CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/spec/lib/rex/parser/fs/bitlocker_spec.rb
Views: 11705
1


2
volume_header = [%(

3
eb58902d4656452d46532d00020800000000000000f800003f00ff008000010000000000e01f0000

4
000000000000000001000600000000000000000000000000800029000000004e4f204e414d452020

5
2020464154333220202033c98ed1bcf47b8ec18ed9bd007ca0fb7db47d8bf0ac9840740c48740eb4

6
0ebb0700cd10ebefa0fd7debe6cd16cd190000000000000000000000000000000000000000000000

7
3bd66749292ed84a8399f6a339e3d00100001002000000000000c002000000000000700300000000

8
00000000000000000000000000000000000000000000000000000000000000000000000000000000

9
000000000000000000000000000000000d0a52656d6f7665206469736b73206f72206f7468657220

10
6d656469612eff0d0a4469736b206572726f72ff0d0a507265737320616e79206b657920746f2072

11
6573746172740d0a0000000000000000000000000000000000000000000000000000000000000000

12
00000000000000000000000000000000000000000000000000000000000000000000000000000000

13
00000000000000007878787878787878787878787878787878787878787878787878787878787878

14
78787878787878787878787878787878787878787878787878787878787878787878787878787878

15
7878787878787878ffffffffffffffffffffffffffffffffffffff001f2c55aa

16
).delete("\n")].pack("H*")

17


18
fve_header = [%(

19
2d4656452d46532d3e00020004000400000020040000000000000000100000000000100200000000

20
0000c002000000000000700300000000000011020000000098030000010000003000000098030000

21
9d741575626b6a448609e461ac9c8b3b42000000008000004dbe2a92b8e4d00118000f000f000100

22
000011020000000000200000000000003e0007000200010053004500560045004e00200042004900

23
54004c004f0043004b00450052002000300031002f00300039002f0032003000310035000000e000

24
020008000100880a7dfcb963ff40a31f67e865794a263018fda4b8e4d001000000206c0000000300

25
0100011000007e237a2aefe43ace0d1a3dfe90e4d347500000000500010090de09a4b8e4d0010200

26
0000372139682c273872d1af0d7cfae5a85fe856af890c642e5ec4f195580b7fde1c00c1b01b0884

27
a432294f09d96531a3bffee92c653c6d8a4f62d7e888500000000500010090de09a4b8e4d0010300

28
00000ce9565de838333811caacb594662fddf1fbc7fd4a2792646d918196307b7305083c47ab6f32

29
f91b7b0050b98c27a2ad6bf0884306389e15aa771e7cd000020008000100e219e43f2baf3c40a275

30
ce93a895876a70799eb2b8e4d001000000025c0000000400010002200000500000000500010090de

31
09a4b8e4d0010600000013951bd6f84f1ff002c6e1080daf91ebf938b554b9dde6ceaef4a3ccce73

32
7fd526ceb00bb39233689942e31dc2f17dcb6e7f5955e880a753ecbe6661500000000500010090de

33
09a4b8e4d00107000000e2b4c5db81a0d0fc5f1a8f13a2906da7561fce73bc0be872fa450a26aa70

34
f00af575ff72e29565bd7e54cc7281f16e28c91664d69d1ac0349817f03a700003000500010090de

35
09a4b8e4d00108000000a963bb6baad0198476db06ef28cdffbbff46f2bd37e94328fb9610a63db2

36
c81a222a402801a43bb83d4c78ac349f8a0c911f8b82f4f74ed801d81911402b29351f8f1fb74135

37
928326c12c0c3e92d5ebfcba3a2e865208de579985d7f200020008000100000e3e29fa338c409d4d

38
edf0a07e3af770b7400a1d1bd1010000000822000000020001004400690073006b00500061007300

39
730077006f007200640000005c0000000300010000100000410c97f721e4203936b2da255c94f2d3

40
400000000500010060cf7a091d1bd1013f00000034912ac8588851df6a4fc4e116153484c193daab

41
d02518fa2403fd43eebeeced237fabd4fb3c6b5b8c5829e3500000000500010060cf7a091d1bd101

42
40000000490277082603ea9b968cf1b7aa599140bf33bd2580fcf501bf67fdb9ee49fc44c0adf17c

43
21f7b5435a7a75bec6601b28ce3537d2607bf52207008620000000000000000020fc02009e1b2f8b

44
5000000005000100a4c7400a1d1bd10141000000db197743fdd35661f8e332c5fcfe93324080dd41

45
63a6efbf510e99984d2c42b2b9009efb9653c83c1ff0bad8fa38c0e0e2f791de8a8211af74cf2313

46
).delete("\n")].pack("H*")

47


48
recovery_password = '657096-479369-488587-457336-698588-612986-598950-103389'

49


50
fvek_dislocker_format = [%(

51
0080923550357e1cdd9f0810773a82001fdb332a0e577d90931ea627d2df

52
355308c32f20e94d434edcf28f64798ee530cc63220bee6277e988e43638

53
be9530d70524

54
).delete("\n")].pack("H*")

55


56
###

57
#

58
# This Test class emulate the header of a bitlocker drive and the fve header

59
#

60
###

61
class BitlockerDrive

62
  def initialize(volume_header, fve_header)

63
    @volume_header = volume_header

64
    @fve_header = fve_header

65
    @offset = 0

66
  end

67


68
  def seek(offset)

69
    @offset = offset

70
  end

71


72
  def read(_size)

73
    if @offset == 0

74
      @volume_header

75
    else

76
      @fve_header

77
    end

78
  end

79
end

80


81
RSpec.describe Rex::Parser::BITLOCKER do

82
  Bitlocker = Rex::Parser::BITLOCKER.new(BitlockerDrive.new(volume_header,

83
                                                             fve_header))

84
  ##

85
  # Decrypt

86
  ##

87
  it "Extract and decrypt recovery key from recovery password" do

88
    result = Bitlocker.fvek_from_recovery_password_dislocker(recovery_password)

89
    expect(result).to eq fvek_dislocker_format

90
  end

91
end

92


93