Created
August 27, 2013 21:58
-
-
Save evilchili/6359717 to your computer and use it in GitHub Desktop.
Trying to extract a PBKDF2-HMAC-SHA1 from user plist on mountain lion; failing. What am I missing?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| USER=$1 | |
| # get the shadow hash from the user entry | |
| dscl . read /Users/$USER dsAttrTypeNative:ShadowHashData | tail -1 \ | |
| # remove everything but hex data and spaces | |
| | tr -dc '0-9a-f ' \ | |
| # convert the hex dump into binary | |
| | xxd -p -r \ | |
| # decode the binary blob into an xml-formatted plist entry | |
| | plutil -convert xml1 - -o - \ | |
| # extract the <data> element's text | |
| | xmllint --xpath "string(//data/text())" - \ | |
| # clean-up | |
| |tr -d '\t\n' |
that xpath should get at least 2 data nodes, if I'm reading my own output correctly. Is there a particular one you're after?
Nerp. Interesting. It stops iterating on the first node. So you do only get the first one.
Eh. It looks like it gets the entropy data block as a string ok, as long as I sudo. Is this not working for you?
On the console, I am using single quotes around the xpath. Trying as a .sh as nature intended.
This works fine as long as I delete comments from the shell script and run as sudo. What are you stuck on?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The output of dscl doesn't look like it's modified from 'tail -1' on mac. What does it do?