Hell yeah. It took only 0.1 seconds to recover the AES Key!
from Crypto.Cipher import AES
from Crypto.Util import Counter
import base64
import string
def xor_string(data: bytes, key: int) -> bytes:
result = bytearray(data)
k = key
for i in range(len(result)):
for f in [0, 8, 16, 24]:
result[i] ^= ((k >> f) & 0xFF)
k = (k + 1) & 0xFFFFFFFF
return bytes(result)
def is_valid_key(data: bytes) -> bool:
try:
decoded_str = data.decode('utf-8')
return len(decoded_str) == 16 and all(c in string.ascii_letters + string.digits for c in decoded_str)
except UnicodeDecodeError:
return False
def decrypt(key: bytes, enc) -> bytes:
iv,enc = enc[:16],enc[16:]
ctr = Counter.new(128, initial_value=int.from_bytes(iv, byteorder="big"))
cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
try:
dec = cipher.decrypt(enc)
return dec
except ValueError:
return None
return None
def isPrintable(b: bytes) -> bool:
try:
b.decode()
return True
except UnicodeDecodeError:
return False
def brute_force_key(xored_key: bytes):
enc = "QllpQVtOWU5fRlVWXF9LQbP96KXlOv6w8Ij0NocWw43Sn2eKCKbbrdzQvEOHFeGkWwyF6HI/8mnIvJDLT7s6CNUr1PuWY3G1IAsZW/VzMmBHPeyObC/l9GfNaQoKntLhQ7jvCGg4MYrbifRwyIN3XFWRBk0S+K3StdoUOpmDsw8y"
enc = base64.decodebytes(enc.encode())
for key in range(2_147_483_648): # 2^31 = 2147483648
key = xor_string(xored_key, key)
if is_valid_key(key):
if not isPrintable(decrypt(key,enc) ):
continue
return key
print("No valid key found.")
return None
if __name__ == "__main__":
xored_aes_key = base64.b64decode('opO2j7SMi7iSsoqVh5uZpA==')
recovered_aes_key = brute_force_key(xored_aes_key)
print("AES Key: ", recovered_aes_key)
enc = "QllpQVtOWU5fRlVWXF9LQbP96KXlOv6w8Ij0NocWw43Sn2eKCKbbrdzQvEOHFeGkWwyF6HI/8mnIvJDLT7s6CNUr1PuWY3G1IAsZW/VzMmBHPeyObC/l9GfNaQoKntLhQ7jvCGg4MYrbifRwyIN3XFWRBk0S+K3StdoUOpmDsw8y"
enc = base64.decodebytes(enc.encode())
print(decrypt(recovered_aes_key, enc))