6535ec731c
closes #248
61 lines
2 KiB
Python
Executable file
61 lines
2 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
|
|
import argparse
|
|
|
|
arg_parser = argparse.ArgumentParser(
|
|
description="BitBot log decrypting utility")
|
|
|
|
arg_parser.add_argument("key",
|
|
help="Location of private key for decrypting given log file")
|
|
arg_parser.add_argument("log", help="Location of the log file to decrypt")
|
|
|
|
args = arg_parser.parse_args()
|
|
|
|
import base64
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives import serialization
|
|
from cryptography.hazmat.primitives import hashes
|
|
from cryptography.hazmat.primitives.asymmetric import padding as a_padding
|
|
|
|
def rsa_decrypt(key, data):
|
|
return key.decrypt(base64.b64decode(data), a_padding.OAEP(
|
|
mgf=a_padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA256(), label=None))
|
|
|
|
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
|
from cryptography.hazmat.primitives import padding
|
|
|
|
def aes_decrypt(key: bytes, data_str: str):
|
|
data_bytes = base64.b64decode(data_str)
|
|
iv, data_bytes = data_bytes[:16], data_bytes[16:]
|
|
|
|
decryptor = Cipher(algorithms.AES(key), modes.CBC(iv),
|
|
backend=default_backend()).decryptor()
|
|
plain = decryptor.update(data_bytes)+decryptor.finalize()
|
|
|
|
unpadder = padding.PKCS7(256).unpadder()
|
|
return (unpadder.update(plain)+unpadder.finalize()).decode("utf8")
|
|
|
|
with open(args.key, "rb") as key_file:
|
|
key_content = key_file.read()
|
|
key = serialization.load_pem_private_key(
|
|
key_content, password=None, backend=default_backend())
|
|
|
|
with open(args.log) as log_file:
|
|
lines = log_file.read().split("\n")
|
|
lines = filter(None, lines)
|
|
|
|
symm_key = None
|
|
for line in lines:
|
|
printable = None
|
|
if line[0] == "\x02":
|
|
printable = rsa_decrypt(key, line[1:]).decode("utf8")
|
|
elif line[0] == "\x03":
|
|
symm_key = rsa_decrypt(key, line[1:])
|
|
elif line[0] == "\x04":
|
|
printable = aes_decrypt(symm_key, line[1:])
|
|
else:
|
|
printable = line
|
|
|
|
if not printable == None:
|
|
print(printable)
|