wxhelper/python/decrypt.py

import ctypes
import hashlib
import hmac

# pip install pycryptodome
from Crypto.Cipher import AES


def decrypt(password, input_file, out_file):
    password = bytes.fromhex(password.replace(' ', ''))
    with open(input_file, 'rb') as (f):
        blist = f.read()
    print(len(blist))
    salt = blist[:16]
    key = hashlib.pbkdf2_hmac('sha1', password, salt, DEFAULT_ITER, KEY_SIZE)
    first = blist[16:DEFAULT_PAGESIZE]
    mac_salt = bytes([x ^ 58 for x in salt])
    mac_key = hashlib.pbkdf2_hmac('sha1', key, mac_salt, 2, KEY_SIZE)
    hash_mac = hmac.new(mac_key, digestmod='sha1')
    hash_mac.update(first[:-32])
    hash_mac.update(bytes(ctypes.c_int(1)))
    if hash_mac.digest() == first[-32:-12]:
        print('decrypt success')
    else:
        print('password error')
        return
    blist = [blist[i:i + DEFAULT_PAGESIZE] for i in range(DEFAULT_PAGESIZE, len(blist), DEFAULT_PAGESIZE)]
    with open(out_file, 'wb') as (f):
        f.write(SQLITE_FILE_HEADER)
        t = AES.new(key, AES.MODE_CBC, first[-48:-32])
        f.write(t.decrypt(first[:-48]))
        f.write(first[-48:])
        for i in blist:
            t = AES.new(key, AES.MODE_CBC, i[-48:-32])
            f.write(t.decrypt(i[:-48]))
            f.write(i[-48:])


def main():
    password = '565735E30E474DA09250CB5AA047E3940FFA1C6F767C4263B13ABB512933DA49'
    input_file = 'C:/var/Applet.db'
    out_file = 'c:/var/out/Applet.db'
    decrypt(password, input_file, out_file)


if __name__ == '__main__':
    SQLITE_FILE_HEADER = bytes('SQLite format 3', encoding='ASCII') + bytes(1)
    KEY_SIZE = 32
    DEFAULT_PAGESIZE = 4096
    DEFAULT_ITER = 64000
    main()
合并注入工具和解密工具 2023-03-29 09:30:03 +08:00			`import ctypes`
			`import hashlib`
			`import hmac`

			`# pip install pycryptodome`
			`from Crypto.Cipher import AES`


			`def decrypt(password, input_file, out_file):`
			`password = bytes.fromhex(password.replace(' ', ''))`
			`with open(input_file, 'rb') as (f):`
			`blist = f.read()`
			`print(len(blist))`
			`salt = blist[:16]`
			`key = hashlib.pbkdf2_hmac('sha1', password, salt, DEFAULT_ITER, KEY_SIZE)`
			`first = blist[16:DEFAULT_PAGESIZE]`
			`mac_salt = bytes([x ^ 58 for x in salt])`
			`mac_key = hashlib.pbkdf2_hmac('sha1', key, mac_salt, 2, KEY_SIZE)`
			`hash_mac = hmac.new(mac_key, digestmod='sha1')`
			`hash_mac.update(first[:-32])`
			`hash_mac.update(bytes(ctypes.c_int(1)))`
			`if hash_mac.digest() == first[-32:-12]:`
			`print('decrypt success')`
			`else:`
			`print('password error')`
			`return`
			`blist = [blist[i:i + DEFAULT_PAGESIZE] for i in range(DEFAULT_PAGESIZE, len(blist), DEFAULT_PAGESIZE)]`
			`with open(out_file, 'wb') as (f):`
			`f.write(SQLITE_FILE_HEADER)`
			`t = AES.new(key, AES.MODE_CBC, first[-48:-32])`
			`f.write(t.decrypt(first[:-48]))`
			`f.write(first[-48:])`
			`for i in blist:`
			`t = AES.new(key, AES.MODE_CBC, i[-48:-32])`
			`f.write(t.decrypt(i[:-48]))`
			`f.write(i[-48:])`


			`def main():`
			`password = '565735E30E474DA09250CB5AA047E3940FFA1C6F767C4263B13ABB512933DA49'`
			`input_file = 'C:/var/Applet.db'`
			`out_file = 'c:/var/out/Applet.db'`
			`decrypt(password, input_file, out_file)`


			`if __name__ == '__main__':`
			`SQLITE_FILE_HEADER = bytes('SQLite format 3', encoding='ASCII') + bytes(1)`
			`KEY_SIZE = 32`
			`DEFAULT_PAGESIZE = 4096`
			`DEFAULT_ITER = 64000`
			`main()`