dissect.target 3.16.dev30__py3-none-any.whl → 3.16.dev31__py3-none-any.whl

dissect/target/plugins/os/unix/esxi/_os.py

@@ -4,6 +4,7 @@ import gzip
 import json
 import lzma
 import struct
+import subprocess
 from configparser import ConfigParser
 from configparser import Error as ConfigParserError
 from io import BytesIO
@@ -13,6 +14,8 @@ from defusedxml import ElementTree
 from dissect.hypervisor.util import vmtar
 from dissect.sql import sqlite3
 
+from dissect.target.helpers.fsutil import TargetPath
+
 try:
     from dissect.hypervisor.util.envelope import Envelope, KeyStore
 
@@ -217,23 +220,72 @@ def _mount_local(target: Target, local_layer: VirtualFilesystem):
         local_fs = tar.TarFilesystem(local_tgz.open())
     else:
         local_tgz_ve = target.fs.path("local.tgz.ve")
-        encryption_info = target.fs.path("encryption.info")
+        # In the case "encryption.info" does not exist, but ".#encryption.info" does
+        encryption_info = next(target.fs.path("/").glob("*encryption.info"), None)
         if not local_tgz_ve.exists() or not encryption_info.exists():
             raise ValueError("Unable to find valid configuration archive")
 
-        if HAS_ENVELOPE:
-            target.log.info("local.tgz is encrypted, attempting to decrypt")
-            envelope = Envelope(local_tgz_ve.open())
-            keystore = KeyStore.from_text(encryption_info.read_text("utf-8"))
-            local_tgz = BytesIO(envelope.decrypt(keystore.key, aad=b"ESXConfiguration"))
-            local_fs = tar.TarFilesystem(local_tgz)
-        else:
-            target.log.warning("local.tgz is encrypted but no crypto module available!")
+        local_fs = _create_local_fs(target, local_tgz_ve, encryption_info)
 
     if local_fs:
         local_layer.mount("/", local_fs)
 
 
+def _decrypt_envelope(local_tgz_ve: TargetPath, encryption_info: TargetPath) -> BinaryIO:
+    """Decrypt ``local.tgz.ve`` ourselves with hard-coded keys."""
+    envelope = Envelope(local_tgz_ve.open())
+    keystore = KeyStore.from_text(encryption_info.read_text("utf-8"))
+    local_tgz = BytesIO(envelope.decrypt(keystore.key, aad=b"ESXConfiguration"))
+    return local_tgz
+
+
+def _decrypt_crypto_util(local_tgz_ve: TargetPath) -> Optional[BytesIO]:
+    """Decrypt ``local.tgz.ve`` using ESXi ``crypto-util``.
+
+    We write to stdout, but this results in ``crypto-util`` exiting with a non-zero return code
+    and stderr containing an I/O error message. The file does get properly decrypted, so we return
+    ``None`` if there are no bytes in stdout which would indicate it actually failed.
+    """
+
+    result = subprocess.run(
+        ["crypto-util", "envelope", "extract", "--aad", "ESXConfiguration", f"/{local_tgz_ve.as_posix()}", "-"],
+        capture_output=True,
+    )
+
+    if len(result.stdout) == 0:
+        return None
+
+    return BytesIO(result.stdout)
+
+
+def _create_local_fs(
+    target: Target, local_tgz_ve: TargetPath, encryption_info: TargetPath
+) -> Optional[tar.TarFilesystem]:
+    local_tgz = None
+
+    if HAS_ENVELOPE:
+        try:
+            local_tgz = _decrypt_envelope(local_tgz_ve, encryption_info)
+        except NotImplementedError:
+            target.log.debug("Failed to decrypt %s, likely TPM encrypted", local_tgz_ve)
+    else:
+        target.log.debug("Skipping static decryption because of missing crypto module")
+
+    if not local_tgz and target.name == "local":
+        target.log.info(
+            "local.tgz is encrypted but static decryption failed, attempting dynamic decryption using crypto-util"
+        )
+        local_tgz = _decrypt_crypto_util(local_tgz_ve)
+
+        if local_tgz is None:
+            target.log.warning("Dynamic decryption of %s failed.", local_tgz_ve)
+    else:
+        target.log.warning("local.tgz is encrypted but static decryption failed and no dynamic decryption available!")
+
+    if local_tgz:
+        return tar.TarFilesystem(local_tgz)
+
+
 def _mount_filesystems(target: Target, sysvol: Filesystem, cfg: dict[str, str]):
     version = cfg["build"]
 

{dissect.target-3.16.dev30.dist-info → dissect.target-3.16.dev31.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.16.dev30
+Version: 3.16.dev31
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.16.dev30.dist-info → dissect.target-3.16.dev31.dist-info}/RECORD

@@ -201,7 +201,7 @@ dissect/target/plugins/os/unix/bsd/osx/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JC
 dissect/target/plugins/os/unix/bsd/osx/_os.py,sha256=KvP7YJ7apVwoIop7MR-8q5QbVGoB6MdR42l6ssEe6es,4081
 dissect/target/plugins/os/unix/bsd/osx/user.py,sha256=qopB0s3n7e6Q7NjWzn8Z-dKtDtU7e6In4Vm7hIvvedo,2322
 dissect/target/plugins/os/unix/esxi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/esxi/_os.py,sha256=V3HtCdlZ5gl-aUhrHhzmUwH29iMrIxZCg3l48MjdCYI,15610
+dissect/target/plugins/os/unix/esxi/_os.py,sha256=jqw71St-L_BiREai8bw27oFOrLK4_GuEDLUTK5FMGLU,17498
 dissect/target/plugins/os/unix/linux/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/linux/_os.py,sha256=YJYwuq_iAinOrPqTE49Q4DLYMWBeRCly1uTbDvPhp6Q,2796
 dissect/target/plugins/os/unix/linux/cmdline.py,sha256=XIvaTL42DzeQGhqHN_RTMI5g8hbI2_wjzb7KZ0kPOM0,1591
@@ -331,10 +331,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.16.dev30.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.16.dev30.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.16.dev30.dist-info/METADATA,sha256=oFKQeKw2Ch3n9X2N0AtdhaXzpVbvqrAp3jvpOf4ppaU,11107
-dissect.target-3.16.dev30.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-dissect.target-3.16.dev30.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.16.dev30.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.16.dev30.dist-info/RECORD,,
+dissect.target-3.16.dev31.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.16.dev31.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.16.dev31.dist-info/METADATA,sha256=bQJydAA40PRNfKgAuW4LJCissMW3rELgyfBIyapzadU,11107
+dissect.target-3.16.dev31.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+dissect.target-3.16.dev31.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.16.dev31.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.16.dev31.dist-info/RECORD,,