SHARE
TWEET

hg635_configtool.py

hg658c Jun 9th, 2015 7,628 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /usr/bin/env python
  2.  
  3. # hg658c.wordpress.com
  4. """
  5. To decrypt encrypted values in the config, use
  6. echo -n "Lp0xkiAANwcYpVPbI3D/Mg==" | base64 -d | openssl enc -d -aes-128-cbc
  7. -K DBAF3361E81DA0EF5358A1929FC90A80 -iv 629EA150533376741BE36F3C819E77BA -nopad
  8. """
  9.  
  10. import sys
  11. import os
  12. from binascii import hexlify, unhexlify
  13. from Crypto.Cipher import AES
  14. from Crypto.Hash import MD5
  15. from Crypto.Util import number
  16. import zlib
  17.  
  18. RSA_D = ("ABADA5BCEE9A32B45696E6C99A0B9E68"
  19.          "45F72D94486DFA761DB59B3D8576B72D"
  20.          "A7CE4B434898BEEB7E3B114C7CB4AE95"
  21.          "8593899F6572CE060CC7AE3FC7733DE0"
  22.          "02AE9F2164765C3260DBB3F1D9920BDB"
  23.          "BB235E96036864C05695B86950CAB6C9"
  24.          "E3524583A537239335381AD8240FB311"
  25.          "AFDD3DCAF1F68112D556964ECB568421")
  26.  
  27. RSA_N = ("B597A54F66CA6332972D9986AB87F741"
  28.          "B9BBA24A130612C01620EAE53DD0F993"
  29.          "9E9F53440549ED7B7FC2B739B33A7735"
  30.          "E42A1FC90F6A9C17E4A7A57EDF733624"
  31.          "5A4F67DFD757820782264D7CBA8DA067"
  32.          "6E5661968EF8510BB88FEF7E2320A657"
  33.          "CCB5A75E28C1ACE7FC0B3DD15C0051FC"
  34.          "A343B42464935A0B31D2C2F904767CE3")
  35.  
  36. RSA_E = "010001"        
  37.  
  38. SIG_TEMPLATE = ("0001ffffffffffffffffffffffffffff"
  39.                 "ffffffffffffffffffffffffffffffff"
  40.                 "ffffffffffffffffffffffffffffffff"
  41.                 "ffffffffffffffffffffffffffffffff"
  42.                 "ffffffffffffffffffffffffffffffff"
  43.                 "ffffffffffffffffffffffffff003020"
  44.                 "300c06082a864886f70d020505000410")
  45.  
  46. AES256CBC_KEY = "1AAAB4A730B23E1FC8A1D59C79283A228B78410ECC46FA4F48EB1456E24C5B89"
  47. AES256CBC_IV  = "D1FE7512325C5713D362D332AFA3644C"
  48.  
  49. XML_VERSION_STRING = b'<?xml version="1.0" ?>'
  50.  
  51. def print_usage():
  52.     print("Usage : " + sys.argv[0] + " {encrypt | decrypt} input_file output_file")
  53.     sys.exit(1)
  54.  
  55. def load_config(config_file):
  56.     if os.path.isfile(config_file):
  57.         cf = open(config_file, "rb")
  58.         config = cf.read()
  59.         cf.close()
  60.     else:
  61.         print("Config file not found..exiting")
  62.         sys.exit(1)
  63.     return config
  64.  
  65. def save_to_file(dest_file, data):
  66.     wfile = open(dest_file,"wb")
  67.     wfile.write(data)
  68.     wfile.close()
  69.  
  70. def get_md5_hash_from_sig(sig):
  71.     sig_int = int(hexlify(sig),16)
  72.     rsa_n = int(RSA_N,16)
  73.     dec_sig_as_int = pow(sig_int, 0x10001, rsa_n );
  74.     decrypted_sig = number.long_to_bytes(dec_sig_as_int, 128)
  75.     target_md5 = hexlify(decrypted_sig)[-64:]
  76.     return target_md5
  77.  
  78. def calc_actual_md5_hash(enc_config_body):
  79.     md5 = MD5.new()
  80.     md5.update(enc_config_body)
  81.     actual_md5_sig = md5.hexdigest()
  82.     actual_md5_sig = str.encode(actual_md5_sig)
  83.     return actual_md5_sig
  84.  
  85. def decrypt_config(input_file, output_file):
  86.     enc_config=load_config(input_file)
  87.  
  88.     print("Decrypting...")
  89.     iv = unhexlify(AES256CBC_IV)
  90.     key= unhexlify(AES256CBC_KEY)
  91.     cipher = AES.new(key, AES.MODE_CBC, iv)
  92.     try:
  93.         decrypted_data = cipher.decrypt(enc_config)
  94.         decompressed_data=""
  95.  
  96.         decompressed_data = zlib.decompress(decrypted_data)
  97.     except:
  98.         print("Bad config file...exiting")
  99.         sys.exit(1)
  100.  
  101.     config_text = decompressed_data[:-0x80]
  102.     actual_md5_hash = calc_actual_md5_hash(config_text)
  103.  
  104.     print("Verifying signature...")
  105.     sig = decompressed_data [-0x80:]
  106.     sig_int = int(hexlify(sig),16)
  107.     rsa_n = int(RSA_N,16)
  108.     dec_sig_as_int = pow(sig_int, 0x10001, rsa_n );
  109.     decrypted_sig = number.long_to_bytes(dec_sig_as_int, 128)
  110.     target_md5_hash = hexlify(decrypted_sig)[-32:]
  111.  
  112.     if (actual_md5_hash == target_md5_hash):
  113.         print("Signature ok...")        
  114.     else:
  115.         print("Signature not ok...exiting")
  116.         sys.exit(1)
  117.  
  118.     config_text = config_text[:-1]
  119.     check_config(config_text)
  120.  
  121.     print("Saving decrypted config to " + output_file + "...")
  122.     save_to_file(output_file, config_text)
  123.  
  124. def check_config(new_config_file):
  125.     head = new_config_file[0:len(XML_VERSION_STRING)]
  126.     if head != XML_VERSION_STRING:
  127.         print("Not a valid config file...exiting")
  128.         sys.exit(1)
  129.  
  130. def encrypt_config(input_file, output_file):
  131.     new_config_data=load_config(input_file)
  132.     check_config(new_config_data)
  133.     new_config_data += '\0'.encode()
  134.  
  135.     print("Calculating MD5 hash...")
  136.     h = MD5.new()
  137.     h.update(new_config_data)
  138.     actual_md5_sig = h.hexdigest()
  139.  
  140.     sig = SIG_TEMPLATE + actual_md5_sig;
  141.  
  142.     print("Adding Signature...")
  143.     sig_int = int(sig,16)
  144.     rsa_d = int(RSA_D,16)
  145.     rsa_n = int(RSA_N,16)
  146.     enc_sig_int = pow(sig_int, rsa_d, rsa_n);
  147.     encrypted_sig = number.long_to_bytes(enc_sig_int, 128)
  148.     new_config_data = new_config_data + encrypted_sig
  149.  
  150.     print("Compressing config...")
  151.     compressed_data = zlib.compress(new_config_data, 9)
  152.  
  153.     padding_amount = len(compressed_data) % 16
  154.     print("" + str(padding_amount) + " bytes padding needed")
  155.     print("Adding padding...")
  156.     compressed_data=compressed_data + b'\0'*(16-padding_amount)
  157.  
  158.     print("Encrypting config...")
  159.     iv = unhexlify(AES256CBC_IV)
  160.     key= unhexlify(AES256CBC_KEY)
  161.     aes = AES.new(key, AES.MODE_CBC, iv)
  162.     enc_new_config = aes.encrypt(compressed_data)
  163.  
  164.     print("Saving encrypted config to " + output_file + "...")
  165.     save_to_file(output_file, enc_new_config)
  166.  
  167. def main():
  168.     if len(sys.argv) < 4:
  169.         print_usage()
  170.  
  171.     input_file = sys.argv[2]
  172.     output_file = sys.argv[3]
  173.     command = sys.argv[1]
  174.  
  175.     if (command == "encrypt"):
  176.         encrypt_config(input_file, output_file)
  177.     elif (command == "decrypt"):
  178.         decrypt_config(input_file, output_file)
  179.     else:
  180.         print_usage()
  181.  
  182.  
  183. if __name__ == "__main__":
  184.     main()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top