Skip to content

Instantly share code, notes, and snippets.

View jmenashe's full-sized avatar

J jmenashe

  • San Francisco, CA
View GitHub Profile
@flut1
flut1 / unprotectAspNetIdentityCookie.js
Last active April 17, 2024 11:47
Unprotects a cookie in Node.JS that was encrypted using ASP.NET Core Identity with the default settings.
import { padStart } from 'lodash';
import leb128 from 'leb128';
import crypto from 'crypto';
// magic header used to identify an identity cookie
const MAGIC_HEADER = 0x09F0C9F0;
// key id size in bytes
const SIZE_KEY_ID = 16;
// size of key modifier according to the CbcAuthenticatedEncryptor:
// https://github.com/aspnet/DataProtection/blob/dev/src/Microsoft.AspNetCore.DataProtection/Cng/CbcAuthenticatedEncryptor.cs