I can’t understand AES, why this is working?

  Kiến thức lập trình

I’m using the following script, for its construction I’ve relied on the community and chat-gpt.

import base64
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from win32crypt import CryptUnprotectData

# Función decrypt_val
def decrypt_val(buff: bytes, master_key: bytes) -> str:
    iv = buff[3:15]
    payload = buff[15:-16]
    cipher = Cipher(algorithms.AES(master_key), modes.GCM(iv, buff[-16:]), backend=default_backend())  # Se especifica la etiqueta con el modo GCM
    decryptor = cipher.decryptor()

    decrypted_pass = decryptor.update(payload) + decryptor.finalize()
    decrypted_pass = decrypted_pass.decode()
    return decrypted_pass

# Función get_master_key
def get_master_key() -> bytes:
    # Esta es la master_key proporcionada
    master_key = "RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACwiiOT7hVKSpqHHKmfelp6AAAAAAIAAAAAABBmAAAAAQAAIAAAAEr1FtZCawv6cT1z5zzXxZ30h4O7Ity3EBLfTdtM0oO6AAAAAA6AAAAAAgAAIAAAACpGZwsT0RKSCl/ukX6ZxNytKpAbHgRmqLqpRW++TcxEMAAAAC8HEpNDthKadJlMBCAvonE1QXVGTjE4Hh0TJv75iz48R2eb93lG9zxpr8xhh1C7e0AAAAAWODcIFOqibQmHRL/fnDgtFy7JdNC7NynDGMtcucS4R5yD92+2UFPFquqfEbpu/gIW5eMv3LQIQDJlR5I53KRs"
    master_key = base64.b64decode(master_key)
    master_key = master_key[5:]
    master_key = CryptUnprotectData(master_key, None, None, None, 0)[1]
    return master_key

# Token codificado proporcionado
buff = base64.b64decode("djEwsdUQtUlo+u8fbT3dIDywsWtq1iEpaNs5ok1ax5Qln8Jf38QQDtAXr8TQSQMehOnLbYtEwq246L+wRl25BwN5ozWZPzKjedpJ6jzFVoNih4HS8Pdb7WTWEFi22hUj2pUlFLhUgA==")

#Vector de inicialización: sdUQtUlo+u8f
#payload: bT3dIDywsWtq1iEpaNs5ok1ax5Qln8Jf38QQDtAXr8TQSQMehOnLbYtEwq246L+wRl25BwN5ozWZPzKjedpJ6jzFVoNih4HS8Pdb7WTWEFi

# Obtener la clave maestra
master_key = get_master_key()

# Desencriptar el token
token_desencriptado = decrypt_val(buff, master_key)

print("Token desencriptado:", token_desencriptado)

What I can’t understand is why it’s working if the actual decryption key is:

RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADpHGBl4XjpT7wJCP5hOfbvEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAACBsNvEC+5NobWlwI47gXQ0gH6ygCckW03d7sYYm741jAAAAAAOgAAAAAIAACAAAAAgDb9rlDSBX2EQtybfDfjA5bgYY9JJz+bngBHWuu39dzAAAAAE1EXarF4tpHFdmSbA2KvcFn/2mZ3qVyQ7SFha/qy+0VoPntSIYTpRFXC0cqzsOn5AAAAA4rH6CNjtkamgk/bC1Cot8e1FA9wz4pZ4+wxYL738mFkOg6cMTwnuAL2ogQv9Ah/AjhkpH+bLFV5Zwrr2Zumx4A==

Why doesn’t the script work with that decryption key, but with this one it does?: RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACwiiOT7hVKSpqHHKmfelp6AAAAAAIAAAAAABBmAAAAAQAAIAAAAEr1FtZCawv6cT1z5zzXxZ30h4O7Ity3EBLfTdtM0oO6AAAAAA6AAAAAAgAAIAAAACpGZwsT0RKSCl/ukX6ZxNytKpAbHgRmqLqpRW++TcxEMAAAAC8HEpNDthKadJlMBCAvonE1QXVGTjE4Hh0TJv75iz48R2eb93lG9zxpr8xhh1C7e0AAAAAWODcIFOqibQmHRL/fnDgtFy7JdNC7NynDGMtcucS4R5yD92+2UFPFquqfEbpu/gIW5eMv3LQIQDJlR5I53KRs

  • python-3.x
  • aes-gcm

LEAVE A COMMENT