I’m using the following script, for its construction I’ve relied on the community and chat-gpt.
import base64
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from win32crypt import CryptUnprotectData
# Función decrypt_val
def decrypt_val(buff: bytes, master_key: bytes) -> str:
iv = buff[3:15]
payload = buff[15:-16]
cipher = Cipher(algorithms.AES(master_key), modes.GCM(iv, buff[-16:]), backend=default_backend()) # Se especifica la etiqueta con el modo GCM
decryptor = cipher.decryptor()
decrypted_pass = decryptor.update(payload) + decryptor.finalize()
decrypted_pass = decrypted_pass.decode()
return decrypted_pass
# Función get_master_key
def get_master_key() -> bytes:
# Esta es la master_key proporcionada
master_key = "RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACwiiOT7hVKSpqHHKmfelp6AAAAAAIAAAAAABBmAAAAAQAAIAAAAEr1FtZCawv6cT1z5zzXxZ30h4O7Ity3EBLfTdtM0oO6AAAAAA6AAAAAAgAAIAAAACpGZwsT0RKSCl/ukX6ZxNytKpAbHgRmqLqpRW++TcxEMAAAAC8HEpNDthKadJlMBCAvonE1QXVGTjE4Hh0TJv75iz48R2eb93lG9zxpr8xhh1C7e0AAAAAWODcIFOqibQmHRL/fnDgtFy7JdNC7NynDGMtcucS4R5yD92+2UFPFquqfEbpu/gIW5eMv3LQIQDJlR5I53KRs"
master_key = base64.b64decode(master_key)
master_key = master_key[5:]
master_key = CryptUnprotectData(master_key, None, None, None, 0)[1]
return master_key
# Token codificado proporcionado
buff = base64.b64decode("djEwsdUQtUlo+u8fbT3dIDywsWtq1iEpaNs5ok1ax5Qln8Jf38QQDtAXr8TQSQMehOnLbYtEwq246L+wRl25BwN5ozWZPzKjedpJ6jzFVoNih4HS8Pdb7WTWEFi22hUj2pUlFLhUgA==")
#Vector de inicialización: sdUQtUlo+u8f
#payload: bT3dIDywsWtq1iEpaNs5ok1ax5Qln8Jf38QQDtAXr8TQSQMehOnLbYtEwq246L+wRl25BwN5ozWZPzKjedpJ6jzFVoNih4HS8Pdb7WTWEFi
# Obtener la clave maestra
master_key = get_master_key()
# Desencriptar el token
token_desencriptado = decrypt_val(buff, master_key)
print("Token desencriptado:", token_desencriptado)
What I can’t understand is why it’s working if the actual decryption key is:
RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADpHGBl4XjpT7wJCP5hOfbvEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAACBsNvEC+5NobWlwI47gXQ0gH6ygCckW03d7sYYm741jAAAAAAOgAAAAAIAACAAAAAgDb9rlDSBX2EQtybfDfjA5bgYY9JJz+bngBHWuu39dzAAAAAE1EXarF4tpHFdmSbA2KvcFn/2mZ3qVyQ7SFha/qy+0VoPntSIYTpRFXC0cqzsOn5AAAAA4rH6CNjtkamgk/bC1Cot8e1FA9wz4pZ4+wxYL738mFkOg6cMTwnuAL2ogQv9Ah/AjhkpH+bLFV5Zwrr2Zumx4A==
Why doesn’t the script work with that decryption key, but with this one it does?: RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACwiiOT7hVKSpqHHKmfelp6AAAAAAIAAAAAABBmAAAAAQAAIAAAAEr1FtZCawv6cT1z5zzXxZ30h4O7Ity3EBLfTdtM0oO6AAAAAA6AAAAAAgAAIAAAACpGZwsT0RKSCl/ukX6ZxNytKpAbHgRmqLqpRW++TcxEMAAAAC8HEpNDthKadJlMBCAvonE1QXVGTjE4Hh0TJv75iz48R2eb93lG9zxpr8xhh1C7e0AAAAAWODcIFOqibQmHRL/fnDgtFy7JdNC7NynDGMtcucS4R5yD92+2UFPFquqfEbpu/gIW5eMv3LQIQDJlR5I53KRs