Decrypt intunewin content file in python.

decrypt_intunewin.py

import xml.etree.ElementTree as ET
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import base64

# Load the metadata XML
metadata = """<ApplicationInfo xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ToolVersion="1.8.4.0">
  <Name>npp.8.5.7.Installer.x64.exe</Name>
  <UnencryptedContentSize>4642034</UnencryptedContentSize>
  <FileName>IntunePackage.intunewin</FileName>
  <SetupFile>npp.8.5.7.Installer.x64.exe</SetupFile>
  <EncryptionInfo>
    <EncryptionKey>Vjgdc6a6cx91mDGp76yXT52rS9eDlsg9RkIzZLTRMP4=</EncryptionKey>
    <MacKey>ijynPzVLrMRksJCxmvMRrfrcz5JTEi5qQxCi7WzVGxI=</MacKey>
    <InitializationVector>vfe/RXMTkhJY+HDeM8sq8Q==</InitializationVector>
    <Mac>kIaRjuFYCcH8j66YmmXujtTAfnAiI8NPF32AAZWVDVI=</Mac></EncryptionInfo>
    <ProfileIdentifier>ProfileVersion1</ProfileIdentifier>
    <FileDigest>uYvNQYnEeLNO1d1BW+GRfOLHvvwu4/BXir3rKGcV3SM=</FileDigest>
    <FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
</ApplicationInfo>"""

# Parse the XML
root = ET.fromstring(metadata)

# Extract encryption info
encryption_key = base64.b64decode(root.find(".//EncryptionKey").text)
mac_key = base64.b64decode(root.find(".//MacKey").text)
iv = base64.b64decode(root.find(".//InitializationVector").text)
file_name = root.find(".//FileName").text  # The file to be decrypted

# Read the encrypted content from the file
with open(file_name, 'rb') as f:
    encrypted_content = f.read()

# Initialize AES cipher
cipher = AES.new(encryption_key, AES.MODE_CBC, iv)

# Decrypt the content
decrypted_content = unpad(cipher.decrypt(encrypted_content), AES.block_size)

# Save the decrypted content to a file
with open(file_name, 'wb') as f:
    f.write(decrypted_content)

print(f"File '{file_name}' decrypted successfully.")