def __init__(self, tls_ctx, data="", content_type=tls.TLSContentType.APPLICATION_DATA):
if tls_ctx is None:
raise ValueError("Valid TLS session context required")
self.tls_ctx = tls_ctx
is_cbc = self.tls_ctx.sec_params.negotiated_crypto_param["cipher"]["mode"] != None
if self.tls_ctx.params.negotiated.version > tls.TLSVersion.TLS_1_0 and is_cbc:
self.explicit_iv = os.urandom(self.tls_ctx.crypto.session.key.length.iv)
else:
self.explicit_iv = ""
self.data = data
self.version = tls_ctx.params.negotiated.version
self.content_type = content_type
self.pkcs7 = pkcs7.PKCS7Encoder()
if self.tls_ctx.client:
# TODO: Needs concurrent safety if this ever goes concurrent
self.hmac_handler = tls_ctx.crypto.client.hmac
self.enc_cipher = tls_ctx.crypto.client.enc
self.seq_number = tls_ctx.crypto.session.key.client.seq_num
self.tls_ctx.crypto.session.key.client.seq_num += 1
else:
self.hmac_handler = tls_ctx.crypto.server.hmac
self.enc_cipher = tls_ctx.crypto.server.enc
self.seq_number = tls_ctx.crypto.session.key.server.seq_num
self.tls_ctx.crypto.session.key.server.seq_num += 1
# CBC mode
self.hmac()
if is_cbc:
self.pad()
# No padding otherwise
else:
self.padding = ""
def Decrypt(self, Encrypted, SecurePassword):
decodbase64 = base64.b64decode(Encrypted.decode("utf-8"))
pw_encode = SecurePassword.encode('utf-8')
iv = decodbase64[:AES.block_size]
key = hashlib.sha256(pw_encode).digest()
cipher = AES.new(key, AES.MODE_CBC, iv)
msg = cipher.decrypt(decodbase64[AES.block_size:])
pad_text = pkcs7.PKCS7Encoder().decode(msg.decode('utf-8'))
return pad_text
def Encrypt(self, PlainText, SecurePassword):
pw_encode = SecurePassword.encode('utf-8')
key = hashlib.sha256(pw_encode).digest()
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)
pad_text = pkcs7.PKCS7Encoder().encode(PlainText)
msg = iv + cipher.encrypt(pad_text)
EncodeMsg = base64.b64encode(msg)
return EncodeMsg
def __init__(self, tls_ctx, data="", content_type=0x17, to_server=True):
if tls_ctx is None:
raise ValueError("Valid TLS session context required")
self.tls_ctx = tls_ctx
self.data = data
self.version = tls_ctx.params.negotiated.version
self.content_type = content_type
self.pkcs7 = pkcs7.PKCS7Encoder()
if to_server:
# TODO: Needs concurrent safety if this ever goes concurrent
self.hmac_handler = tls_ctx.crypto.client.hmac
self.enc_cipher = tls_ctx.crypto.client.enc
self.seq_number = tls_ctx.packets.client.sequence
tls_ctx.crypto.session.key.client.seq_num += 1
else:
self.hmac_handler = tls_ctx.crypto.server.hmac
self.enc_cipher = tls_ctx.crypto.server.enc
self.seq_number = tls_ctx.packets.server.sequence
tls_ctx.crypto.session.key.server.seq_num += 1
self.hmac()
self.pad()
def encrypt(s):
d = DES3.new(key, DES3.MODE_CBC, iv)
padder = pkcs7.PKCS7Encoder(k=8)
return base64.standard_b64encode(d.encrypt(padder.encode(s)))
def decrypt(s):
d = DES3.new(key, DES3.MODE_CBC, iv)
padder = pkcs7.PKCS7Encoder(k=8)
return padder.decode(d.decrypt(base64.standard_b64decode(s)))
def decrypt(self, data: str):
aes = AES.new(self.key, AES.MODE_CBC, self.iv)
pad_text = aes.decrypt(base64.b64decode(
data.encode("UTF-8"))).decode("UTF-8")
return pkcs7.PKCS7Encoder().decode(pad_text)
def encrypt(self, data):
data = pkcs7.PKCS7Encoder().encode(data)
data: str
cipher = AES.new(self.key, AES.MODE_CBC, self.iv)
encrypted = cipher.encrypt(data.encode("UTF-8"))
return helpers.mime_encoder(encrypted).replace("\r\n", "")
def setUp(self):
self.pkcs7 = pkcs7.PKCS7Encoder()
unittest.TestCase.setUp(self)
def __init__(self, cipher_object):
self.cipher_object = cipher_object
self.encoder = pkcs7.PKCS7Encoder(
k=cipher_object.block_size) # padd 16
# [ https://stackoverflow.com/questions/12524994/encrypt-decrypt-using-pycrypto-aes-256 ]
# .\Python34\Lib\site-packages\pkcs7\__init__.py
# Line#06:__version__ = "0.1.2"
# Line#45: lastch = text[-1] ## = ord(text[-1])
# Line#50: if text[textlen - i - 1] != lastch: ## if ord(text[textlen - i - 1])
# Line#85: enctext += lastch.encode() * leftlen ## += lastch * leftlen
# Line#87: lastch = text[-1] ## = ord(text[-1])
import Crypto.Cipher.AES
import pkcs7
cipherMode = Crypto.Cipher.AES.MODE_CBC
privateKey = "01234567890123456789012345678901"
iv = '\x00' * 16
paddingEnc = pkcs7.PKCS7Encoder()
filePath = r"B:\data.txt"
with open(filePath + ".encrypted", 'wb') as f1:
with open(filePath, 'rb') as f0:
aes = Crypto.Cipher.AES.new(
privateKey, cipherMode,
IV=iv) ##!! must reinitialize this for each file !!##
while True:
data = f0.read(1024)
if len(data) == 0: break
encyptedData = aes.encrypt(paddingEnc.encode(data))
f1.write(encyptedData)
#
#
#
def encrypt(self, data):
data = pkcs7.PKCS7Encoder().encode(data)
data: str
cipher = AES.new(bytes(self.key), AES.MODE_CBC, bytes(self.iv))
encrypted = cipher.encrypt(data.encode("UTF-8"))
return TpLinkCipher.mime_encoder(encrypted).replace("\r\n", "")
print("\niv %s" % iv.encode('hex'))
salt = bytearray([10, 20, 30, 40, 50, 60, 70, 80])
print("salt %s encoded %s" % (salt,binascii.hexlify(bytearray(salt))))
keyBytes = 32
iterations = 300
ts = 1526467561 # 1526461548 desired value - taken from pawlos
#ts = int(datetime.datetime(2018,05,16,9,5,49).strftime('%s'))
while True :
pass = "******" + str(ts)
derived_key = PBKDF2(pass, salt, keyBytes, iterations)
#derived_key = '8F7F1CAB8B917432BD3038CE767FF448E3C745C67C23EECC50E36DCC5F9324DC'.decode("hex")
#print("\nkey %s" % derived_key.encode("hex"))
encoder = pkcs7.PKCS7Encoder()
with open('dbname.db.enc', 'r') as encoded_secret:
cipher = AES.new(derived_key, AES.MODE_CBC, iv)
decoded = cipher.decrypt(base64.b64decode(encoded_secret.read()))[:15]
if all(c in string.printable for c in decoded):
print(decoded)
print(decoded.encode('hex'))
czas = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(ts))
print(pass+' '+czas)
break
if ts%999 == 0:
print("999 -------------- ")
ts -= 1
#
async def decrypt(self, text: str):
"""Decrypt `data` with TP-Link encryption method"""
data = base64.b64decode(text.encode("utf-8"))
cipher = await self.cipher()
decrypted = cipher.decrypt(data).decode("utf-8")
return pkcs7.PKCS7Encoder().decode(decrypted)
async def encrypt(self, data):
"""Encrypt `data` with TP-Link encryption method"""
data = pkcs7.PKCS7Encoder().encode(json.dumps(data))
cipher = await self.cipher()
encrypted = cipher.encrypt(data.encode("utf-8"))
return b64_encode(encrypted)
