def decrypt_json(encrypted_data, secret_bytes_key, cipher_type='AES'):
dct = serialization.BytesToDict(
encrypted_data,
encoding='utf-8',
keys_to_text=True,
values_to_text=True,
)
if cipher_type == 'AES':
cipher = AES.new(
key=secret_bytes_key,
mode=AES.MODE_CBC,
iv=base64.b64decode(dct['iv'].encode('utf-8')),
)
elif cipher_type == 'DES3':
cipher = DES3.new(
key=secret_bytes_key,
mode=DES3.MODE_CBC,
iv=base64.b64decode(dct['iv'].encode('utf-8')),
)
else:
raise Exception('unsupported cipher type')
padded_data = cipher.decrypt(base64.b64decode(dct['ct'].encode('utf-8')))
if cipher_type == 'AES':
raw_data = Padding.unpad(
padded_data=padded_data,
block_size=AES.block_size,
)
elif cipher_type == 'DES3':
raw_data = Padding.unpad(
padded_data=padded_data,
block_size=DES3.block_size,
)
# TODO: remove salt from raw_data
return raw_data
def decrypt_credential_v1(self, enc):
try:
enc = Util.base64dec_bytes(enc)
iv = enc[:AES.block_size]
cipher = AES.new(self.get_device_id_v1(), AES.MODE_CBC, iv)
if sys.version_info < (3, 0):
return py2_decode(Padding.unpad(padded_data=cipher.decrypt(enc[AES.block_size:]), block_size=32))
return Padding.unpad(padded_data=cipher.decrypt(enc[AES.block_size:]), block_size=32).decode('utf8')
except Exception:
self.log("Decrypt credentials error: " + traceback.format_exc())
return None
def decrypt(ciphertext, key, keylen=KEYLEN):
"""Decrypt bytes using AES-CBC with keys of length `keylen` (defaults to
KEYLEN: 256 bits).
@param ciphertext: Data to be decrypted.
@type ciphertext: bytes
@param key: Encryption passphrase.
@type key: str, bytes
@param keylen: Length of the key to use in bytes. Can be either 16, 24 or
32.
@type keylen: str, bytes
@return: The decrypted ciphertext.
@rtype : bytes
@raise ValueError: Incorrect padding. Happens if passphrase is incorrect.
"""
ciphertext = base64.b64decode(ciphertext)
salt = ciphertext[:AES.block_size]
iv = ciphertext[AES.block_size:2 * AES.block_size]
key = KDF.PBKDF2(key, salt, dkLen=keylen)
cipher = AES.new(key, AES.MODE_CBC, iv=iv)
return Padding.unpad(cipher.decrypt(ciphertext[2 * AES.block_size:]),
AES.block_size)
def decrypt_data(self, given_key=None, file_name=None):
# data parsing
if file_name is not None:
self.file_name = file_name
with open(self.file_name, 'rb') as file:
iv = file.read(AES.block_size)
encrypted_data = file.read()
# key setting
raw_key = given_key
if raw_key is None:
raw_key = self.raw_key
set_key = self.set_key(raw_key)
encoded_key = set_key.encode()
key = strxor.strxor(encoded_key, iv)
# decrypt data
cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted_data = cipher.decrypt(encrypted_data)
unpadded_data = Padding.unpad(decrypted_data, AES.block_size)
plain_data = unpadded_data.decode()
parsed_data = plain_data.split(';')
self.login_id = parsed_data[0]
self.login_password = parsed_data[1]
self.account_password = parsed_data[2]
self.certificate_password = parsed_data[3]
return parsed_data
def __decrypt_payload_chunks(self, payloadchunks):
decrypted_payload = ''
for chunk in payloadchunks:
payloadchunk = json.JSONDecoder().decode(chunk)
payload = payloadchunk.get('payload')
decoded_payload = base64.standard_b64decode(payload)
encryption_envelope = json.JSONDecoder().decode(decoded_payload)
# Decrypt the text
cipher = AES.new(
self.encryption_key, AES.MODE_CBC,
base64.standard_b64decode(encryption_envelope['iv']))
ciphertext = encryption_envelope.get('ciphertext')
plaintext = cipher.decrypt(base64.standard_b64decode(ciphertext))
# unpad the plaintext
plaintext = json.JSONDecoder().decode(Padding.unpad(plaintext, 16))
data = plaintext.get('data')
# uncompress data if compressed
if plaintext.get('compressionalgo') == 'GZIP':
decoded_data = base64.standard_b64decode(data)
data = zlib.decompress(decoded_data, 16 + zlib.MAX_WBITS)
else:
data = base64.standard_b64decode(data)
decrypted_payload += data
decrypted_payload = json.JSONDecoder().decode(
decrypted_payload)[1]['payload']['data']
decrypted_payload = base64.standard_b64decode(decrypted_payload)
return json.JSONDecoder().decode(decrypted_payload)
def decrypt(pass_phrase, cipher_text):
"""
Decrypt encrypted data with provided pass phrase
:param pass_phrase: Pass phrase
:type pass_phrase: String
:param cipher_text: Encrypted data
:type cipher_text: String
:return: Decrypted data
:rtype: String
"""
mode = AES.MODE_CBC
block_size = AES.block_size
salt, initialization_vector, body = cipher_text.split('.')
body = b64decode(body.encode('utf-8'))
initialization_vector = b64decode(initialization_vector.encode('utf-8'))
salt = b64decode(salt.encode('utf-8'))
key = PBKDF2(pass_phrase, salt)
cipher = AES.new(key, mode, initialization_vector)
try:
body = Padding.unpad(cipher.decrypt(body), block_size).decode('utf-8')
except ValueError:
# most likely a padding error which suggests incorrect password
raise click.UsageError('Password incorrect')
return body
def decode(self, enc):
enc = base64.b64decode(enc)
iv = enc[:AES.block_size]
cipher = AES.new(self.crypt_key, AES.MODE_CBC, iv)
cipher2 = AES.new(self.crypt_key2, AES.MODE_CBC, iv)
try:
decoded = Padding.unpad(padded_data=cipher.decrypt(
enc[AES.block_size:]),
block_size=self.bs).decode('utf-8')
except:
decoded = Padding.unpad(padded_data=cipher2.decrypt(
enc[AES.block_size:]),
block_size=self.bs).decode('utf-8')
return decoded
async def get_between(self, ctx, first, last):
await ctx.message.delete()
if not(len(first) == 10 and first[2] == "-" and first[5] == "-"):
await ctx.send("Wrong format for first date, valid format is: 'dd-mm-yyyy'")
return
if not(len(last) == 10 and last[2] == "-" and last[5] == "-"):
await ctx.send("Wrong format for last date, valid format is: 'dd-mm-yyyy'")
return
date1 = datetime.datetime.strptime(first, "%d-%m-%Y")
date2 = datetime.datetime.strptime(last, "%d-%m-%Y")
query = """SELECT * FROM absence
WHERE date BETWEEN
$1 AND $2
ORDER BY date, userid;"""
fetched = await self.bot.db.fetch(query, date1, date2)
absence_list = ""
for row in fetched:
member = discord.utils.get(ctx.guild.members, id=row["userid"])
if member:
excuse = self.aes.decrypt(row["excuse"])
excuse = Padding.unpad(excuse, 16)
absence_list += f"{row['date'].strftime('%A %d-%m')} - {member.display_name}: {str(excuse)}\n"
absenceembed = discord.Embed()
absenceembed.title = f"All absence between {first} and {last}"
absenceembed.description = absence_list if fetched else "No absence logged"
await ctx.author.send(embed=absenceembed)
def decrypt_response(self, key, ciphertext):
"""
decrypt_response()
Method to decrypt an encrypted response with provided key
@param key: Key in bytes
@param ciphertext: Ciphertext to decrypt in bytes
@return: Decrypted response as a dict
"""
aes_cbc_ctx = AES.new(key, AES.MODE_CBC, iv=b'\0' * 16)
try:
plaintext = Padding.unpad(aes_cbc_ctx.decrypt(ciphertext), 16)
except ValueError:
self.logger.error('Error decrypting response')
self.logger.error('Ciphertext:')
self.logger.error(base64.b64encode(ciphertext).decode('utf8'))
self.logger.error('Tried decrypting with key %s',
base64.b64encode(key).decode('utf8'))
raise ValueError('Error decrypting response')
return json.loads(plaintext.decode('utf8'))
async def get_all(self, ctx):
await ctx.message.delete()
query = """SELECT * FROM absence
WHERE guildid = $1
ORDER BY posted DESC, userid;"""
fetched = await self.bot.db.fetch(query, ctx.guild.id)
absence_list = ""
for row in fetched:
member = discord.utils.get(ctx.guild.members, id=row["userid"])
if member:
excuse = self.aes.decrypt(row["excuse"])
excuse = Padding.unpad(excuse, 16).decode("utf-8")
ab_id = row["id"]
from_date = row['absentfrom'].strftime("%d/%m")
to_date = row['absentto'].strftime("%d/%m")
if from_date == to_date:
date = from_date
else:
date = f"{from_date}-{to_date}"
a_s = f"{ab_id} | {date} - {member.display_name}: {excuse}"
a_s = Database.slice_string(a_s)
if len(absence_list) + len(a_s) > 2000: break
absence_list += f"{a_s:<65}\n"
absenceembed = discord.Embed()
absenceembed.title="All absence"
absenceembed.description = absence_list if fetched else "No absence logged"
await ctx.author.send(embed=absenceembed)
async def get_id(self, ctx, ab_id:int):
query = """SELECT * FROM absence
WHERE id = $1 AND guildid = $2"""
await ctx.message.delete()
fetched = await self.bot.db.fetchrow(query, ab_id, ctx.guild.id)
if not fetched:
await ctx.send("Couldn't find an absence with the id: {ab_id}")
return
member = discord.utils.get(ctx.guild.members, id=fetched["userid"])
excuse = self.aes.decrypt(fetched["excuse"])
excuse = Padding.unpad(excuse, 16).decode("utf-8")
ab_id = fetched["id"]
from_date = fetched['absentfrom'].strftime("%d/%m/%Y")
to_date = fetched['absentto'].strftime("%d/%m/%Y")
if from_date == to_date:
date = from_date
else:
date = f"{from_date}-{to_date}"
a_s = f"Absence id: {ab_id}\nDate: {date}\nExcuse: {excuse}"
absenceembed = discord.Embed()
absenceembed.set_author(name=member.display_name,
icon_url=member.avatar_url)
absenceembed.description = a_s[:2000]
await ctx.author.send(embed=absenceembed)
async def get_user(self, ctx, member:discord.Member):
query = """SELECT * FROM absence
WHERE userid = $1 AND guildid = $2
ORDER BY id DESC;"""
fetched = await self.bot.db.fetch(query, member.id, ctx.guild.id)
absence_list = ""
for row in fetched:
excuse = self.aes.decrypt(row["excuse"])
excuse = Padding.unpad(excuse, 16).decode("utf-8")
ab_id = row["id"]
from_date = row['absentfrom'].strftime("%d/%m")
to_date = row['absentto'].strftime("%d/%m")
if from_date == to_date:
date = from_date
else:
date = f"{from_date}-{to_date}"
a_s = f"{ab_id} | {date} - {member.display_name}: {excuse}"
a_s = Database.slice_string(a_s)
if len(absence_list) + len(a_s) > 2000: break
absence_list += f"{a_s:<65}\n"
absenceembed = discord.Embed()
absenceembed.set_author(name=member.display_name, icon_url=member.avatar_url)
absenceembed.description = absence_list[:2000]
await ctx.author.send(embed=absenceembed)
def _get_authentication_key_data(file_path, pin):
"""Open the auth key file"""
from resources.lib.kodi import ui
# Keep these imports within the method otherwise if the packages are not installed,
# the addon crashes and the user does not read the warning message
try: # The crypto package depends on the library installed (see Wiki)
from Cryptodome.Cipher import AES
from Cryptodome.Util import Padding
except ImportError:
from Crypto.Cipher import AES
from Crypto.Util import Padding
try:
file_content = load_file(file_path)
iv = '\x00' * 16
cipher = AES.new((pin + pin + pin + pin).encode("utf-8"), AES.MODE_CBC,
iv.encode("utf-8"))
decoded = Padding.unpad(padded_data=cipher.decrypt(
base64.b64decode(file_content)),
block_size=16)
return json.loads(decoded.decode('utf-8'))
except ValueError:
# ValueError should always means wrong decryption due to wrong key
ui.show_ok_dialog(get_local_string(30342), get_local_string(30106))
return ''
except Exception as exc: # pylint: disable=broad-except
LOG.warn('Exception raised: {}', exc)
ui.show_ok_dialog(get_local_string(30342), get_local_string(30343))
return None
def decrypt_from_json(encrypted_data, secret_16bytes_key):
# not in use at the moment
b64 = json.loads(encrypted_data)
iv = base64.b64decode(b64['iv'])
ct = base64.b64decode(b64['ct'])
cipher = AES.new(secret_16bytes_key, AES.MODE_CBC, iv)
result = Padding.unpad(cipher.decrypt(ct), AES.block_size)
return result
def decrypt_credential_v1(self, enc):
try:
enc = base64.b64decode(enc)
iv = enc[:AES.block_size]
cipher = AES.new(self.get_device_id_v1(), AES.MODE_CBC, iv)
decoded = Padding.unpad(padded_data=cipher.decrypt(enc[AES.block_size:]), block_size=32).decode('utf-8')
return decoded
except:
return None
async def content(self, ctx, content, limit: int=10):
query = """
SELECT * FROM messages
WHERE guild_id = $1
ORDER BY date desc
LIMIT 1000;"""
rows = await self.bot.db.fetch(
query, ctx.guild.id)
embed = discord.Embed(
title=f"Fetched logs resembling search query")
desc = ""
topx = close_str(content, rows, limit)
for _, record in reversed(topx):
msgid, authorid, channelid, _, content, date = record
date = date.strftime("%d/%m/%y %H:%M")
msg = None
try:
msg = ctx.guild.get_message(msgid)
except Exception:
pass
channel = ""
try:
channel = ctx.guild.get_channel(channelid).name
except Exception:
pass
author = ""
try:
author = ctx.guild.get_member(authorid).mention
except Exception:
pass
if msg:
content = msg.content
else:
aes = AES.new(self.bot.secrets.ENCRYPT_KEY, AES.MODE_ECB)
content = aes.decrypt(content)
content = Padding.unpad(content, 16).decode("utf-8")
prefix = f"{date} {author} #{channel}:"
if len(prefix) > 25:
prefix = prefix[:70]
prefix += "\n"
prefix = f"__**{prefix}**__"
desc += f"{prefix}*{content}*\n"
embed.description = f"{desc[:2000]}"
if rows:
await ctx.send(embed=embed)
return
await ctx.send(embed=discord.Embed(description="No logs available"))
def decrypt(encrypted_data, secret_16bytes_key):
input_data = serialization.StringToObject(encrypted_data)
cipher = AES.new(
key=secret_16bytes_key,
mode=AES.MODE_CBC,
iv=input_data['iv'],
)
padded_data = cipher.decrypt(input_data['ct'])
result = Padding.unpad(padded_data, AES.block_size)
return result
def decrypt_payload(encrypted_text, key):
"""Decrypts and returns plain text
:param str encrypted_text:
:param str key:
:returns: plain text
"""
key = key.encode("utf-8")
raw = binascii.unhexlify(encrypted_text)
crypt = AES.new(key, AES.MODE_CBC, iv=key)
return Padding.unpad(crypt.decrypt(raw), PADDING_OFFSET).decode("utf-8")
def test_solution() -> None:
cases = [
(b"ICE ICE BABY\x04\x04\x04\x04", b"ICE ICE BABY"),
(b"ICE ICE BABY\x05\x05\x05\x05", None),
(b"ICE ICE BABY\x01\x02\x03\x04", None),
]
for s, want in cases:
try:
got: Optional[bytes] = Padding.unpad(s, len(s))
except ValueError:
got = None
assert got == want
def decrypt_json(encrypted_data, secret_16bytes_key):
dct = serialization.BytesToDict(encrypted_data)
iv = base64.b64decode(dct['iv'])
ct = base64.b64decode(dct['ct'])
cipher = AES.new(
key=secret_16bytes_key,
mode=AES.MODE_CBC,
iv=iv,
)
result = Padding.unpad(cipher.decrypt(ct), AES.block_size)
# TODO: remove salt from raw_data
return result
async def secrets(self, ctx, limit=10, info=None):
msg = None
messages = await self.bot.db.fetch("""
SELECT * FROM messages
ORDER BY date desc
LIMIT $1;""",
limit)
embed = discord.Embed(
title=f"{limit} last messages from everything")
desc = ""
for msg in messages:
msgid, authorid, channelid, guildid, content, date = msg
if authorid == self.bot.user.id:
continue
guild = None
channel = None
msg = None
member = None
try:
guild = self.bot.get_guild(guildid)
channel = guild.get_channel(channelid)
msg = await channel.get_message(msgid)
member = guild.get_member(authorid)
except Exception:
pass
form_date = date.strftime("%d/%m/%y %H:%M")
if guild and channel and member and msg and not info:
desc += f"{form_date} in {guild.name} #{channel.name} @{member.display_name}: \n\t\"{msg.content}\"\n"
continue
elif guild and channel and member and msg:
desc += f"{form_date}: {msg.content}\n"
continue
if content:
msg = self.aes.decrypt(content)
msg = Padding.unpad(msg, 16).decode("utf-8")
desc += f"{form_date}: {msg}\n"
embed.description = f"```{desc[:2000]}```"
if msg:
await ctx.send(embed=embed)
return
await ctx.send(embed=discord.Embed(description="No logs available"))
def decrypt(self, data: bytes) -> str:
""" decrypt data
:param data: encrypted byte array
:return: decrypted str
"""
if not self.encrypt_key:
return ''
data = base64.b64decode(data)
data = AES.new(key=self.encrypt_key.encode().ljust(32, b'\x00'),
mode=AES.MODE_CBC,
iv=data[0:16]).decrypt(base64.b64decode(data[16:]))
data = Padding.unpad(data, 16)
return data.decode('utf-8')
def aes_decrypt(text, key):
"""
aes解密还原,ECB模式
:param text: str待解密的字符串密文
:param key: str秘钥
:return: 解密后的字符串
"""
aes = AES.new(key.encode(), AES.MODE_ECB)
text = base64.b64decode(text.encode())
plain_text = aes.decrypt(text)
# pad后的数据可能在末尾加了字符,避免影响json识别,需进行unpad。
plain_text = Padding.unpad(plain_text, AES.block_size,
style='pkcs7').decode()
return plain_text
def decrypt(self, ciphertext: str):
ciphertext = urlsafe_b64decode(ciphertext.encode("utf-8"))
iv = ciphertext[:AES.block_size]
cipher = AES.new(
key=self.key,
mode=AES.MODE_CBC,
iv=iv
)
padded_plaintext = cipher.decrypt(ciphertext[AES.block_size:])
return Padding.unpad(
padded_data=padded_plaintext,
block_size=AES.block_size
).decode("utf-8")
def decode(self, enc):
"""
Decodes data
:param data: Data to be decoded
:type data: str
:returns: string -- Decoded data
"""
enc = base64.b64decode(enc)
iv = enc[:AES.block_size]
cipher = AES.new(self.crypt_key, AES.MODE_CBC, iv)
decoded = Padding.unpad(
padded_data=cipher.decrypt(enc[AES.block_size:]),
block_size=self.bs).decode('utf-8')
return decoded
def decrypt(self) -> str:
"""
Decrypts encrypted text with cipher specified on the instance and checks tag to verify message integrity
"""
cipher = self.set_key(self.nonce)
plaintext = Padding.unpad(cipher.decrypt(self.text), 16)
# Verify message integrity
try:
cipher.verify(self.tag)
except ValueError:
raise
return str(plaintext, "utf-8")
def authenticated_decrypt(aes_key, hmac_key, data):
data = base64.b64decode(data)
tag = data[-64:]
data = data[:-64]
# verify the HMAC tag
hmac = HMAC.new(hmac_key, digestmod=SHA256)
hmac.update(data)
if tag != hmac.hexdigest():
raise AuthenticationError("failure")
# decrypt the data using AES
data = AES.new(aes_key, AES.MODE_CBC,
data[:AES.block_size]).decrypt(data[AES.block_size:])
return Padding.unpad(data, AES.block_size, style='pkcs7')
def find_closest_records(a: "Search str",
b: "List of records",
limit=10) -> list:
scores_set = set()
for entry in b:
aes = AES.new(ENCRYPT_KEY, AES.MODE_ECB)
content = aes.decrypt(entry["content"])
content = Padding.unpad(content, 16).decode("utf-8")
score = seq(a=a.lower(), b=content.lower()).ratio()
if score > 0.3:
scores_set.add((score, entry))
if limit > len(scores_set):
limit = len(scores_set)
return nlargest(limit, scores_set, key=lambda tup: tup[0])
def decrypt_msl_payload(self, payload):
"""
decrypt_msl_payload()
@param payload: Chunked payload response as received from MSL API
@return: Decrypted and assembled payload as a dict
"""
payloads = re.split(
r',"signature":"[0-9A-Za-z/+=]+"}',
payload.split('}}')[1]
)
payloads = [x + '}' for x in payloads][:-1]
payload_chunks = payloads
chunks = []
for chunk in payload_chunks:
payloadchunk = json.loads(chunk)
encryption_envelope = payloadchunk['payload']
cipher = AES.new(
self.msl_session['session_keys']['encryption_key'],
AES.MODE_CBC,
base64.b64decode(json.loads(
base64.b64decode(encryption_envelope).decode('utf8')
)['iv'])
)
plaintext = cipher.decrypt(
base64.b64decode(json.loads(
base64.b64decode(encryption_envelope).decode('utf8')
)['ciphertext'])
)
plaintext = json.loads(Padding.unpad(plaintext, 16).decode('utf8'))
data = plaintext['data']
data = base64.b64decode(data).decode('utf8')
chunks.append(data)
decrypted_payload = json.loads(''.join(chunks))
return decrypted_payload
def decrypt_credential(enc, secret=None):
"""
Decodes data
:param data: Data to be decoded
:type data: str
:returns: string -- Decoded data
"""
# pylint: disable=invalid-name,import-error
import base64
from Cryptodome.Cipher import AES
from Cryptodome.Util import Padding
enc = base64.b64decode(enc)
iv = enc[:AES.block_size]
cipher = AES.new(secret or __uniq_id(), AES.MODE_CBC, iv)
decoded = Padding.unpad(padded_data=cipher.decrypt(enc[AES.block_size:]),
block_size=__BLOCK_SIZE__).decode('utf-8')
return decoded
def decrypt(self, iv, data):
cipher = AES.new(self.encryption_key, AES.MODE_CBC, iv)
return Padding.unpad(cipher.decrypt(data), 16)
