Windows: Use built-in libraries where possible (idea from #1627)

volatilityfoundation · Feb 19, 2025 · 3ea563b · 3ea563b
1 parent e0902ad
commit 3ea563b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/volatility3/framework/plugins/windows/hashdump.py b/volatility3/framework/plugins/windows/hashdump.py
@@ -8,7 +8,6 @@
 from typing import List, Optional, Tuple
 
 from Crypto.Cipher import AES, ARC4, DES
-from Crypto.Hash import MD5
 
 from volatility3.framework import interfaces, renderers
 from volatility3.framework.configuration import requirements
@@ -529,7 +528,7 @@ def decrypt_single_hash(
         (des_k1, des_k2) = cls.sid_to_key(rid)
         des1 = DES.new(des_k1, DES.MODE_ECB)
         des2 = DES.new(des_k2, DES.MODE_ECB)
-        md5 = MD5.new()
+        md5 = hashlib.md5()
 
         md5.update(hbootkey[:0x10] + pack("<L", rid) + lmntstr)
         rc4_key = md5.digest()

diff --git a/volatility3/framework/plugins/windows/lsadump.py b/volatility3/framework/plugins/windows/lsadump.py
@@ -4,9 +4,9 @@
 import logging
 from struct import unpack
 from typing import Optional
+import hashlib
 
 from Crypto.Cipher import ARC4, DES, AES
-from Crypto.Hash import MD5, SHA256
 
 from volatility3.framework import interfaces, renderers, exceptions
 from volatility3.framework.configuration import requirements
@@ -45,7 +45,7 @@ def decrypt_aes(cls, secret: bytes, key: bytes) -> bytes:
         """
         Based on code from http://lab.mediaservice.net/code/cachedump.rb
         """
-        sha = SHA256.new()
+        sha = hashlib.sha256()
         sha.update(key)
         for _i in range(1, 1000 + 1):
             sha.update(secret[28:60])
@@ -89,7 +89,7 @@ def get_lsa_key(
         if not obf_lsa_key:
             return None
         if not vista_or_later:
-            md5 = MD5.new()
+            md5 = hashlib.md5()
             md5.update(bootkey)
             for _i in range(1000):
                 md5.update(obf_lsa_key[60:76])