Class: LastPass::Parser

Inherits:
Object
  • Object
show all
Defined in:
lib/lastpass/parser.rb

Constant Summary collapse

RSA_PKCS1_OAEP_PADDING =

OpenSSL constant

4
ACCOUNT_LIKE_SECURE_NOTE_TYPES =

Secure note types that contain account-like information

{
    "Server" => true,
    "Email Account" => true,
    "Database" => true,
    "Instant Messenger" => true,
}

Class Method Summary collapse

Class Method Details

.decode_aes256(cipher, iv, data, encryption_key) ⇒ Object

Decrypt AES-256 bytes. Allowed ciphers are: :ecb, :cbc. If for :ecb iv is not used and should be set to “”.



292
293
294
295
296
297
298
 
# File 'lib/lastpass/parser.rb', line 292

def self.decode_aes256 cipher, iv, data, encryption_key
    aes = OpenSSL::Cipher.new "aes-256-#{cipher}"
    aes.decrypt
    aes.key = encryption_key
    aes.iv = iv
    aes.update(data) + aes.final
end

.decode_aes256_base64_auto(data, encryption_key) ⇒ Object

Guesses AES cipher (EBC or CBD) from the length of the base64 encoded data.



228
229
230
231
232
233
234
235
236
237
238
 
# File 'lib/lastpass/parser.rb', line 228

def self.decode_aes256_base64_auto data, encryption_key
    length = data.length

    if length == 0
        ""
    elsif data[0] == "!"
        decode_aes256_cbc_base64 data, encryption_key
    else
        decode_aes256_ecb_base64 data, encryption_key
    end
end

.decode_aes256_cbc_base64(data, encryption_key) ⇒ Object

Decrypts base64 encoded AES-256 CBC bytes.



272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
 
# File 'lib/lastpass/parser.rb', line 272

def self.decode_aes256_cbc_base64 data, encryption_key
    if data.empty?
        ""
    else
        # LastPass AES-256/CBC/base64 encryted string starts with an "!".
        # Next 24 bytes are the base64 encoded IV for the cipher.
        # Then comes the "|".
        # And the rest is the base64 encoded encrypted payload.

        # TODO: Check for input validity!
        decode_aes256 :cbc,
                      decode_base64(data[1, 24]),
                      decode_base64(data[26..-1]),
                      encryption_key
    end
end

.decode_aes256_cbc_plain(data, encryption_key) ⇒ Object

Decrypts AES-256 CBC bytes.



255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
 
# File 'lib/lastpass/parser.rb', line 255

def self.decode_aes256_cbc_plain data, encryption_key
    if data.empty?
        ""
    else
        # LastPass AES-256/CBC encryted string starts with an "!".
        # Next 16 bytes are the IV for the cipher.
        # And the rest is the encrypted payload.

        # TODO: Check for input validity!
        decode_aes256 :cbc,
                      data[1, 16],
                      data[17..-1],
                      encryption_key
    end
end

.decode_aes256_ecb_base64(data, encryption_key) ⇒ Object

Decrypts base64 encoded AES-256 ECB bytes.



250
251
252
 
# File 'lib/lastpass/parser.rb', line 250

def self.decode_aes256_ecb_base64 data, encryption_key
    decode_aes256_ecb_plain decode_base64(data), encryption_key
end

.decode_aes256_ecb_plain(data, encryption_key) ⇒ Object

Decrypts AES-256 ECB bytes.



241
242
243
244
245
246
247
 
# File 'lib/lastpass/parser.rb', line 241

def self.decode_aes256_ecb_plain data, encryption_key
    if data.empty?
        ""
    else
        decode_aes256 :ecb, "", data, encryption_key
    end
end

.decode_aes256_plain_auto(data, encryption_key) ⇒ Object

Guesses AES cipher (EBC or CBD) from the length of the plain data.



215
216
217
218
219
220
221
222
223
224
225
 
# File 'lib/lastpass/parser.rb', line 215

def self.decode_aes256_plain_auto data, encryption_key
    length = data.length

    if length == 0
        ""
    elsif data[0] == "!" && length % 16 == 1 && length > 32
        decode_aes256_cbc_plain data, encryption_key
    else
        decode_aes256_ecb_plain data, encryption_key
    end
end

.decode_base64(data) ⇒ Object

Decodes a base64 encoded string into raw bytes.



209
210
211
212
 
# File 'lib/lastpass/parser.rb', line 209

def self.decode_base64 data
    # TODO: Check for input validity!
    Base64.decode64 data
end

.decode_hex(data) ⇒ Object

Decodes a hex encoded string into raw bytes.

Raises:

  • (ArgumentError) 


201
202
203
204
205
206
 
# File 'lib/lastpass/parser.rb', line 201

def self.decode_hex data
    raise ArgumentError, "Input length must be multple of 2" unless data.size % 2 == 0
    raise ArgumentError, "Input contains invalid characters" unless data =~ /^[0-9a-f]*$/i

    data.scan(/../).map { |i| i.to_i 16 }.pack "c*"
end

.extract_chunks(blob) ⇒ Object

Splits the blob into chucks grouped by kind.



18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/lastpass/parser.rb', line 18

def self.extract_chunks blob
    chunks = []

    StringIO.open blob.bytes do |stream|
        while !stream.eof?
            chunks.push read_chunk stream
        end
    end

    chunks
end

.parse_ACCT(chunk, encryption_key) ⇒ Object

Parses an account chunk, decrypts and creates an Account object. Returns either an Account or a Note object, in case of a generic note that doesn’t represent an account. All secure notes are ACCTs but not all of them store account information.

TODO: Make a test case that covers secure note account



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/lastpass/parser.rb', line 36

def self.parse_ACCT chunk, encryption_key
    StringIO.open chunk.payload do |io|
        id = read_item io
        name = decode_aes256_plain_auto read_item(io), encryption_key
        group = decode_aes256_plain_auto read_item(io), encryption_key
        url = decode_hex read_item io
        notes = decode_aes256_plain_auto read_item(io), encryption_key
        2.times { skip_item io }
        username = decode_aes256_plain_auto read_item(io), encryption_key
        password = decode_aes256_plain_auto read_item(io), encryption_key
        2.times { skip_item io }
        secure_note = read_item io

        # Parse secure note
        if secure_note == "1"
            parsed = parse_secure_note_server notes
            if !ACCOUNT_LIKE_SECURE_NOTE_TYPES.key? parsed[:type]
                return Note.new id, name, notes, group
            end

            url = parsed[:url] if parsed.key? :url
            username = parsed[:username] if parsed.key? :username
            password = parsed[:password] if parsed.key? :password
        end

        Account.new id, name, username, password, url, notes, group
    end
end

.parse_private_key(encrypted_private_key, encryption_key) ⇒ Object

Parse and decrypt the encrypted private RSA key



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/lastpass/parser.rb', line 92

def self.parse_private_key encrypted_private_key, encryption_key
    decrypted = decode_aes256 "cbc",
                              encryption_key[0, 16],
                              decode_hex(encrypted_private_key),
                              encryption_key

    /^LastPassPrivateKey<(?<hex_key>.*)>LastPassPrivateKey$/ =~ decrypted
    asn1_encoded_all = OpenSSL::ASN1.decode decode_hex hex_key
    asn1_encoded_key = OpenSSL::ASN1.decode asn1_encoded_all.value[2].value

    rsa_key = OpenSSL::PKey::RSA.new
    n = asn1_encoded_key.value[1].value
    e = asn1_encoded_key.value[2].value
    d = asn1_encoded_key.value[3].value
    p = asn1_encoded_key.value[4].value
    q = asn1_encoded_key.value[5].value
    dmp1 = asn1_encoded_key.value[6].value
    dmq1 = asn1_encoded_key.value[7].value
    iqmp = asn1_encoded_key.value[8].value

    if rsa_key.respond_to? :set_key
        rsa_key.set_key n, e, d
        rsa_key.set_factors p, q
        rsa_key.set_crt_params dmp1, dmq1, iqmp
    else
        rsa_key.n = n
        rsa_key.e = e
        rsa_key.d = d
        rsa_key.p = p
        rsa_key.q = q
        rsa_key.dmp1 = dmp1
        rsa_key.dmq1 = dmq1
        rsa_key.iqmp = iqmp
    end

    rsa_key
end

.parse_secure_note_server(notes) ⇒ Object 



130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
 
# File 'lib/lastpass/parser.rb', line 130

def self.parse_secure_note_server notes
    info = {}

    notes.split("\n").each do |i|
        key, value = i.split ":", 2
        case key
        when "NoteType"
            info[:type] = value
        when "Hostname"
            info[:url] = value
        when "Username"
            info[:username] = value
        when "Password"
            info[:password] = value
        end
    end

    info
end

.parse_SHAR(chunk, encryption_key, rsa_key) ⇒ Object

TODO: Fake some data and make a test



66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/lastpass/parser.rb', line 66

def self.parse_SHAR chunk, encryption_key, rsa_key
    StringIO.open chunk.payload do |io|
        id = read_item io
        encrypted_key = decode_hex read_item io
        encrypted_name = read_item io
        2.times { skip_item io }
        key = read_item io

        # Shared folder encryption key might come already in pre-decrypted form,
        # where it's only AES encrypted with the regular encryption key.
        # When the key is blank, then there's a RSA encrypted key, which has to
        # be decrypted first before use.
        key = if key.empty?
            decode_hex rsa_key.private_decrypt(encrypted_key, RSA_PKCS1_OAEP_PADDING)
        else
            decode_hex decode_aes256_plain_auto(key, encryption_key)
        end

        name = decode_aes256_base64_auto encrypted_name, key

        # TODO: Return an object, not a hash
        {id: id, name: name, encryption_key: key}
    end
end

.read_chunk(stream) ⇒ Object

Reads one chunk from a stream and creates a Chunk object with the data read.



151
152
153
154
155
156
157
158
159
160
161
 
# File 'lib/lastpass/parser.rb', line 151

def self.read_chunk stream
    # LastPass blob chunk is made up of 4-byte ID,
    # big endian 4-byte size and payload of that size.
    #
    # Example:
    #   0000: "IDID"
    #   0004: 4
    #   0008: 0xDE 0xAD 0xBE 0xEF
    #   000C: --- Next chunk ---
    Chunk.new read_id(stream), read_payload(stream, read_size(stream))
end

.read_id(stream) ⇒ Object

Reads a chunk ID from a stream.



181
182
183
 
# File 'lib/lastpass/parser.rb', line 181

def self.read_id stream
    stream.read 4
end

.read_item(stream) ⇒ Object

Reads an item from a stream and returns it as a string of bytes.



164
165
166
167
168
169
170
171
172
173
 
# File 'lib/lastpass/parser.rb', line 164

def self.read_item stream
    # An item in an itemized chunk is made up of the
    # big endian size and the payload of that size.
    #
    # Example:
    #   0000: 4
    #   0004: 0xDE 0xAD 0xBE 0xEF
    #   0008: --- Next item ---
    read_payload stream, read_size(stream)
end

.read_payload(stream, size) ⇒ Object

Reads a payload of a given size from a stream.



191
192
193
 
# File 'lib/lastpass/parser.rb', line 191

def self.read_payload stream, size
    stream.read size
end

.read_size(stream) ⇒ Object

Reads a chunk or an item ID.



186
187
188
 
# File 'lib/lastpass/parser.rb', line 186

def self.read_size stream
    read_uint32 stream
end

.read_uint32(stream) ⇒ Object

Reads an unsigned 32 bit integer from a stream.



196
197
198
 
# File 'lib/lastpass/parser.rb', line 196

def self.read_uint32 stream
    stream.read(4).unpack("N").first
end

.skip_item(stream) ⇒ Object

Skips an item in a stream.



176
177
178
 
# File 'lib/lastpass/parser.rb', line 176

def self.skip_item stream
    read_item stream
end