SignalKeyBOF

A Cobalt Strike BOF and Python helper script to retrieve the decryption keys for the compromised hosts Signal Desktop database.

Warning

Only works on Windows hosts with Signal Desktop installed and used.

Requirements

A Cobalt Strike beacon on a compromised host
Python packages (which I haven't kept track of, requirements.txt to come)

Build Info

make all

Usage

SignalKeyBOF

Acknowledgements

TrustedSec's CS-Remote-OPs-BOFs for their Slack Key BOF which this is heavily inspired by.
Carderne's Signal-Export tool which the helper script is heavily inspired by.

License

GPLv3

Author Information

This tool was created by 0xRedpoll.

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
helpers		helpers
Example.png		Example.png
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
SignalKey.x64.o		SignalKey.x64.o
SignalKey.x86.o		SignalKey.x86.o
SignalKeyBOF.cna		SignalKeyBOF.cna
SignalKeyBOF.sln		SignalKeyBOF.sln
beacon.h		beacon.h
beacon_user_data.h		beacon_user_data.h
bof.c		bof.c
signal_decrypter.py		signal_decrypter.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SignalKeyBOF

Requirements

Build Info

Usage

Acknowledgements

License

Author Information

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

SignalKeyBOF

Requirements

Build Info

Usage

Acknowledgements

License

Author Information

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages