Created
February 19, 2023 23:25
-
-
Save luca-m/212395d4fa721826106343416b0edd64 to your computer and use it in GitHub Desktop.
ESPIO payload decryption utility
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* ESPIO payload decryption utility | |
* Author: @luc4m | |
* | |
* Compile with g++ ./espiod espiod.cpp | |
* Usage: | |
* ./espiod KEYFILE ENCRYPTEDPAYLOADFILE | |
* it outputs the decrypted file on "plaintext.bin" | |
* | |
* References: | |
* - https://github.com/Konis-Bros/Espio/ | |
*/ | |
#include <iostream> | |
#include <fstream> | |
#include <string> | |
#include <vector> | |
static const std::string base64_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | |
static inline bool is_base64(unsigned char c) { | |
return (isalnum(c) || (c == '+') || (c == '/')); | |
} | |
const std::string base64_decode(std::string const& encoded_string) { | |
int i = 0; | |
int j = 0; | |
int in_ = 0; | |
unsigned char char_array_4[4], char_array_3[3]; | |
std::string decoded_string; | |
size_t in_len = encoded_string.size(); | |
while (in_len-- && (encoded_string[in_] != '=') && is_base64(encoded_string[in_])) | |
{ | |
char_array_4[i++] = encoded_string[in_]; in_++; | |
if (i == 4) | |
{ | |
for (i = 0; i < 4; i++) | |
{ | |
char_array_4[i] = base64_chars.find(char_array_4[i]); | |
} | |
char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4); | |
char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2); | |
char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3]; | |
for (i = 0; (i < 3); i++) | |
{ | |
decoded_string += char_array_3[i]; | |
} | |
i = 0; | |
} | |
} | |
if (i) | |
{ | |
for (j = i; j < 4; j++) | |
{ | |
char_array_4[j] = 0; | |
} | |
for (j = 0; j < 4; j++) | |
{ | |
char_array_4[j] = base64_chars.find(char_array_4[j]); | |
} | |
char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4); | |
char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2); | |
char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3]; | |
for (j = 0; (j < i - 1); j++) | |
{ | |
decoded_string += char_array_3[j]; | |
} | |
} | |
return decoded_string; | |
} | |
int main(int argc, char *argv[]) | |
{ | |
if (argc != 3) | |
{ | |
std::cerr << "Usage: " << argv[0] << " key.bin encrypted_payload.bin" << std::endl; | |
return 1; | |
} | |
std::ifstream keyFile(argv[1], std::ios::binary | std::ios::ate); | |
std::ifstream encryptedPayloadFile(argv[2], std::ios::binary | std::ios::ate); | |
if (!keyFile || !encryptedPayloadFile) | |
{ | |
std::cerr << "Failed to open input files." << std::endl; | |
return 1; | |
} | |
size_t keySize = keyFile.tellg(); | |
size_t encryptedPayloadSize = encryptedPayloadFile.tellg(); | |
keyFile.seekg(0, std::ios::beg); | |
encryptedPayloadFile.seekg(0, std::ios::beg); | |
std::vector<unsigned char> key(keySize); | |
std::vector<unsigned char> encryptedPayload(encryptedPayloadSize); | |
keyFile.read(reinterpret_cast<char*>(key.data()), keySize); | |
encryptedPayloadFile.read(reinterpret_cast<char*>(encryptedPayload.data()), encryptedPayloadSize); | |
keyFile.close(); | |
encryptedPayloadFile.close(); | |
char* obfuscatedPayload = reinterpret_cast<char*>(encryptedPayload.data()); | |
const std::string toDecryptPayload = base64_decode(obfuscatedPayload); | |
size_t toDecryptSize = toDecryptPayload.size(); | |
int keyIndex = 0; | |
std::string payload = ""; | |
for (int i = 0; i < toDecryptSize; i += 4) | |
{ | |
std::string currentByte = std::string() + toDecryptPayload[i] + toDecryptPayload[i + 1] + toDecryptPayload[i + 2] + toDecryptPayload[i + 3]; | |
payload += stol(currentByte, nullptr, 0) ^ key[keyIndex++ % keySize]; | |
} | |
std::ofstream plaintextFile("plaintext.bin", std::ios::binary); | |
plaintextFile.write(payload.c_str(), payload.size()); | |
plaintextFile.close(); | |
std::cout << "Decryption complete." << std::endl; | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment