Decrypt SonicWall firmware

decryptfw.py

#!/usr/bin/env python

import os
import sys
import struct
import binascii
from Crypto.Cipher import AES

IV = binascii.unhexlify("0A254C2FE7AE0B7047028D6B4B2E6944")
AES_KEY = binascii.unhexlify("FE4C8C32FBAE1AF3C4A0ABC8E1866CAD")

if __name__ == '__main__':
    if len(sys.argv) != 3:
        print (" Usage: decryptfw.py <firmware> <output>")
        print (" Example: decryptfw.py sw_smavm_eng_10.2.0.5_10.2.0_5_29sv_1261432.sig decrypted.bin")
        sys.exit(1)

    with open(sys.argv[1], 'rb') as f:
        buf = f.read()

    # parse header
    header_len = struct.unpack('>I', buf[148:152])[0]
    data_len = struct.unpack('>I', buf[144:148])[0]
    print ('[*] Data type: %d' % buf[133])
    print ('[*] Header length: %d' % header_len)
    print ('[*] Data length: %d' % data_len)

    # decrypt
    cipher = AES.new(AES_KEY, AES.MODE_CBC, IV)
    
    with open (sys.argv[2], 'wb') as f:
        f.write(cipher.decrypt(buf[header_len:header_len+data_len]))

    print ('[+] Decrypted firmware written to %s' % sys.argv[2])