(?<hex_key>.*)>LastPassPrivateKey$/ =~ decrypted asn1_encoded_all = OpenSSL::ASN1.decode decode_hex hex_key asn1_encoded_key = OpenSSL::ASN1.decode asn1_encoded_all.value[2].value rsa_key = OpenSSL::PKey::RSA.new rsa_key.n = asn1_encoded_key.value[1].value rsa_key.e = asn1_encoded_key.value[2].value rsa_key.d = asn1_encoded_key.value[3].value rsa_key.p = asn1_encoded_key.value[4].value rsa_key.q = asn1_encoded_key.value[5].value rsa_key.dmp1 = asn1_encoded_key.value[6].value rsa_key.dmq1 = asn1_encoded_key.value[7].value rsa_key.iqmp = asn1_encoded_key.value[8].value rsa_key end |
.parse_secure_note_server(notes) ⇒ Object
108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 |
# File 'lib/lastpass/parser.rb', line 108 def self.parse_secure_note_server notes url = nil username = nil password = nil notes.split("\n").each do |i| key, value = i.split ":", 2 case key when "Hostname" url = value when "Username" username = value when "Password" password = value end end [url, username, password] end |
.parse_SHAR(chunk, encryption_key, rsa_key) ⇒ Object
TODO: Fake some data and make a test
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'lib/lastpass/parser.rb', line 83 def self.parse_SHAR chunk, encryption_key, rsa_key StringIO.open chunk.payload do |io| id = read_item io encrypted_key = decode_hex read_item io encrypted_name = read_item io 2.times { skip_item io } key = read_item io # Shared folder encryption key might come already in pre-decrypted form, # where it's only AES encrypted with the regular encryption key. # When the key is blank, then there's a RSA encrypted key, which has to # be decrypted first before use. key = if key.empty? decode_hex rsa_key.private_decrypt(encrypted_key, RSA_PKCS1_OAEP_PADDING) else decode_hex decode_aes256_auto(key, encryption_key) end name = decode_aes256_auto encrypted_name, key # TODO: Return an object, not a hash {id: id, name: name, encryption_key: key} end end |
.read_chunk(stream) ⇒ Object
Reads one chunk from a stream and creates a Chunk object with the data read.
129 130 131 132 133 134 135 136 137 138 139 |
# File 'lib/lastpass/parser.rb', line 129 def self.read_chunk stream # LastPass blob chunk is made up of 4-byte ID, # big endian 4-byte size and payload of that size. # # Example: # 0000: "IDID" # 0004: 4 # 0008: 0xDE 0xAD 0xBE 0xEF # 000C: --- Next chunk --- Chunk.new read_id(stream), read_payload(stream, read_size(stream)) end |
.read_id(stream) ⇒ Object
Reads a chunk ID from a stream.
159 160 161 |
# File 'lib/lastpass/parser.rb', line 159 def self.read_id stream stream.read 4 end |
.read_item(stream) ⇒ Object
Reads an item from a stream and returns it as a string of bytes.
142 143 144 145 146 147 148 149 150 151 |
# File 'lib/lastpass/parser.rb', line 142 def self.read_item stream # An item in an itemized chunk is made up of the # big endian size and the payload of that size. # # Example: # 0000: 4 # 0004: 0xDE 0xAD 0xBE 0xEF # 0008: --- Next item --- read_payload stream, read_size(stream) end |
.read_payload(stream, size) ⇒ Object
Reads a payload of a given size from a stream.
169 170 171 |
# File 'lib/lastpass/parser.rb', line 169 def self.read_payload stream, size stream.read size end |
.read_size(stream) ⇒ Object
Reads a chunk or an item ID.
164 165 166 |
# File 'lib/lastpass/parser.rb', line 164 def self.read_size stream read_uint32 stream end |
.read_uint32(stream) ⇒ Object
Reads an unsigned 32 bit integer from a stream.
174 175 176 |
# File 'lib/lastpass/parser.rb', line 174 def self.read_uint32 stream stream.read(4).unpack("N").first end |
.skip_item(stream) ⇒ Object
Skips an item in a stream.
154 155 156 |
# File 'lib/lastpass/parser.rb', line 154 def self.skip_item stream read_item stream end |