Last active
January 17, 2024 03:00
-
-
Save kjy00302/9ea867e0c761ffea2a364cf5346c2bb9 to your computer and use it in GitHub Desktop.
PoC decrypter for Yohane the Parhelion - NUMAZU in the MIRAGE - Demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import Crypto.Cipher.AES | |
| import Crypto.Hash.SHA1 | |
| import sys | |
| import pathlib | |
| filepath = pathlib.Path(sys.argv[1]) | |
| decoded_path = 'decrypted_' + filepath.name | |
| enc_file = open(filepath, 'rb') | |
| dec_file = open(decoded_path, 'wb') | |
| password = 'Yohane the Parhelion - NUMAZU in the MIRAGE - Demo' | |
| salt = filepath.stem.encode() | |
| # Cryptodome's PBKDF1 does not support more then 8 bytes of salt. | |
| hash_ = Crypto.Hash.SHA1.new(password.encode() + salt) | |
| for _ in range(99): | |
| hash_ = Crypto.Hash.SHA1.new(hash_.digest()) | |
| aes_key = hash_.digest()[:16] | |
| aes = Crypto.Cipher.AES.new(aes_key, Crypto.Cipher.AES.MODE_ECB) | |
| cnt = 1 | |
| keystream = bytearray() | |
| while True: | |
| data = enc_file.read(0x4000) | |
| if not data: | |
| break | |
| if len(data) > len(keystream): | |
| ks = bytearray() | |
| for i in range((len(data) // 16) + 1): | |
| ks += cnt.to_bytes(16, 'little') | |
| cnt += 1 | |
| keystream += aes.encrypt(ks) | |
| dec_file.write(bytes(map(lambda x: x[0] ^ x[1], zip(data, keystream)))) | |
| del keystream[:len(data)] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment