-
Notifications
You must be signed in to change notification settings - Fork 9
/
ticket_decode.py
executable file
·57 lines (44 loc) · 1.79 KB
/
ticket_decode.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env python
from functools import reduce
import xml.etree.ElementTree as ET
from base64 import b64decode
# Microsoft really hates padding base64
# appending "===" is just so that b64decode
# doesn't complain about it.
# It's neither valid padding nor magic.
class Ticket:
@staticmethod
def get_properties(genAuth: ET.Element) -> str:
properties = genAuth.find('./{*}genuineProperties/{*}properties')
return properties.text
@staticmethod
def split_keyval(x: str) -> dict:
parameters = {}
for params in x.split(';'):
if not params or params == '\x00':
break
key_val = params.split('=')
parameters[key_val[0]] = key_val[1]
return parameters
def __init__(self, genuine_authorization: ET.Element):
self.gen_auth = genuine_authorization
self.gen_props = genuine_authorization.find('./{*}genuineProperties')
props = self.gen_props.find('./{*}properties').text
self.props = self.split_keyval(props)
self.props['SessionId'] = self.split_keyval(b64decode(self.props['SessionId'] + '===').decode('utf-16'))
if __name__ == '__main__':
import argparse
main_parser = argparse.ArgumentParser(
'ticket_decode',
description='Print out contents of a GenuineAuthorization ticket'
)
main_parser.add_argument('input', type=argparse.FileType('r'))
args = main_parser.parse_args()
ticket = Ticket(ET.parse(args.input).getroot())
# Print out stuff
for prop in ticket.props:
if prop == 'SessionId':
for sess_prop in ticket.props['SessionId']:
print(sess_prop, ticket.props['SessionId'][sess_prop], sep=': ')
continue
print(prop, ticket.props[prop], sep=': ')