Version should be 1 .

[pawp81]

When running python ADFSpoof.py -b Token_sign_blob.bin DKMkey.bin dump
I am getting "Version should be 1" message and script dies.
I modified EncryptedPfx.py to output what the actual version is. The version is: "538976257"
Probably the problem lies in the way I saved EncryptedPfx and DKMkey from ADFSDump
What I did:

1. EncryptedPfx
   a) I took everything between: [-] Encrypted Token Signing Key Begin and [-] Encrypted Token Signing Key End, which looks like this:
   AAAAAQAAAAAEEGXuqoRBIwFInUU[....]q6YTotIB2BA8v+zfmKuMDPw==
   b) I based64 decoded and saved the output to Token_sign_blob.bin

2. DKM key
   a) I took Private Key: B7-12-96-C1-50-89-CA-54-B7-D2-ED-E5-F0-8E-24-AA-4F-27-2F-1B-2C-9E-2E-8A-43-47-42-FD-55-B0-72-CB
   b) I removed dashes.
   c) I base64 decoded it and saved the output to DKMkey.bin

Is there any other type of conversation that needs to be done?

[duzvik]

@pawp81
correct way to create DKM key:
a) take private key
b) take hex editor and paste in the bytes ( private key without dashes) and save as DKMkey.bin

[pawp81]

Thank you. I see DKM key extracted from Active Directory already comes in HEX.
Do you mean that DKM key should be HEX representation of actual ANSI bytes?
Taking my DKM key as example and https://hexed.it/ as Hex editor example, this what I should?

[duzvik]

yes, DKMkey.bin should be HEX representation of actual ANSI bytes.
In screenshot I see a lot of zeros, remove everything after 72 CB

[ricardojoserf]

Hi! In my case I used 'cat DKMkey.txt | tr -d "-" | xxd -r -p > DKMkey.bin'. I think it works the same but I did not get the zeros :)

[pawp81]

Thank you I am getting closer
Now I am getting:
Calculated MAC did not match anticipated MAC
Calculated MAC: b'H\x03\xbauF\x02\xed\x87%\x7f+\xafZ\x95\xdc\xd3\x0b\x05\x15O\x12\xf69\xc5\x9a\xb6!;\x83\xea_\x03'
Expected MAC: b'\xc0\xae\x84\x8f\x0cm\x16g\x1c\x1axnV\x83\xed\x08I\x1dAv\xa5m^\x91]\xd8o\xf1\xb8\x14\x8b\x04'

What do you do with EncryptedPFX? Do you just base64 decode the output from ADFSDump?
cat Token_sign_blob_ADFS2019.txt | base64 -d >Token_sign_blob_ADFS2019.bin

[duzvik]

Ha!
Welcome to the club! (ppl who didn't read readme :) )
Steps to fix this:

1. pip uninstall cryptography
2. git clone https://github.com/dmb2168/cryptography.git
3. cd cryptography
4. pip install -e .

Have fun!

[pawp81]

Thank you! It worked, though only on Linux. On Windows I am getting installation error when installing crypthography.

[0xMazen]

Hey!
If the method does not work, This what worked for me :

1. Create of virtual environments in python
2. git clone https://github.com/dmb2168/cryptography.git
3. cd cryptography
4. pip3 install pyopenssl --upgrade -e .

[AmjadAlii]

Hey @0xMazen @duzvik
Please help me im also getting the same error
A tool to for AD FS security tokens
Created by @DoughSec

Calculated MAC did not match anticipated MAC
Calculated MAC: b"e\xec|[\x17?.\xffC'v(u\xaaBiw\x90\xfb\x1c\xd4H\xf7LM\x13\x87+G\x99mX"
Expected MAC: b"{\xad\xa9}\x02\xfa]\xdb\xcb\x95\x15p \x1c\x9c\xed\xbcC/\xc1\xef\xc0f\xd1\x93D'\xeb\xb0\x8a\xc0\xe1"

i have tried to install this but its not being installed at
git clone https://github.com/dmb2168/cryptography.git

any other version of cryptography im able to install

[r3k2]

Same issue, having all kinds of version issues even in a venv with requirements.txt