#! /usr/bin/env python# hg658c.wordpress.com# Version 3import sysimport os

1. #! /usr/bin/env python
2.  
3. # hg658c.wordpress.com
4. # Version 3
5.  
6. import sys
7. import os
8. from binascii import hexlify, unhexlify
9. from Crypto.Cipher import AES
10. from Crypto.Hash import SHA256
11. from Crypto.Util import number
12.  
13.  
14. RSA_D = "2345ADB2C06E54D7373E2A233A50150A" \
15. "4044E417FBF76FB1AC8A444E72A345AA" \
16. "14B7C349A4824C96DF9ECF7D8CC50425" \
17. "32930DBD40D86FDCD892398702E3EA51" \
18. "41C90F10494BB91440E89B104626CCCB" \
19. "E45A5133362359732954BD63FCA58929" \
20. "E3D890014FDF83847E6B19F0D9E1117E" \
21. "9706984EAA57E114934B273366C4DBD1"
22.  
23. RSA_N = "C206CF93A9E6EE1CE17984DD54422AC4" \
24. "561A4EEB969D1BA81432626D6409FA03" \
25. "3B3738F8BBA046ACEF3BAC35094B70AF" \
26. "231D9DC43C1D68EDBEBE983E267B72FD" \
27. "3C2A7614D60FA7457B92B6A45C49F307" \
28. "EA23DE51E7E0C36D6440FC4F62C44CCB" \
29. "4169914E43DBFDAE536F002B2D670CE0" \
30. "A2A11FD1AF4C484C1A6FED9C228199A3"
31.  
32. RSA_E = "010001"
33.  
34. SIG_TEMPLATE = "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
35. "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
36. "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
37. "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
38. "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
39. "003021300906052B0E03021A05000420"
40.  
41. AES128CBC_KEY = "48EE9D8621739F26C215C49071e2438A"
42. AES128CBC_IV = "A68FBBCA44BB1F5364A530608BCDEAAB"
43.  
44. XML_VERSION_STRING = b'<?xml version="1.0" ?>'
45.  
46. def print_usage():
47. print("Usage : " + sys.argv[0] + " {encrypt | decrypt} input_file output_file")
48. sys.exit(1)
49.  
50. def load_config(config_file):
51. if os.path.isfile(config_file):
52. cf = open(config_file, "rb")
53. config = cf.read()
54. cf.close()
55. else:
56. print("Config file not found..exiting")
57. sys.exit(1)
58. return config
59.  
60. def save_to_file(dest_file, data):
61. wfile = open(dest_file,"wb")
62. wfile.write(data)
63. wfile.close()
64.  
65. def get_sha256_hash_from_sig(sig):
66. sig_int = int(hexlify(sig),16)
67. rsa_n = int(RSA_N,16)
68. dec_sig_as_int = pow(sig_int, 0x10001, rsa_n );
69. decrypted_sig = number.long_to_bytes(dec_sig_as_int, 128)
70. target_sha256 = hexlify(decrypted_sig)[-64:]
71. return target_sha256
72.  
73. def calc_actual_sha256_hash(enc_config_body):
74. sha256 = SHA256.new()
75. sha256.update(enc_config_body)
76. actual_sha256_sig = sha256.hexdigest()
77. actual_sha256_sig = str.encode(actual_sha256_sig)
78. return actual_sha256_sig
79.  
80. def decrypt_body(enc_config_body):
81. iv = unhexlify(AES128CBC_IV)
82. key= unhexlify(AES128CBC_KEY)
83. cipher = AES.new(key, AES.MODE_CBC, iv)
84. decrypted_data = cipher.decrypt(enc_config_body)
85. # Strip block padding
86. decrypted_data=decrypted_data.rstrip(b'\0')
87. return decrypted_data
88.  
89.  
90. def decrypt_config(input_file, output_file):
91. enc_config=load_config(input_file)
92. sig = enc_config[:0x80]
93. enc_config_body=enc_config[0x80:]
94.  
95. print("verifying signature...")
96. target_sha256_hash = get_sha256_hash_from_sig(sig)
97. actual_sha256_hash = calc_actual_sha256_hash(enc_config_body)
98.  
99. if (actual_sha256_hash == target_sha256_hash):
100. print("Signature ok...")
101. else:
102. print("Signature not ok...exiting")
103. sys.exit(1)
104.  
105. print("Decrypting...")
106. decrypted_data = decrypt_body(enc_config_body)
107.  
108. check_config(decrypted_data)
109.  
110. print("Saving decrypted config to " + output_file + "...")
111. save_to_file(output_file, decrypted_data)
112.  
113. def check_config(new_config_file):
114. head = new_config_file[0:len(XML_VERSION_STRING)]
115. if head != XML_VERSION_STRING:
116. print("Not a valid config file...exiting")
117. sys.exit(1)
118.  
119. def encrypt_config(input_file, output_file):
120. new_config_file=load_config(input_file)
121.  
122. check_config(new_config_file)
123.  
124. padding_amount = len(new_config_file) % 32
125. print("" + str(padding_amount) + " bytes padding needed")
126. print("Adding padding...")
127. new_config_file=new_config_file + b'\0'*(32-padding_amount)
128.  
129. print("Encrypting config...")
130. iv = unhexlify(AES128CBC_IV)
131. key= unhexlify(AES128CBC_KEY)
132. aes = AES.new(key, AES.MODE_CBC, iv)
133. enc_new_config = aes.encrypt(new_config_file)
134.  
135. print("Calculating SHA256 hash...")
136. h = SHA256.new()
137. h.update(enc_new_config)
138. actual_sha256_sig = h.hexdigest()
139.  
140. sig = SIG_TEMPLATE+actual_sha256_sig;
141.  
142. print("Encrypting Signature...")
143. sig_int = int(sig,16)
144. rsa_d = int(RSA_D,16)
145. rsa_n = int(RSA_N,16)
146. enc_sig_int = pow(sig_int, rsa_d, rsa_n);
147.  
148. encrypted_sig = number.long_to_bytes(enc_sig_int, 128)
149. enc_config = encrypted_sig + enc_new_config
150.  
151. print("Saving encrypted config to " + output_file + "...")
152. save_to_file(output_file, enc_config)
153.  
154. def main():
155.  
156. if len(sys.argv) < 4:
157. print_usage()
158.  
159. input_file = sys.argv[2]
160. output_file = sys.argv[3]
161. command = sys.argv[1]
162.  
163. if (command == "encrypt"):
164. encrypt_config(input_file, output_file)
165. elif (command == "decrypt"):
166. decrypt_config(input_file, output_file)
167. else:
168. print_usage()
169.  
170.  
171.  
172. if __name__ == "__main__":
173. main()