MacOS 登录密码设置文件 kcpassword 的加解密算法

加密分析

使用了一组魔数 125, 137, 82, 35, 210, 188, 221, 234, 163, 185, 31

登录密码明文按位依次循环与魔数进行异或，最后加上 35 181 122 180 153 242 70 85 145 160 十个字节做标识

解密脚本

#!/usr/bin/python3
import struct
import sys

# Function to decrypt the kcpassword
def decrypt_kcpassword():
    key = [125, 137, 82, 35, 210, 188, 221, 234, 163, 185, 31]
    length = len(key)
    f = open(sys.argv[1], "rb")
    byte = list(f.read())
    f.close()
    
    end = False
    kcpassword = []
    for i in range(len(byte)):
        if byte[i]^key[i%length] == 0 :
            end = True

        if end == False :
            kcpassword.append(str(chr(byte[i]^key[i%length])))
            
    print(''.join(map(str,kcpassword)))

# Function main
def main():
    if len(sys.argv) < 2 :
        print('usage : ./decode-kcpassword.py KCPASSWORD_PATH')
        exit()
    decrypt_kcpassword()

# Call to main
if __name__ == '__main__':
    main()

macOS 自动登录配置文件: /Library/Preferences/com.apple.loginwindow.plist

macOS 自动登录密码设置文件: /etc/kcpassword

macOS 版本号存储文件: /System/Library/CoreServices/SystemVersion.plist