#!/bin/env python3 # Evan Widloski - 2018-04-11 # keepass decrypt experimentation # only works on AES encrypted database with unprotected entries # Useful reference: https://gist.github.com/msmuenchen/9318327 # https://framagit.org/okhin/pygcrypt/#use # https://github.com/libkeepass/libkeepass/tree/master/libkeepass import struct database = 'FooBar.kdbx' password = b'FooBar' # password = None #keyfile = 'test3.key' keyfile = None b = [] with open(database, 'rb') as f: b = bytearray(f.read()) # ---------- Header Stuff ---------- # file magic number (4 bytes) magic = b[0:4] # keepass version (2 bytes) version = b[4:8] # database minor version (2 bytes) minor_version = b[8:10] # database major version (2 bytes) major_version = b[10:12] # header item lookup table header_item_ids = {0: 'end', 1: 'comment', 2: 'cipher_id', 3: 'compression_flags', 4: 'master_seed', 5: 'transform_seed', 6: 'transform_rounds', 7: 'encryption_iv', 8: 'protected_stream_key', 9: 'stream_start_bytes', 10: 'inner_random_stream_id' } # read dynamic header # offset of first header byte offset = 12 # dict containing header items header = {} # loop until end of header while b[offset] != 0: # read size of item (2 bytes) size = struct.unpack('