我正在尝试使用volatility3的
hashdump.HashdumpAttributeError: function/symbol 'ARC4_stream_init' not found in library '/home/cyber/.local/lib/python3.9/site-packages/Crypto/Util/../Cipher/_ARC4.cpython-39-x86_64-linux-gnu.so': /home/cyber/.local/lib/python3.9/site-packages/Crypto/Util/../Cipher/_ARC4.cpython-39-x86_64-linux-gnu.so: undefined symbol: ARC4_stream_init
我尝试用谷歌搜索它,我唯一能找到的是与 pdf 类似的东西这里。我还尝试重新安装波动性要求,并重新安装了
pycryptocryptocryptodome$python3 vol.py -f /home/cyber/Downloads/memdump.mem windows.hashdump.Hashdump
Volatility 3 Framework 2.5.2
Progress: 100.00 PDB scanning finished
User rid lmhash nthash
Traceback (most recent call last):
File "/home/cyber/Downloads/volatility3/vol.py", line 10, in <module>
volatility3.cli.main()
File "/home/cyber/Downloads/volatility3/volatility3/cli/__init__.py", line 790, in main
CommandLine().run()
File "/home/cyber/Downloads/volatility3/volatility3/cli/__init__.py", line 447, in run
renderers[args.renderer]().render(constructed.run())
File "/home/cyber/Downloads/volatility3/volatility3/cli/text_renderer.py", line 193, in render
grid.populate(visitor, outfd)
File "/home/cyber/Downloads/volatility3/volatility3/framework/renderers/__init__.py", line 245, in populate
for level, item in self._generator:
File "/home/cyber/Downloads/volatility3/volatility3/framework/plugins/windows/hashdump.py", line 571, in _generator
hbootkey = self.get_hbootkey(samhive, bootkey)
File "/home/cyber/Downloads/volatility3/volatility3/framework/plugins/windows/hashdump.py", line 409, in get_hbootkey
rc4 = ARC4.new(rc4_key)
File "/home/cyber/.local/lib/python3.9/site-packages/Crypto/Cipher/ARC4.py", line 130, in new
return ARC4Cipher(key, *args, **kwargs)
File "/home/cyber/.local/lib/python3.9/site-packages/Crypto/Cipher/ARC4.py", line 58, in __init__
result = _raw_arc4_lib.ARC4_stream_init(c_uint8_ptr(key),
File "/usr/lib/python3/dist-packages/cffi/api.py", line 912, in __getattr__
make_accessor(name)
File "/usr/lib/python3/dist-packages/cffi/api.py", line 908, in make_accessor
accessors[name](name)
File "/usr/lib/python3/dist-packages/cffi/api.py", line 838, in accessor_function
value = backendlib.load_function(BType, name)
AttributeError: function/symbol 'ARC4_stream_init' not found in library '/home/cyber/.local/lib/python3.9/site-packages/Crypto/Util/../Cipher/_ARC4.cpython-39-x86_64-linux-gnu.so': /home/cyber/.local/lib/python3.9/site-packages/Crypto/Util/../Cipher/_ARC4.cpython-39-x86_64-linux-gnu.so: undefined symbol: ARC4_stream_init
创建一个全新的虚拟环境:
python3 -m venv .venv
激活创建的环境:
source .venv/bin/activate
安装
arc4pip install arc4
main.pyfrom arc4 import ARC4
arc4 = ARC4(b'key')
cipher = arc4.encrypt(b'some plain text to encrypt')
arc4 = ARC4(b'key')
decrypted_text = arc4.decrypt(cipher)
print(decrypted_text)
您必须在每个操作开始时初始化RC4对象,因为RC4是一个流密码。通过初始化一个新对象,流指针将指向流的开头,从而相应地解密。
运行程序:
python3 main.py
b'some plain text to encrypt'