Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added DPAPI Blob , DPAPI MasterKey , CREDHIST pattern file & Updated README.md #328

Merged
merged 4 commits into from
Dec 5, 2024
Merged

Added DPAPI Blob , DPAPI MasterKey , CREDHIST pattern file & Updated README.md #328

merged 4 commits into from
Dec 5, 2024

Conversation

5h4rrk
Copy link
Contributor

@5h4rrk 5h4rrk commented Dec 4, 2024
edited
Loading

Merge Request Description

DPAPI MasterKey, Blob and CREDHIST Pattern File

Key Features:

  1. DPAPI MasterKey:

    • Binary structure with service header and four slots.
    • Includes user's Master Key, local encryption key, local backup key (or CREDHIST GUID), and domain backup key.
    • FilePath: C:\Users\<USER>\AppData\Roaming\Microsoft\Protect\<SID>
    • Files are hidden; use attrib -h -s in Command Prompt to reveal.

  2. DPAPI Blob:

    • Binary structure containing application's private data encrypted using DPAPI.

  3. CREDHIST:

    • Password history file with a chain of older password hashes.
    • Each password change appends the old hash, encrypted with the new password.
    • FilePath: C:\Users\<USER>\AppData\Roaming\Microsoft\Protect\

@WerWolv
Copy link
Owner

WerWolv commented Dec 5, 2024

Thank you very much! Would it be possible to upload some test files for these?

@5h4rrk
Copy link
Contributor Author

5h4rrk commented Dec 5, 2024

Sure, I’ll add the test files for these.

@WerWolv WerWolv merged commit 16a87df into WerWolv:master Dec 5, 2024
2 checks passed
@WerWolv
Copy link
Owner

WerWolv commented Dec 5, 2024

Thanks a lot!

@5h4rrk 5h4rrk deleted the dpapi-pattern branch December 5, 2024 22:13
applecuckoo pushed a commit to applecuckoo/ImHex-Patterns that referenced this pull request Jan 24, 2025
@5h4rrk @applecuckoo
patterns: Added DPAPI Blob, DPAPI MasterKey, CREDHIST patterns (WerWo…
cae2969 
…lv#328)

* [+]Added DPAPI MasterKey & Updated README.md

* [+]Added DPAPI Blob Pattern & Updated README.md

* [+] Added CREDHIST Pattern &  Updated README.md

* [+] Test Files added for dpapimasterkey, dpapiblob & CREDHIST
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@5h4rrk @WerWolv