support multiple PEKs in Windows 2016

mikeryan · Mike Ryan · commit cb7793b37794 · 2019-04-26T09:55:04.000-07:00
__decryptHash was throwing IndexError on Windows 2016 if a hash was
encrypted with a PEK with a higher index than 0. This patch attempts to
extract all keys from the PEK list. The PEK list format was reverse
engineering by eyeball. YMMV.
diff --git a/impacket/examples/secretsdump.py b/impacket/examples/secretsdump.py
@@ -1888,8 +1888,21 @@ def __getPek(self):
                 decryptedPekList = self.PEKLIST_PLAIN(
                     self.__cryptoCommon.decryptAES(self.__bootKey, encryptedPekList['EncryptedPek'],
                                                    encryptedPekList['KeyMaterial']))
-                self.__PEK.append(decryptedPekList['DecryptedPek'][4:][:16])
-                LOG.info("PEK # 0 found and decrypted: %s", hexlify(decryptedPekList['DecryptedPek'][4:][:16]).decode('utf-8'))
+
+                # PEK list entries take the form:
+                #   index (4 byte LE int), PEK (16 byte key)
+                # the entries are in ascending order, and the list is terminated
+                # by an entry with a non-sequential index (08080808 observed)
+                pos, cur_index = 0, 0
+                while True:
+                    pek_entry = decryptedPekList['DecryptedPek'][pos:pos+20]
+                    if len(pek_entry) < 20: break # if list truncated, should not happen
+                    index, pek = unpack('<L16s', pek_entry)
+                    if index != cur_index: break # break on non-sequential index
+                    self.__PEK.append(pek)
+                    LOG.info("PEK # %d found and decrypted: %s", index, hexlify(pek).decode('utf-8'))
+                    cur_index += 1
+                    pos += 20
 
     def __removeRC4Layer(self, cryptedHash):
         md5 = hashlib.new('md5')
