diff options
| author | awuctl | 2022-08-23 16:48:54 +0000 |
|---|---|---|
| committer | awuctl | 2022-08-23 16:48:54 +0000 |
| commit | 840fb76d797319ca0542dccc92a08feb1e9a8264 (patch) | |
| tree | a22723328b0a0de267898a86ac6dd55bd6f42b82 /ticket_decode.py | |
| download | hwid-stuff-840fb76d797319ca0542dccc92a08feb1e9a8264.zip | |
initial commit
Diffstat (limited to 'ticket_decode.py')
| -rwxr-xr-x | ticket_decode.py | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/ticket_decode.py b/ticket_decode.py new file mode 100755 index 0000000..a15fa14 --- /dev/null +++ b/ticket_decode.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python + +from functools import reduce +import xml.etree.ElementTree as ET + +from base64 import b64decode + +# Microsoft really hates padding base64 +# appending "===" is just so that b64decode +# doesn't complain about it. +# It's neither valid padding nor magic. + +class Ticket: + @staticmethod + def get_properties(genAuth: ET.Element) -> str: + properties = genAuth.find('./{*}genuineProperties/{*}properties') + return properties.text + + @staticmethod + def split_keyval(x: str) -> dict: + parameters = {} + + for params in x.split(';'): + if not params or params == '\x00': + break + key_val = params.split('=') + parameters[key_val[0]] = key_val[1] + return parameters + + def __init__(self, genuine_authorization: ET.Element): + self.gen_auth = genuine_authorization + self.gen_props = genuine_authorization.find('./{*}genuineProperties') + + props = self.gen_props.find('./{*}properties').text + self.props = self.split_keyval(props) + self.props['SessionId'] = self.split_keyval(b64decode(self.props['SessionId'] + '===').decode('utf-16')) + +if __name__ == '__main__': + import argparse + + main_parser = argparse.ArgumentParser( + 'ticket_decode', + description='Print out contents of a GenuineAuthorization ticket' + ) + main_parser.add_argument('input', type=argparse.FileType('r')) + args = main_parser.parse_args() + + ticket = Ticket(ET.parse(args.input).getroot()) + + # Print out stuff + + for prop in ticket.props: + if prop == 'SessionId': + for sess_prop in ticket.props['SessionId']: + print(sess_prop, ticket.props['SessionId'][sess_prop], sep=': ') + continue + print(prop, ticket.props[prop], sep=': ')
\ No newline at end of file |