Calculated MAC did not match anticipated MAC

[remivern]

Hello, Thanks for this interesting job! I was not there during the presentation and this may explain my question ;-)

With ADFSDump, I extracted the Encrypted Signing Key (Encrypted_pfx) from the database in this format: AAAAAQAAAAA.... And the DKM Private Key in this format 9F-D2-85-5F-D6-EF-D9-15-22-21-EC-5E-45-9E-5C-DF-25-BB-0B-B4-....

I understand that i need to convert both in bin format. The first one from base 64. But I dont kwow for the second one (The DKM Key)...?

I think this is my problem because when i tried to lauch python3 ADFSpoof.py -b pfx.bin key.txt dump i encounter the Calculated MAC did not match anticipated MAC error.

I will really appreciate your help.

Rémi

[dmb2168]

The DKM key is output as hexidecimal encoded bytes separated by a "dash" character. Easiest way is probably to use your favorite hex editor and just paste in the bytes (all content except for the - characters)

e.g. in a hex editor key.bin would look like:

key.bin

9FD2855FD6EFD9152221EC5E...

[remivern]

Hello, Thanks for your answer !

I tried several things (hexadecimal, etc..) and I still have an incorrect result: Calculated MAC did not match anticipated MAC error:

Calculated MAC did not match anticipated MAC Calculated MAC: b'\xce\xaf+\xacL\x0f\xa2\x1a\xf0\xcck\x06\x0f\xb2x\x16\x89\xbb\x02\xf2\xc6k\xc8\xfdgx\x8b\x15\xf6\xf8\xc8\xf2' Expected MAC: b'+\x97\xbe\xb5m\xc0\xe5w\xa7\xf0kQ\xd7\xdd$\xf7S\xdd\x87\x10\xb1Cqk\xe3\xea\xa0\xb1\x1c\xc3\xcf\xd0'

Do you know why? :-O My test environnement generated files are here: https://fido.vernier.me/rv/

Thanks again for your help ;-)

[dmb2168]

I just tested this with my own code and I'm able to decrypt the EncryptedPFX into a usable certificate.

When you are running the code are you supplying the base64 decoded version of EncryptedPFX? The code expects the EncrytedPFX blob to be binary data - so you need to Base64 decode what is output by ADFSDump. Let me know if that is unclear

[morRubin]

I also encounter the same problem. I used the output @remivern published and i got the attached files i decoded the base64 of EncryptedPFX and saved it as binary (with python base64.b64decode(the_data_from_adfsdump), i took the DKM key and replaced every "-" with empty string and saved it to binary file with binascii.unhexlify(key_without_dash).

what am i doing wrong?

enc.txt key.txt

[MukundaK]

I also encounter the same problem. I used the output @remivern published and i got the attached files i decoded the base64 of EncryptedPFX and saved it as binary (with python base64.b64decode(the_data_from_adfsdump), i took the DKM key and replaced every "-" with empty string and saved it to binary file with binascii.unhexlify(key_without_dash).

what am i doing wrong?

enc.txt key.txt

Did you install the custom cryptography that is needed ? that should solve the issue. https://github.com/dmb2168/cryptography

[i-nino]

Experiencing identical issue. @MukundaK Could you please be more specific about how one would go about installing that specific cryptography library. All they mention there is to pip install it directly, and the requirements.txt file fails when trying to identify the specific one you need.

[i-nino]

Is this project even still maintained? It's kind of amazing, that in order to use a 'quick' Python tool, I have to manually install and compile a C project - OpenSSL (which is of course failing, btw) - and go around this 'workaround' in order to get it to function properly. Putting an emoji and 'blaming' Windows is a nice way to show your incompetence. There's no way you could have accounted for this yourself, before releasing it publicly? And this is a tool specifically designed for Windows but requires a Python dependency? Can anyone please point me to a similar tool that doesn't suck as much as this one?

[dmb2168]

Closing this issue. Readme clearly documents the solution, which is trivial to install.