mirror of
https://github.com/skdatmonster/DecryptSourceProtection.git
synced 2025-03-09 07:29:04 -04:00
Update decrypt.html
This commit is contained in:
skdatmonster
parent
661740884d
commit
0ed08b5199
63
decrypt.html
63
decrypt.html
@ -11,10 +11,13 @@
|
||||
<script>
|
||||
"use strict";
|
||||
var xpath = "//EncodedData|//*[@EncodedSourceKey]|//*[@SourceKey]";
|
||||
var keymatl3 = '\x59\x00\x53\x00\x33\x00\x3F\x00\x43\x00\x4E\x00\x21\x00\x40\x00\x42\x00\x73\x00\x49\x00\x74\x00\x39\x00\x6C\x00\x70\x00\x2D\x00\x3D\x00\x43\x00\x4A\x00\x32\x00\x30\x00\x65\x00\x4C\x00\x45\x00\x76\x00\x21\x00\x5A\x00\x64\x00\x49\x00\x53\x00\x33\x00\x25\x00\x68\x00\x52\x00\x6B\x00\x47\x00\x70\x00\x57\x00\x72\x00\x79\x00\x4F\x00\x59\x00\x21\x00\x6C\x00\x69\x00\x21\x00\x4C\x00\x2F\x00\x6E\x00\x38\x00\x5F\x00\x23\x00\x2A\x00\x76\x00\x34\x00\x2E\x00\x48\x00\x7A\x00\x57\x00\x48\x00\x2D\x00\x70\x00\x34\x00\x76\x00';
|
||||
|
||||
var keymatl1 = CryptoJS.enc.Hex.parse('44006F0075006700270073004500780070006F007200');
|
||||
var keymatl2 = CryptoJS.enc.Hex.parse('5D002C0031006800610031004500580054002900240051005A003A005200370065006900390041004B0028005D005D00570034004800630031005C006A0040');
|
||||
var keymatl3 = CryptoJS.enc.Hex.parse('5900530033003F0043004E0021004000420073004900740039006C0070002D003D0043004A003200300065004C004500760021005A0064004900530033002500680052006B00470070005700720079004F00590021006C00690021004C002F006E0038005F0023002A00760034002E0048007A00570048002D00700034007600');
|
||||
var keymatl5 = CryptoJS.enc.Hex.parse('5300340079005400560049005A007A00240063003E005700380026005D0078002F003B004F00550065003F00660051006F007A003300620063005700260042007B0031005A00240068002B006F00460033005C004C003D0023004B005E00650055002500580032007300480048002B0055003D004D0063004E0037002900');
|
||||
var keymatl6 = CryptoJS.enc.Hex.parse('277d3a6f747c647b457d587a502c7a5c4c793137617d24762e6a482a6f54433d553e746c6638655f504f682b68485d695e352c2a2d6f343e325a5d71262961');
|
||||
var keymatl7 = CryptoJS.enc.Hex.parse('786d732a344075703d7d7556464065645769554c622e646b403b6e443c405372502e6c373f4a6b33326f5a457b697377552779286f483d4e53553a5e523f30');
|
||||
|
||||
function print(text, color) {
|
||||
var output = document.getElementById('output');
|
||||
@ -25,6 +28,22 @@ function print(text, color) {
|
||||
output.appendChild(document.createElement('br'));
|
||||
}
|
||||
|
||||
function decrypt_7(b64text, format) {
|
||||
var ciphertext = CryptoJS.enc.Base64.parse(b64text);
|
||||
ciphertext = CryptoJS.enc.Hex.parse(ciphertext.toString().slice(4));
|
||||
var key = CryptoJS.SHA256(keymatl7);
|
||||
var iv = CryptoJS.lib.WordArray.create([0, 0, 0, 0]);
|
||||
var options = {iv: iv, mode: CryptoJS.mode.CBC};
|
||||
var decryptor = CryptoJS.algo.AES.createDecryptor(key, options);
|
||||
var part1 = decryptor.process(ciphertext);
|
||||
var part2 = decryptor.finalize();
|
||||
var plaintext = part1.toString(format) + part2.toString(format);
|
||||
if (plaintext.length == 0 && ciphertext.words.length > 0) {
|
||||
print('Decryption was unsuccessful', 'red');
|
||||
}
|
||||
return plaintext;
|
||||
}
|
||||
|
||||
function decrypt_6(b64text, format) {
|
||||
var ciphertext = CryptoJS.enc.Base64.parse(b64text);
|
||||
ciphertext = CryptoJS.enc.Hex.parse(ciphertext.toString().slice(4));
|
||||
@ -86,6 +105,20 @@ function decrypt_2(b64text, format) {
|
||||
return plaintext;
|
||||
}
|
||||
|
||||
function decrypt_1(b64text, format) {
|
||||
var ciphertext = CryptoJS.enc.Base64.parse(b64text);
|
||||
var hashed = CryptoJS.SHA1(keymatl1);
|
||||
var key = CryptoJS.enc.Hex.parse(hashed.toString(CryptoJS.enc.Hex).slice(0, 10) + '0000000000000000000000');
|
||||
var decryptor = CryptoJS.algo.RC4.createDecryptor(key);
|
||||
var part1 = decryptor.process(ciphertext);
|
||||
var part2 = decryptor.finalize();
|
||||
var plaintext = part1.toString(format) + part2.toString(format);
|
||||
if (plaintext.length == 0 && ciphertext.words.length > 0) {
|
||||
print('Decryption was unsucessful', 'red');
|
||||
}
|
||||
return plaintext;
|
||||
}
|
||||
|
||||
function patchXML(data) {
|
||||
try {
|
||||
var encryptionConfig = 0;
|
||||
@ -105,14 +138,18 @@ function patchXML(data) {
|
||||
}
|
||||
if (element.tagName == 'EncodedData') {
|
||||
var temp = element.getAttribute('EncryptionConfig');
|
||||
if (temp == '3') {
|
||||
encryptionConfig = 3;
|
||||
if (temp === null) {
|
||||
encryptionConfig = 1;
|
||||
} else if (temp == '2') {
|
||||
encryptionConfig = 2;
|
||||
} else if (temp == '3') {
|
||||
encryptionConfig = 3;
|
||||
} else if (temp == '5') {
|
||||
encryptionConfig = 5;
|
||||
} else if (temp == '6') {
|
||||
encryptionConfig = 6;
|
||||
} else if (temp == '7') {
|
||||
encryptionConfig = 7;
|
||||
} else {
|
||||
print('Error: An unsupported EncryptionConfig value was found. (' + temp + ') Decryption of this file is not yet supported.', 'red');
|
||||
return '';
|
||||
@ -125,17 +162,25 @@ function patchXML(data) {
|
||||
}
|
||||
}
|
||||
var decoded;
|
||||
if (encryptionConfig == 3) {
|
||||
decoded = decrypt_3(list.join(''), CryptoJS.enc.Utf16LE);
|
||||
if (encryptionConfig == 1) {
|
||||
decoded = decrypt_1(list.join(''), CryptoJS.enc.Utf16LE);
|
||||
console.log(decoded);
|
||||
if (decoded.charCodeAt(decoded.length - 1) == 0) {
|
||||
decoded = decoded.slice(0, decoded.length - 1);
|
||||
}
|
||||
} else if (encryptionConfig == 2) {
|
||||
decoded = decrypt_2(list.join(''), CryptoJS.enc.Utf16LE);
|
||||
if (decoded.charCodeAt(decoded.length - 1) == 0) {
|
||||
decoded = decoded.slice(0, decoded.length - 1);
|
||||
}
|
||||
} else if (encryptionConfig == 3) {
|
||||
decoded = decrypt_3(list.join(''), CryptoJS.enc.Utf16LE);
|
||||
} else if (encryptionConfig == 5) {
|
||||
decoded = decrypt_5(list.join(''), CryptoJS.enc.Utf16LE);
|
||||
} else if (encryptionConfig == 6) {
|
||||
decoded = decrypt_6(list.join(''), CryptoJS.enc.Utf16LE);
|
||||
} else if (encryptionConfig == 7) {
|
||||
decoded = decrypt_7(list.join(''), CryptoJS.enc.Utf16LE);
|
||||
}
|
||||
var subdoc = new DOMParser().parseFromString(decoded, 'application/xml');
|
||||
if (subdoc.getElementsByTagName('parsererror').length > 0) {
|
||||
@ -150,10 +195,12 @@ function patchXML(data) {
|
||||
print('Unpacked encoded data', 'green');
|
||||
} else if (element.hasAttribute('EncodedSourceKey')) {
|
||||
var decoded;
|
||||
if (encryptionConfig == 3) {
|
||||
decoded = decrypt_3(element.getAttribute('EncodedSourceKey'), CryptoJS.enc.Latin1);
|
||||
if (encryptionConfig == 1) {
|
||||
decoded = decrypt_1(element.getAttribute('EncodedSourceKey'), CryptoJS.enc.Latin1);
|
||||
} else if (encryptionConfig == 2) {
|
||||
decoded = decrypt_2(element.getAttribute('EncodedSourceKey'), CryptoJS.enc.Latin1);
|
||||
} else if (encryptionConfig == 3) {
|
||||
decoded = decrypt_3(element.getAttribute('EncodedSourceKey'), CryptoJS.enc.Latin1);
|
||||
} else if (encryptionConfig == 5) {
|
||||
decoded = decrypt_5(element.getAttribute('EncodedSourceKey'), CryptoJS.enc.Latin1);
|
||||
}
|
||||
@ -168,6 +215,8 @@ function patchXML(data) {
|
||||
}
|
||||
if (encryptionConfig == 6) {
|
||||
print('Source key recovery is not supported for EncryptionConfig="6"', 'orange');
|
||||
} else if (encryptionConfig == 7) {
|
||||
print('Source key recovery is not supported for EncryptionConfig="7"', 'orange');
|
||||
} else {
|
||||
print('Found source key: "' + decoded + '"', 'green');
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user