Demostracion de como recuperan el block key material para descifrar el Disco Duro
func main() {
scmKey := decode(scmKey)
salt := decode(salt)
maskkey := pbkdf2.Key([]byte("password"), salt, rounds, 32, sha1.New)
// AES-ECB-256_decrypt(k=maskkey, scm_key) = scr_key
a, err := aes.NewCipher(maskkey)
if err != nil {
log.Fatal(err)
}
for i := 0; i < len(scmKey); i += a.BlockSize() {
a.Decrypt(scmKey[i:i+a.BlockSize()], scmKey[i:i+a.BlockSize()])
}
// HMAC-SHA1(k=maskkey, scm_key) == sch_mac
h := sha1.Sum(maskkey)
mac := hmac.New(sha1.New, h[:])
mac.Write(scmKey)
expectedMAC := mac.Sum(nil)
fmt.Print(hex.Dump(expectedMAC))
}
El link con la lectura completa en Ingles:
https://blog.filippo.io/so-i-lost-my-openbsd-fde-password/