coolirc

hg635-b68a-cfg

Mar 4th, 2021
104
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /usr/bin/env python
  2.  
  3. # hg658c.wordpress.com
  4. """
  5. To decrypt encrypted values in the config, use
  6. echo -n "Lp0xkiAANwcYpVPbI3D/Mg==" | base64 -d | openssl enc -d -aes-128-cbc
  7. -K DBAF3361E81DA0EF5358A1929FC90A80 -iv 629EA150533376741BE36F3C819E77BA -nopad
  8. """
  9.  
  10. import sys
  11. import os
  12. from binascii import hexlify, unhexlify
  13. from Crypto.Cipher import AES
  14. from Crypto.Hash import MD5
  15. from Crypto.Util import number
  16. import zlib
  17.  
  18. RSA_D = ("ABADA5BCEE9A32B45696E6C99A0B9E68"
  19.          "45F72D94486DFA761DB59B3D8576B72D"
  20.          "A7CE4B434898BEEB7E3B114C7CB4AE95"
  21.          "8593899F6572CE060CC7AE3FC7733DE0"
  22.          "02AE9F2164765C3260DBB3F1D9920BDB"
  23.          "BB235E96036864C05695B86950CAB6C9"
  24.          "E3524583A537239335381AD8240FB311"
  25.          "AFDD3DCAF1F68112D556964ECB568421")
  26.  
  27. RSA_N = ("B597A54F66CA6332972D9986AB87F741"
  28.          "B9BBA24A130612C01620EAE53DD0F993"
  29.          "9E9F53440549ED7B7FC2B739B33A7735"
  30.          "E42A1FC90F6A9C17E4A7A57EDF733624"
  31.          "5A4F67DFD757820782264D7CBA8DA067"
  32.          "6E5661968EF8510BB88FEF7E2320A657"
  33.          "CCB5A75E28C1ACE7FC0B3DD15C0051FC"
  34.          "A343B42464935A0B31D2C2F904767CE3")
  35.  
  36. RSA_E = "010001"        
  37.  
  38. SIG_TEMPLATE = ("0001ffffffffffffffffffffffffffff"
  39.                 "ffffffffffffffffffffffffffffffff"
  40.                 "ffffffffffffffffffffffffffffffff"
  41.                 "ffffffffffffffffffffffffffffffff"
  42.                 "ffffffffffffffffffffffffffffffff"
  43.                 "ffffffffffffffffffffffffff003020"
  44.                 "300c06082a864886f70d020505000410")
  45. ### mod B68A####
  46. AES256CBC_KEY = "e7e70fcaf244562b6ee5dd102146c87fe55e9146afda358d6a6e7bc111ffe859"
  47. AES256CBC_IV  = "aab0d1493646e87b97804a858ad58325"
  48. #### keys for HG635
  49. #AES256CBC_KEY = "1AAAB4A730B23E1FC8A1D59C79283A228B78410ECC46FA4F48EB1456E24C5B89"
  50. #AES256CBC_IV  = "D1FE7512325C5713D362D332AFA3644C"
  51.  
  52. XML_VERSION_STRING = b'<?xml version="1.0" ?>'
  53.  
  54. def print_usage():
  55.     print("Usage : " + sys.argv[0] + " {encrypt | decrypt} input_file output_file")
  56.     sys.exit(1)
  57.  
  58. def load_config(config_file):
  59.     if os.path.isfile(config_file):
  60.         cf = open(config_file, "rb")
  61.         config = cf.read()
  62.         cf.close()
  63.     else:
  64.         print("Config file not found..exiting")
  65.         sys.exit(1)
  66.     return config
  67.  
  68. def save_to_file(dest_file, data):
  69.     wfile = open(dest_file,"wb")
  70.     wfile.write(data)
  71.     wfile.close()
  72.  
  73. def get_md5_hash_from_sig(sig):
  74.     sig_int = int(hexlify(sig),16)
  75.     rsa_n = int(RSA_N,16)
  76.     dec_sig_as_int = pow(sig_int, 0x10001, rsa_n );
  77.     decrypted_sig = number.long_to_bytes(dec_sig_as_int, 128)
  78.     target_md5 = hexlify(decrypted_sig)[-64:]
  79.     return target_md5
  80.  
  81. def calc_actual_md5_hash(enc_config_body):
  82.     md5 = MD5.new()
  83.     md5.update(enc_config_body)
  84.     actual_md5_sig = md5.hexdigest()
  85.     actual_md5_sig = str.encode(actual_md5_sig)
  86.     return actual_md5_sig
  87.  
  88. def decrypt_config(input_file, output_file):
  89.     enc_config=load_config(input_file)
  90.  
  91.     print("Decrypting...")
  92.     iv = unhexlify(AES256CBC_IV)
  93.     key= unhexlify(AES256CBC_KEY)
  94.     cipher = AES.new(key, AES.MODE_CBC, iv)
  95.     try:
  96.         decrypted_data = cipher.decrypt(enc_config)
  97.         decompressed_data=""
  98.  
  99.         decompressed_data = zlib.decompress(decrypted_data)
  100.     except:
  101.         print("Bad config file...exiting")
  102.         sys.exit(1)
  103.  
  104.     config_text = decompressed_data[:-0x80]
  105.     actual_md5_hash = calc_actual_md5_hash(config_text)
  106.  
  107.     print("Verifying signature...")
  108.     sig = decompressed_data [-0x80:]
  109.     sig_int = int(hexlify(sig),16)
  110.     rsa_n = int(RSA_N,16)
  111.     dec_sig_as_int = pow(sig_int, 0x10001, rsa_n );
  112.     decrypted_sig = number.long_to_bytes(dec_sig_as_int, 128)
  113.     target_md5_hash = hexlify(decrypted_sig)[-32:]
  114.  
  115.     if (actual_md5_hash == target_md5_hash):
  116.         print("Signature ok...")        
  117.     else:
  118.         print("Signature not ok...continue")
  119.         #sys.exit(1)
  120.  
  121.     config_text = config_text[:-1]
  122.     check_config(config_text)
  123.  
  124.     print("Saving decrypted config to " + output_file + "...")
  125.     save_to_file(output_file, config_text)
  126.  
  127. def check_config(new_config_file):
  128.     head = new_config_file[0:len(XML_VERSION_STRING)]
  129.     if head != XML_VERSION_STRING:
  130.         print("Not a valid config file...exiting")
  131.         sys.exit(1)
  132.  
  133. def encrypt_config(input_file, output_file):
  134.     new_config_data=load_config(input_file)
  135.     check_config(new_config_data)
  136.     new_config_data += '\0'.encode()
  137.  
  138.     print("Calculating MD5 hash...")
  139.     h = MD5.new()
  140.     h.update(new_config_data)
  141.     actual_md5_sig = h.hexdigest()
  142.  
  143.     sig = SIG_TEMPLATE + actual_md5_sig;
  144.  
  145.     print("Adding Signature...")
  146.     sig_int = int(sig,16)
  147.     rsa_d = int(RSA_D,16)
  148.     rsa_n = int(RSA_N,16)
  149.     enc_sig_int = pow(sig_int, rsa_d, rsa_n);
  150.     encrypted_sig = number.long_to_bytes(enc_sig_int, 128)
  151.     new_config_data = new_config_data + encrypted_sig
  152.  
  153.     print("Compressing config...")
  154.     compressed_data = zlib.compress(new_config_data, 9)
  155.  
  156.     padding_amount = len(compressed_data) % 16
  157.     print("" + str(padding_amount) + " bytes padding needed")
  158.     print("Adding padding...")
  159.     compressed_data=compressed_data + b'\0'*(16-padding_amount)
  160.  
  161.     print("Encrypting config...")
  162.     iv = unhexlify(AES256CBC_IV)
  163.     key= unhexlify(AES256CBC_KEY)
  164.     aes = AES.new(key, AES.MODE_CBC, iv)
  165.     enc_new_config = aes.encrypt(compressed_data)
  166.  
  167.     print("Saving encrypted config to " + output_file + "...")
  168.     save_to_file(output_file, enc_new_config)
  169.  
  170. def main():
  171.     if len(sys.argv) < 4:
  172.         print_usage()
  173.  
  174.     input_file = sys.argv[2]
  175.     output_file = sys.argv[3]
  176.     command = sys.argv[1]
  177.  
  178.     if (command == "encrypt"):
  179.         encrypt_config(input_file, output_file)
  180.     elif (command == "decrypt"):
  181.         decrypt_config(input_file, output_file)
  182.     else:
  183.         print_usage()
  184.  
  185.  
  186. if __name__ == "__main__":
  187.     main()
RAW Paste Data