Class: LastPass::Parser
- Inherits:
-
Object
- Object
- LastPass::Parser
- Defined in:
- lib/lastpass/parser.rb
Constant Summary collapse
- RSA_PKCS1_OAEP_PADDING =
OpenSSL constant
4
- ALLOWED_SECURE_NOTE_TYPES =
Secure note types that contain account-like information
{ "Server" => true, "Email Account" => true, "Database" => true, "Instant Messenger" => true, }
Class Method Summary collapse
-
.decode_aes256(cipher, iv, data, encryption_key) ⇒ Object
Decrypt AES-256 bytes.
-
.decode_aes256_base64_auto(data, encryption_key) ⇒ Object
Guesses AES cipher (EBC or CBD) from the length of the base64 encoded data.
-
.decode_aes256_cbc_base64(data, encryption_key) ⇒ Object
Decrypts base64 encoded AES-256 CBC bytes.
-
.decode_aes256_cbc_plain(data, encryption_key) ⇒ Object
Decrypts AES-256 CBC bytes.
-
.decode_aes256_ecb_base64(data, encryption_key) ⇒ Object
Decrypts base64 encoded AES-256 ECB bytes.
-
.decode_aes256_ecb_plain(data, encryption_key) ⇒ Object
Decrypts AES-256 ECB bytes.
-
.decode_aes256_plain_auto(data, encryption_key) ⇒ Object
Guesses AES cipher (EBC or CBD) from the length of the plain data.
-
.decode_base64(data) ⇒ Object
Decodes a base64 encoded string into raw bytes.
-
.decode_hex(data) ⇒ Object
Decodes a hex encoded string into raw bytes.
-
.extract_chunks(blob) ⇒ Object
Splits the blob into chucks grouped by kind.
-
.parse_ACCT(chunk, encryption_key) ⇒ Object
Parses an account chunk, decrypts and creates an Account object.
-
.parse_PRIK(chunk, encryption_key) ⇒ Object
Parse PRIK chunk which contains private RSA key.
- .parse_secure_note_server(notes) ⇒ Object
-
.parse_SHAR(chunk, encryption_key, rsa_key) ⇒ Object
TODO: Fake some data and make a test.
-
.read_chunk(stream) ⇒ Object
Reads one chunk from a stream and creates a Chunk object with the data read.
-
.read_id(stream) ⇒ Object
Reads a chunk ID from a stream.
-
.read_item(stream) ⇒ Object
Reads an item from a stream and returns it as a string of bytes.
-
.read_payload(stream, size) ⇒ Object
Reads a payload of a given size from a stream.
-
.read_size(stream) ⇒ Object
Reads a chunk or an item ID.
-
.read_uint32(stream) ⇒ Object
Reads an unsigned 32 bit integer from a stream.
-
.skip_item(stream) ⇒ Object
Skips an item in a stream.
Class Method Details
.decode_aes256(cipher, iv, data, encryption_key) ⇒ Object
Decrypt AES-256 bytes. Allowed ciphers are: :ecb, :cbc. If for :ecb iv is not used and should be set to “”.
277 278 279 280 281 282 283 |
# File 'lib/lastpass/parser.rb', line 277 def self.decode_aes256 cipher, iv, data, encryption_key aes = OpenSSL::Cipher::Cipher.new "aes-256-#{cipher}" aes.decrypt aes.key = encryption_key aes.iv = iv aes.update(data) + aes.final end |
.decode_aes256_base64_auto(data, encryption_key) ⇒ Object
Guesses AES cipher (EBC or CBD) from the length of the base64 encoded data.
213 214 215 216 217 218 219 220 221 222 223 |
# File 'lib/lastpass/parser.rb', line 213 def self.decode_aes256_base64_auto data, encryption_key length = data.length if length == 0 "" elsif data[0] == "!" decode_aes256_cbc_base64 data, encryption_key else decode_aes256_ecb_base64 data, encryption_key end end |
.decode_aes256_cbc_base64(data, encryption_key) ⇒ Object
Decrypts base64 encoded AES-256 CBC bytes.
257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
# File 'lib/lastpass/parser.rb', line 257 def self.decode_aes256_cbc_base64 data, encryption_key if data.empty? "" else # LastPass AES-256/CBC/base64 encryted string starts with an "!". # Next 24 bytes are the base64 encoded IV for the cipher. # Then comes the "|". # And the rest is the base64 encoded encrypted payload. # TODO: Check for input validity! decode_aes256 :cbc, decode_base64(data[1, 24]), decode_base64(data[26..-1]), encryption_key end end |
.decode_aes256_cbc_plain(data, encryption_key) ⇒ Object
Decrypts AES-256 CBC bytes.
240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 |
# File 'lib/lastpass/parser.rb', line 240 def self.decode_aes256_cbc_plain data, encryption_key if data.empty? "" else # LastPass AES-256/CBC encryted string starts with an "!". # Next 16 bytes are the IV for the cipher. # And the rest is the encrypted payload. # TODO: Check for input validity! decode_aes256 :cbc, data[1, 16], data[17..-1], encryption_key end end |
.decode_aes256_ecb_base64(data, encryption_key) ⇒ Object
Decrypts base64 encoded AES-256 ECB bytes.
235 236 237 |
# File 'lib/lastpass/parser.rb', line 235 def self.decode_aes256_ecb_base64 data, encryption_key decode_aes256_ecb_plain decode_base64(data), encryption_key end |
.decode_aes256_ecb_plain(data, encryption_key) ⇒ Object
Decrypts AES-256 ECB bytes.
226 227 228 229 230 231 232 |
# File 'lib/lastpass/parser.rb', line 226 def self.decode_aes256_ecb_plain data, encryption_key if data.empty? "" else decode_aes256 :ecb, "", data, encryption_key end end |
.decode_aes256_plain_auto(data, encryption_key) ⇒ Object
Guesses AES cipher (EBC or CBD) from the length of the plain data.
200 201 202 203 204 205 206 207 208 209 210 |
# File 'lib/lastpass/parser.rb', line 200 def self.decode_aes256_plain_auto data, encryption_key length = data.length if length == 0 "" elsif data[0] == "!" && length % 16 == 1 && length > 32 decode_aes256_cbc_plain data, encryption_key else decode_aes256_ecb_plain data, encryption_key end end |
.decode_base64(data) ⇒ Object
Decodes a base64 encoded string into raw bytes.
194 195 196 197 |
# File 'lib/lastpass/parser.rb', line 194 def self.decode_base64 data # TODO: Check for input validity! Base64.decode64 data end |
.decode_hex(data) ⇒ Object
Decodes a hex encoded string into raw bytes.
186 187 188 189 190 191 |
# File 'lib/lastpass/parser.rb', line 186 def self.decode_hex data raise ArgumentError, "Input length must be multple of 2" unless data.size % 2 == 0 raise ArgumentError, "Input contains invalid characters" unless data =~ /^[0-9a-f]*$/i data.scan(/../).map { |i| i.to_i 16 }.pack "c*" end |
.extract_chunks(blob) ⇒ Object
Splits the blob into chucks grouped by kind.
18 19 20 21 22 23 24 25 26 27 28 |
# File 'lib/lastpass/parser.rb', line 18 def self.extract_chunks blob chunks = [] StringIO.open blob.bytes do |stream| while !stream.eof? chunks.push read_chunk stream end end chunks end |
.parse_ACCT(chunk, encryption_key) ⇒ Object
Parses an account chunk, decrypts and creates an Account object. May return nil when the chunk does not represent an account. All secure notes are ACCTs but not all of them strore account information.
TODO: Make a test case that covers secure note account
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'lib/lastpass/parser.rb', line 36 def self.parse_ACCT chunk, encryption_key StringIO.open chunk.payload do |io| id = read_item io name = decode_aes256_plain_auto read_item(io), encryption_key group = decode_aes256_plain_auto read_item(io), encryption_key url = decode_hex read_item io notes = decode_aes256_plain_auto read_item(io), encryption_key 2.times { skip_item io } username = decode_aes256_plain_auto read_item(io), encryption_key password = decode_aes256_plain_auto read_item(io), encryption_key 2.times { skip_item io } secure_note = read_item io # Parse secure note if secure_note == "1" 17.times { skip_item io } secure_note_type = read_item io if !ALLOWED_SECURE_NOTE_TYPES.key? secure_note_type return nil end url, username, password = parse_secure_note_server notes end Account.new id, name, username, password, url, group end end |
.parse_PRIK(chunk, encryption_key) ⇒ Object
Parse PRIK chunk which contains private RSA key
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
# File 'lib/lastpass/parser.rb', line 66 def self.parse_PRIK chunk, encryption_key decrypted = decode_aes256 "cbc", encryption_key[0, 16], decode_hex(chunk.payload), encryption_key /^LastPassPrivateKey<(?<hex_key>.*)>LastPassPrivateKey$/ =~ decrypted asn1_encoded_all = OpenSSL::ASN1.decode decode_hex hex_key asn1_encoded_key = OpenSSL::ASN1.decode asn1_encoded_all.value[2].value rsa_key = OpenSSL::PKey::RSA.new rsa_key.n = asn1_encoded_key.value[1].value rsa_key.e = asn1_encoded_key.value[2].value rsa_key.d = asn1_encoded_key.value[3].value rsa_key.p = asn1_encoded_key.value[4].value rsa_key.q = asn1_encoded_key.value[5].value rsa_key.dmp1 = asn1_encoded_key.value[6].value rsa_key.dmq1 = asn1_encoded_key.value[7].value rsa_key.iqmp = asn1_encoded_key.value[8].value rsa_key end |
.parse_secure_note_server(notes) ⇒ Object
115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
# File 'lib/lastpass/parser.rb', line 115 def self.parse_secure_note_server notes url = nil username = nil password = nil notes.split("\n").each do |i| key, value = i.split ":", 2 case key when "Hostname" url = value when "Username" username = value when "Password" password = value end end [url, username, password] end |
.parse_SHAR(chunk, encryption_key, rsa_key) ⇒ Object
TODO: Fake some data and make a test
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'lib/lastpass/parser.rb', line 90 def self.parse_SHAR chunk, encryption_key, rsa_key StringIO.open chunk.payload do |io| id = read_item io encrypted_key = decode_hex read_item io encrypted_name = read_item io 2.times { skip_item io } key = read_item io # Shared folder encryption key might come already in pre-decrypted form, # where it's only AES encrypted with the regular encryption key. # When the key is blank, then there's a RSA encrypted key, which has to # be decrypted first before use. key = if key.empty? decode_hex rsa_key.private_decrypt(encrypted_key, RSA_PKCS1_OAEP_PADDING) else decode_hex decode_aes256_plain_auto(key, encryption_key) end name = decode_aes256_base64_auto encrypted_name, key # TODO: Return an object, not a hash {id: id, name: name, encryption_key: key} end end |
.read_chunk(stream) ⇒ Object
Reads one chunk from a stream and creates a Chunk object with the data read.
136 137 138 139 140 141 142 143 144 145 146 |
# File 'lib/lastpass/parser.rb', line 136 def self.read_chunk stream # LastPass blob chunk is made up of 4-byte ID, # big endian 4-byte size and payload of that size. # # Example: # 0000: "IDID" # 0004: 4 # 0008: 0xDE 0xAD 0xBE 0xEF # 000C: --- Next chunk --- Chunk.new read_id(stream), read_payload(stream, read_size(stream)) end |
.read_id(stream) ⇒ Object
Reads a chunk ID from a stream.
166 167 168 |
# File 'lib/lastpass/parser.rb', line 166 def self.read_id stream stream.read 4 end |
.read_item(stream) ⇒ Object
Reads an item from a stream and returns it as a string of bytes.
149 150 151 152 153 154 155 156 157 158 |
# File 'lib/lastpass/parser.rb', line 149 def self.read_item stream # An item in an itemized chunk is made up of the # big endian size and the payload of that size. # # Example: # 0000: 4 # 0004: 0xDE 0xAD 0xBE 0xEF # 0008: --- Next item --- read_payload stream, read_size(stream) end |
.read_payload(stream, size) ⇒ Object
Reads a payload of a given size from a stream.
176 177 178 |
# File 'lib/lastpass/parser.rb', line 176 def self.read_payload stream, size stream.read size end |
.read_size(stream) ⇒ Object
Reads a chunk or an item ID.
171 172 173 |
# File 'lib/lastpass/parser.rb', line 171 def self.read_size stream read_uint32 stream end |
.read_uint32(stream) ⇒ Object
Reads an unsigned 32 bit integer from a stream.
181 182 183 |
# File 'lib/lastpass/parser.rb', line 181 def self.read_uint32 stream stream.read(4).unpack("N").first end |
.skip_item(stream) ⇒ Object
Skips an item in a stream.
161 162 163 |
# File 'lib/lastpass/parser.rb', line 161 def self.skip_item stream read_item stream end |