-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathextract_master_key.ps1
34 lines (24 loc) · 1.16 KB
/
extract_master_key.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Parameters
$ScriptPath = Split-Path -Parent $MyInvocation.MyCommand.Path
$InputFilePath = Join-Path $ScriptPath "Local State"
$OutputFilePath = Join-Path $ScriptPath "master_key.txt"
# Load the necessary .NET assembly
Add-Type -AssemblyName "System.Security"
# Read the file
$localStateContent = Get-Content -Path $InputFilePath -Raw
# Use regex to find the encrypted_key value
$matchFound = $localStateContent -match '"encrypted_key"\s*:\s*"([^"]+)"'
if (-not $matchFound) {
Write-Error "Could not find 'encrypted_key' in the input file."
exit
}
$encryptedKeyBase64 = $matches[1]
# Convert the base64 string to byte array
$encryptedKeyBytes = [System.Convert]::FromBase64String($encryptedKeyBase64)
# Strip the 'DPAPI' prefix
$dpapiBytes = $encryptedKeyBytes[5..($encryptedKeyBytes.Length - 1)]
# Decrypt the bytes using DPAPI
$decryptedBytes = [System.Security.Cryptography.ProtectedData]::Unprotect($dpapiBytes, $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser)
# Write the decrypted master key to the output file
[System.IO.File]::WriteAllBytes($OutputFilePath, $decryptedBytes)
Write-Output "Master key written to $OutputFilePath"