Skip to content

mis-team/dpapick

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OVERVIEW

DPAPIck is a python toolkit to provide a platform-independant implementation of Microsoft's cryptography subsytem called DPAPI (Data Protection API).

It can be used either as a library or as a standalone tool.

It is also the first open-source tool that allows decryption of DPAPI structures in an offline way and, moreover, from another plateform than Windows.

It is provided with some application probes that includes the built-in logic to retreive the corresponding secrets that are protected.

REQUIREMENTS

This application has been developped and tested on python 2.7.

Probes and other tool may require other modules to be able to retreive information such as:

We also recommend the use of MoonSols Windows Memory Toolkit to convert hibernation file to usable memory dumps and be able to extract credentials from it. For more information about Moonsols products, see http://www.moonsols.com

AUTHOR

DPAPIck has initally been written by Jean-Michel Picod (dpapick@ichizoku.org) with the help from Ivan Fontarensky (ivan.fontarensky@cassidian.com) when they both worked for Airbus Defence and Space, and Elie Bursztein (dpapi@elie.im).

LICENSE

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 3 of the License.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.