hg658c

hg658c_configtool.py

Mar 16th, 2015
12,742
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /usr/bin/env python
  2.  
  3. # hg658c.wordpress.com
  4. # Version 3
  5.  
  6. import sys
  7. import os
  8. from binascii import hexlify, unhexlify
  9. from Crypto.Cipher import AES
  10. from Crypto.Hash import SHA256
  11. from Crypto.Util import number
  12.  
  13.  
  14. RSA_D = "2345ADB2C06E54D7373E2A233A50150A" \
  15.         "4044E417FBF76FB1AC8A444E72A345AA" \
  16.         "14B7C349A4824C96DF9ECF7D8CC50425" \
  17.         "32930DBD40D86FDCD892398702E3EA51" \
  18.         "41C90F10494BB91440E89B104626CCCB" \
  19.         "E45A5133362359732954BD63FCA58929" \
  20.         "E3D890014FDF83847E6B19F0D9E1117E" \
  21.         "9706984EAA57E114934B273366C4DBD1"
  22.  
  23. RSA_N = "C206CF93A9E6EE1CE17984DD54422AC4" \
  24.         "561A4EEB969D1BA81432626D6409FA03" \
  25.         "3B3738F8BBA046ACEF3BAC35094B70AF" \
  26.         "231D9DC43C1D68EDBEBE983E267B72FD" \
  27.         "3C2A7614D60FA7457B92B6A45C49F307" \
  28.         "EA23DE51E7E0C36D6440FC4F62C44CCB" \
  29.         "4169914E43DBFDAE536F002B2D670CE0" \
  30.         "A2A11FD1AF4C484C1A6FED9C228199A3"
  31.  
  32. RSA_E = "010001"
  33.            
  34. SIG_TEMPLATE = "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
  35.                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
  36.                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
  37.                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
  38.                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
  39.                "003021300906052B0E03021A05000420"
  40.  
  41. AES128CBC_KEY = "48EE9D8621739F26C215C49071e2438A"
  42. AES128CBC_IV  = "A68FBBCA44BB1F5364A530608BCDEAAB"
  43.  
  44. XML_VERSION_STRING = b'<?xml version="1.0" ?>'
  45.  
  46. def print_usage():
  47.     print("Usage : " + sys.argv[0] + " {encrypt | decrypt} input_file output_file")
  48.     sys.exit(1)
  49.  
  50. def load_config(config_file):
  51.     if os.path.isfile(config_file):
  52.         cf = open(config_file, "rb")
  53.         config = cf.read()
  54.         cf.close()
  55.     else:
  56.         print("Config file not found..exiting")
  57.         sys.exit(1)
  58.     return config
  59.  
  60. def save_to_file(dest_file, data):
  61.     wfile = open(dest_file,"wb")
  62.     wfile.write(data)
  63.     wfile.close()
  64.  
  65. def get_sha256_hash_from_sig(sig):
  66.     sig_int = int(hexlify(sig),16)
  67.     rsa_n = int(RSA_N,16)
  68.     dec_sig_as_int = pow(sig_int, 0x10001, rsa_n );
  69.     decrypted_sig = number.long_to_bytes(dec_sig_as_int, 128)
  70.     target_sha256 = hexlify(decrypted_sig)[-64:]
  71.     return target_sha256
  72.  
  73. def calc_actual_sha256_hash(enc_config_body):
  74.     sha256 = SHA256.new()
  75.     sha256.update(enc_config_body)
  76.     actual_sha256_sig = sha256.hexdigest()
  77.     actual_sha256_sig = str.encode(actual_sha256_sig)
  78.     return actual_sha256_sig
  79.  
  80. def decrypt_body(enc_config_body):
  81.     iv = unhexlify(AES128CBC_IV)
  82.     key= unhexlify(AES128CBC_KEY)
  83.     cipher = AES.new(key, AES.MODE_CBC, iv)
  84.     decrypted_data = cipher.decrypt(enc_config_body)
  85.     # Strip block padding
  86.     decrypted_data=decrypted_data.rstrip(b'\0')
  87.     return decrypted_data
  88.  
  89.  
  90. def decrypt_config(input_file, output_file):
  91.     enc_config=load_config(input_file)
  92.     sig = enc_config[:0x80]
  93.     enc_config_body=enc_config[0x80:]
  94.  
  95.     print("verifying signature...")
  96.     target_sha256_hash = get_sha256_hash_from_sig(sig)
  97.     actual_sha256_hash = calc_actual_sha256_hash(enc_config_body)
  98.  
  99.     if (actual_sha256_hash == target_sha256_hash):
  100.         print("Signature ok...")       
  101.     else:
  102.         print("Signature not ok...exiting")
  103.         sys.exit(1)
  104.  
  105.     print("Decrypting...")
  106.     decrypted_data = decrypt_body(enc_config_body)
  107.  
  108.     check_config(decrypted_data)
  109.  
  110.     print("Saving decrypted config to " + output_file + "...")
  111.     save_to_file(output_file, decrypted_data)
  112.  
  113. def check_config(new_config_file):
  114.     head = new_config_file[0:len(XML_VERSION_STRING)]
  115.     if head != XML_VERSION_STRING:
  116.         print("Not a valid config file...exiting")
  117.         sys.exit(1)
  118.  
  119. def encrypt_config(input_file, output_file):
  120.     new_config_file=load_config(input_file)
  121.  
  122.     check_config(new_config_file)
  123.  
  124.     padding_amount = len(new_config_file) % 32
  125.     print("" + str(padding_amount) + " bytes padding needed")
  126.     print("Adding padding...")
  127.     new_config_file=new_config_file + b'\0'*(32-padding_amount)
  128.  
  129.     print("Encrypting config...")
  130.     iv = unhexlify(AES128CBC_IV)
  131.     key= unhexlify(AES128CBC_KEY)
  132.     aes = AES.new(key, AES.MODE_CBC, iv)
  133.     enc_new_config = aes.encrypt(new_config_file)
  134.  
  135.     print("Calculating SHA256 hash...")
  136.     h = SHA256.new()
  137.     h.update(enc_new_config)
  138.     actual_sha256_sig = h.hexdigest()
  139.  
  140.     sig = SIG_TEMPLATE+actual_sha256_sig;
  141.  
  142.     print("Encrypting Signature...")
  143.     sig_int = int(sig,16)
  144.     rsa_d = int(RSA_D,16)
  145.     rsa_n = int(RSA_N,16)
  146.     enc_sig_int = pow(sig_int, rsa_d, rsa_n);
  147.  
  148.     encrypted_sig = number.long_to_bytes(enc_sig_int, 128)
  149.     enc_config = encrypted_sig + enc_new_config
  150.  
  151.     print("Saving encrypted config to " + output_file + "...")
  152.     save_to_file(output_file, enc_config)
  153.  
  154. def main():
  155.  
  156.     if len(sys.argv) < 4:
  157.         print_usage()
  158.  
  159.     input_file = sys.argv[2]
  160.     output_file = sys.argv[3]
  161.     command = sys.argv[1]
  162.  
  163.     if (command == "encrypt"):
  164.         encrypt_config(input_file, output_file)
  165.     elif (command == "decrypt"):
  166.         decrypt_config(input_file, output_file)
  167.     else:
  168.         print_usage()
  169.  
  170.  
  171.  
  172. if __name__ == "__main__":
  173.     main()
RAW Paste Data