CODEWITHSUNDEEP
pythonpython-3.xregistrywinreg
geostocker
geostocker

Reputation: 1200

windows registry values coming back as long integers

I'm working my way through Violent Python and have encountered a problem with the first program in chapter 3.

The idea is to print the name of each network in HKEY_LOCAL_MACHINE../unmanaged as well as their assigned DefaultGateWayMac.

I've already checked various questions here on SO as I was initially having trouble setting up the script (Violen Python is getting quite old..).

the problem I'm facing is that when I attempt to print the Mac Address I'm getting a bunch of integers. My initial thought was that some of the combinations could be ASCII values, but even trying to convert them wouldn't create a correct MAC-address.

I've checked in my machine's registry keys for mac-addresses and most of them seem fine (some of them are empty). But as mentioned above, none of them seem to print fine.

This is my script:

from winreg import *

def val2addr(val):
    if val:
        address = ""
        for ch in val:
            if(not int(ch)):
                address += "%02x " % ord(ch)
                address = address.strip(' ').replace(' ', ':')[0: 17]
            else:
                address += str(ch)
        return address
    return "[!] No MAC [!]"

def print_networks():
    net = u"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"+\
          "\\NetworkList\\Signatures\\Unmanaged"
    print(str(HKEY_LOCAL_MACHINE) + net)
    key = OpenKey(HKEY_LOCAL_MACHINE, net, 0, (KEY_WOW64_64KEY + KEY_READ))
    print('\n[*] Networks You have Joined:\n')

    for network in range(100):
        try:
            guid = EnumKey(key, network)
            netkey = OpenKey(key, str(guid))
            mac = QueryValueEx(netkey, 'DefaultGatewayMac')[0]
            mac = val2addr(mac)
            network_name = QueryValueEx(netkey, 'Description')[0]
            print("[+] Network Name: " + network_name + "[+] Mac: " + mac)
            CloseKey(netkey)
        except Exception as e:
            print(e)
            break

def main():
    print_networks()

if __name__ == '__main__':
    main()

As you can see I've made some changes (in particular to val2addr):

def val2addr(val): 
    addr = ''
    for ch in val: 
        addr += '%02x '% ord(ch) 
        addr = addr.strip(' ').replace(' ', ':')[0:17] 
    return addr

Here is some sample output that my program prints:

[*] Networks You have Joined:

[+] Network Name: DIRECT-HUJABERO059243[+] Mac: [!] No MAC [!]
[+] Network Name: Network  2[+] Mac: 72906311290171
[+] Network Name: Network  3[+] Mac: 1447774159240
[+] Network Name: Network[+] Mac: 200205114121180123
[+] Network Name: BTHub3-JZM3[+] Mac: 20451187180235148
[WinError 259] No more data is available

Upvotes: 1

Views: 295

Answers (2)

Ilario Pierbattista
Ilario Pierbattista

Reputation: 3265

It's the decimal representation of your MAC address.

Converting 72906311290171, I get 424ED2C94D3B, which is a MAC address (42:4E:D2:C9:4D:3B)

Conversion for python2:

dec_mac = 72906311290171
print ':'.join(s.encode('hex') for s in str(dec_mac).decode('hex'))

and for python3 

dec_mac = 72906311290171
print(':'.join(format(s, '02x') for s in bytes.fromhex(str(dec_mac))))

Upvotes: 2

martineau
martineau

Reputation: 123463

Try using this version of val2addr:

def val2addr(val):
    return ':'.join('{:02X}'.format(b) for b in val)

Upvotes: 2

Related Questions