From ce763800514f970d1be5565a4a822c16baeb2a77 Mon Sep 17 00:00:00 2001 From: Jukka Laitinen Date: Wed, 16 Jun 2021 15:02:25 +0300 Subject: [PATCH] Add a simple script to decrypt ulog files This now only decrypts xchacha20 encrypted logs, where keys are exchanged with rsa_oaep_sha256 and nonce appended to the end of the key Signed-off-by: Jukka Laitinen --- Tools/decrypt_ulog.py | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 Tools/decrypt_ulog.py diff --git a/Tools/decrypt_ulog.py b/Tools/decrypt_ulog.py new file mode 100755 index 0000000000..823be2042a --- /dev/null +++ b/Tools/decrypt_ulog.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python3 + +from Crypto.PublicKey import RSA +from Crypto.Cipher import PKCS1_OAEP +from Crypto.Cipher import ChaCha20 +from Crypto.Hash import SHA256 +import binascii +import argparse +#from pathlib import Path +import sys + +if __name__ == "__main__": + + parser = argparse.ArgumentParser(description="""CLI tool to decrypt an ulog file\n""") + parser.add_argument("ulog_file", help=".ulog file", nargs='?', default=None) + parser.add_argument("ulog_key", help=".ulogk, encrypted key", nargs='?', default=None) + parser.add_argument("rsa_key", help=".pem format key for decrypting the ulog key", nargs='?', default=None) + + args = parser.parse_args() + + # Only generate a key pair, don't sign + if not args.ulog_file or not args.ulog_key or not args.rsa_key: + print('Need all arguments, the encrypted ulog file, the key and the key decryption key') + sys.exit(1); + + # Read the private RSA key to decrypt the cahcha key + with open(args.rsa_key, 'rb') as f: + r = RSA.importKey(f.read(), passphrase='') + + # Read the encrypted xchacha key and the nonce + with open(args.ulog_key, 'rb') as f: + ulog_key_cipher = f.read(256) + nonce = f.read(24) + + # Decrypt the xchacha key + cipher_rsa = PKCS1_OAEP.new(r,SHA256) + ulog_key = cipher_rsa.decrypt(ulog_key_cipher) + #print(binascii.hexlify(ulog_key)) + + # Read and decrypt the .ulgc + cipher = ChaCha20.new(key=ulog_key, nonce=nonce) + with open(args.ulog_file, 'rb') as f: + with open(args.ulog_file.rstrip(args.ulog_file[-1]), 'wb') as out: + out.write(cipher.decrypt(f.read()))