opengnsys
/
ntfs-3g
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ntfs-3g/ntfsprogs/ntfsdecrypt.c

416 lines
9.8 KiB
C
Raw Blame History

/**
* ntfsdecrypt - Part of the Linux-NTFS project.
*
* Copyright (c) 2003 Richard Russon
* Copyright (c) 2003 Anton Altaparmakov
* Copyright (c) 2005 Yuval Fledel
*
* This utility will decrypt files and print on the standard output.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (in the main directory of the Linux-NTFS
* distribution in the file COPYING); if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "config.h"
#include <stdio.h>
#include <getopt.h>
#include <stdlib.h>
#include <string.h>
#include "types.h"
#include "attrib.h"
#include "utils.h"
#include "volume.h"
#include "debug.h"
#include "dir.h"
#include "layout.h"
#include "decrypt.h"
struct options {
char *device; /* Device/File to work with */
char *file; /* File to display */
s64 inode; /* Inode to work with */
ATTR_TYPES attr; /* Attribute type to display */
int force; /* Override common sense */
int quiet; /* Less output */
int verbose; /* Extra output */
};
static const char *EXEC_NAME = "ntfscat";
static struct options opts;
GEN_PRINTF (Eprintf, stderr, NULL, FALSE)
GEN_PRINTF (Vprintf, stderr, &opts.verbose, TRUE)
GEN_PRINTF (Qprintf, stderr, &opts.quiet, FALSE)
static GEN_PRINTF (Printf, stderr, NULL, FALSE)
static const wchar_t *efs_name = L"$EFS";
static const int efs_name_length = 4;
/**
* version - Print version information about the program
*
* Print a copyright statement and a brief description of the program.
*
* Return: none
*/
static void version (void)
{
Printf ("\n%s v%s - Concatenate files and print on the standard output.\n\n",
EXEC_NAME, VERSION);
Printf ("Copyright (c) 2003 Richard Russon\n");
Printf ("\n%s\n%s%s\n", ntfs_gpl, ntfs_bugs, ntfs_home);
}
/**
* usage - Print a list of the parameters to the program
*
* Print a list of the parameters and options for the program.
*
* Return: none
*/
static void usage (void)
{
Printf ("\nUsage: %s [options] device [file]\n\n"
" -a, --attribute num Display this attribute\n"
" -i, --inode num Display this inode\n\n"
" -f --force Use less caution\n"
" -h --help Print this help\n"
" -q --quiet Less output\n"
" -V --version Version information\n"
" -v --verbose More output\n\n",
//" -N --name Display this attribute name",
//" -F --file Display this file",
//" -r --raw Display the compressed or encrypted file",
EXEC_NAME);
Printf ("%s%s\n", ntfs_bugs, ntfs_home);
}
/**
* parse_options - Read and validate the programs command line
*
* Read the command line, verify the syntax and parse the options.
* This function is very long, but quite simple.
*
* Return: 1 Success
* 0 Error, one or more problems
*/
static int parse_options (int argc, char **argv)
{
static const char *sopt = "-a:fh?i:qVv"; // F:N:
static const struct option lopt[] = {
{ "force", no_argument, NULL, 'f' },
{ "help", no_argument, NULL, 'h' },
{ "inode", required_argument, NULL, 'i' },
{ "quiet", no_argument, NULL, 'q' },
{ "version", no_argument, NULL, 'V' },
{ "verbose", no_argument, NULL, 'v' },
// { "file", required_argument, NULL, 'F' },
// { "name", required_argument, NULL, 'N' },
{ NULL, 0, NULL, 0 }
};
char c = -1;
int err = 0;
int ver = 0;
int help = 0;
opterr = 0; /* We'll handle the errors, thank you. */
opts.inode = -1;
while ((c = getopt_long (argc, argv, sopt, lopt, NULL)) != (char)-1) {
switch (c) {
case 1: /* A non-option argument */
if (!opts.device) {
opts.device = argv[optind-1];
} else if (!opts.file) {
opts.file = argv[optind-1];
} else {
Eprintf("You must specify exactly one file.\n");
err++;
}
break;
case 'f':
opts.force++;
break;
case 'h':
case '?':
help++;
break;
case 'i':
if (opts.inode != -1)
Eprintf("You must specify exactly one inode.\n");
else if (utils_parse_size(optarg, &opts.inode, FALSE))
break;
else
Eprintf("Couldn't parse inode number.\n");
err++;
break;
case 'q':
opts.quiet++;
break;
case 'V':
ver++;
break;
case 'v':
opts.verbose++;
break;
default:
Eprintf ("Unknown option '%s'.\n", argv[optind-1]);
err++;
break;
}
}
if (help || ver) {
opts.quiet = 0;
} else {
if (opts.device == NULL) {
Eprintf ("You must specify a device.\n");
err++;
} else if (opts.file == NULL && opts.inode == -1) {
Eprintf ("You must specify a file or inode "
"with the -i option.\n");
err++;
} else if (opts.file != NULL && opts.inode != -1) {
Eprintf ("You can't specify both a file and inode.\n");
err++;
}
if (opts.quiet && opts.verbose) {
Eprintf("You may not use --quiet and --verbose at the "
"same time.\n");
err++;
}
}
if (ver)
version();
if (help || err)
usage();
return (!err && !help && !ver);
}
/**
* cat
*/
static int cat_decrypt(ntfs_inode *inode, decrypt_key *fek)
{
int bufsize = 512;
char *buffer;
ntfs_attr *attr;
s64 bytes_read, written, offset, total;
unsigned int i;
buffer = malloc (bufsize);
if (!buffer)
return 1;
attr = ntfs_attr_open (inode, AT_DATA, NULL, 0);
if (!attr) {
Eprintf ("Cannot cat a directory.\n");
free (buffer);
return 1;
}
total = attr->data_size;
// hack: make sure attr will not be commited to disk if you use this.
// clear the encrypted bit, otherwise the library won't allow reading.
NAttrClearEncrypted(attr);
// extend the size, we may need to read past the end of the stream.
attr->data_size = attr->initialized_size = attr->allocated_size;
offset = 0;
while (total>0) {
bytes_read = ntfs_attr_pread (attr, offset, 512, buffer);
if (bytes_read == -1) {
perror ("ERROR: Couldn't read file");
break;
}
if (!bytes_read)
break;
if ((i = decrypt_decrypt_sector(fek, buffer, offset))
< bytes_read) {
perror ("ERROR: Couldn't decrypt all data!");
Eprintf("%u/%lld/%lld/%lld\n", i, (long long)bytes_read,
(long long)offset, (long long)total);
break;
}
if (bytes_read > total)
bytes_read = total;
written = fwrite (buffer, 1, bytes_read, stdout);
if (written != bytes_read) {
perror ("ERROR: Couldn't output all data!");
break;
}
offset += bytes_read;
total -= bytes_read;
}
ntfs_attr_close (attr);
free (buffer);
return 0;
}
/**
* get_fek
*/
static decrypt_key *get_fek (ntfs_inode *inode)
{
ntfs_attr *na;
char *efs_buffer, *ddf, *certificate, *hash_data, *fek_buf;
u32 ddf_count, hash_size, fek_size;
unsigned int i;
decrypt_session *session;
decrypt_key *key;
/* obtain the $EFS contents */
na = ntfs_attr_open (inode, AT_LOGGED_UTILITY_STREAM,
efs_name, efs_name_length);
if (!na) {
perror("Error");
return NULL;
}
efs_buffer = malloc(na->data_size);
if (!efs_buffer) {
perror("malloc failed");
return NULL;
}
if (ntfs_attr_pread(na, 0, na->data_size, efs_buffer) !=
na->data_size) {
perror("ntfs_attr_pread failed");
free(efs_buffer);
return NULL;
}
ntfs_attr_close(na);
/* init the CryptoAPI */
if(!(session = decrypt_open())) {
perror("Could not init the cryptoAPI.");
return NULL;
}
/* iterate through the DDFs & DRFs until you obtain a key */
ddf = efs_buffer + le32_to_cpu(*(u32 *)(efs_buffer+0x40));
ddf_count = le32_to_cpu(*(u32 *)ddf);
ddf = ddf + 0x04;
for (i=0;i<ddf_count;i++) {
//Eprintf("ddf #%u.\n", i);
if (*(u32 *)(ddf+0x18))
certificate = (ddf + 0x30 +
le32_to_cpu(*(u32 *)(ddf+0x18)));
else
certificate = (ddf + 0x30);
hash_size = (unsigned int)le32_to_cpu(*(u32 *)certificate);
hash_data = certificate +
(unsigned int)le32_to_cpu(*(u32 *)(certificate+0x04));
fek_size = (unsigned int)le32_to_cpu(*(u32 *)(ddf+0x08));
fek_buf = ddf + (unsigned int)le32_to_cpu(*(u32 *)(ddf+0x0C));
if ((key = decrypt_user_key_open(session, hash_size, hash_data))) {
if ((fek_size = decrypt_decrypt(key, fek_size,
fek_buf))) {
return decrypt_make_key(session, fek_size,
fek_buf);
}
perror("error decrypting the FEK.");
decrypt_user_key_close(key);
decrypt_close(session);
errno = -1;
return NULL;
decrypt_user_key_close(key);
} else
Eprintf("Could not open key.\n");
ddf = ddf + le32_to_cpu(*(u32 *)(ddf+0x08)) +
le32_to_cpu(*(u32 *)(ddf+0x0C));
}
decrypt_close(session);
return NULL;
}
/**
* main - Begin here
*
* Start from here.
*
* Return: 0 Success, the program worked
* 1 Error, something went wrong
*/
int main (int argc, char *argv[])
{
ntfs_volume *vol;
ntfs_inode *inode;
decrypt_key *fek;
int result = 1;
if (!parse_options (argc, argv))
return 1;
utils_set_locale();
//XXX quieten errors, temporarily
vol = utils_mount_volume (opts.device, MS_RDONLY, opts.force);
if (!vol) {
perror("ERROR: couldn't mount volume");
return 1;
}
if (opts.inode != -1)
inode = ntfs_inode_open (vol, opts.inode);
else
inode = utils_pathname_to_inode (vol, NULL, opts.file);
if (!inode) {
perror("ERROR: Couldn't open inode");
return 1;
}
fek = get_fek(inode);
if (fek) {
result = cat_decrypt (inode, fek);
decrypt_user_key_close(fek);
} else {
Eprintf("Could not obtain FEK.");
result = 1;
}
ntfs_inode_close (inode);
ntfs_umount (vol, FALSE);
#if 0
if (result)
Printf ("failed\n");
else
Printf ("success\n");
#endif
return result;
}
Reference in New Issue View Git Blame Copy Permalink