NRockhouse/TM-Innacomm-ADSL-MARITIME-W3410N-ConfigFileDecrypt.py

## TM-Innacomm-ADSL-MARITIME-W3410N-ConfigFileDecrypt.py
#!/usr/bin/python

# =============================================================
#  Telekom Malaysia (TM) Innacomm ADSL-MARITIME-W3410N
#  Router Configuration Settings Backup File Decryption Tool
#
#  This Python script is used to decrypt the backup configuration
#  settings file of the TM Innacomm ADSL-MARITIME-W3410N (which
#  is apparently a rebranded PROLiNK ADSL2 PRS1241B modem according
#  to blog.fpmurphy.com). The usage is pretty self-explanatory
#  so I won't make a whole guide about it, it will decrypt an
#  encrypted file and encrypt a decrypted file if given (which
#  is just how XOR encryption works). Redistribution is allowed
#  but credits must be given, also feel free to use this as a
#  wrapper to decrypt XOR-encrypted files by changing the
#  "secretkey" variable. The XOR key used for this decryption tool
#  is discovered through personal research and not obtained through
#  other public articles. I found that article only after I finished
#  making this decryption tool.
#
#  By NRockhouse (https://blog.rockhouse.ga/)
#
#  DISCLAIMER: This tool is released for testing and
#  educational purposes only. Please do not use it for
#  any malicious intent.
#
#  REFERENCES:
#  1. https://stackoverflow.com/a/2612730/3123557
#  2. https://www.tutorialspoint.com/python/python_command_line_arguments.htm
# =============================================================

import sys
from os.path import isfile

def main(argv):
   xorWord = lambda ss,cc: ''.join(chr(ord(s)^ord(c)) for s,c in zip(ss,cc*1000))
   secretkey = "\x81\x8c\x8d\x80\x9b\x9d\x90\x9c\xa5\xa9\xad\xa0\xb8\xa9\xf5\xb8\xb5\xb8\xb8\xd0\xc0\xc5\xc4\xa2\xcd\xcc\xc5\xca\xd4\xdb\xe9\xdc\xd3\xde\xac\xd8\xeb\xe7\x9d\xaa\xe9\xff\xfb\xfa\xe0\xef\x9e\x94\xe1\xe1\x8d\xa9\xfd\xfe\xf5\x8a\x85\x87\xbe\x8c\x00\x8e\x8a\xf8\x00\x8a\xe4\xc9\x88\x85\xc7\x80\x84\x84\x87\x84\x9a\xf6\xf0\xa8\x95\x98\x93\x80\xa1\xbc\xf9\xa4\xaf\x96\xa9\xa3\xad\x81\xef\xe7\xdd\xb9\xf6\xd2\xd6\xd1\x8b\xd8\xc6\xf0\xc8\xc4\xc9\xb6\xc1\x88\xb5\xb4\xb1\xbe\xba\xf9\xab\xb8\xb3\xb0\xd5\xb0\x00\xa8\xc5\xa1\xd2\xec\xce\xff\xe5\xe8\xc9\x90\xe3\xae\xa5\xea\x8b\x8a\xd5\xa8\xbf\xda\xc8\xa2\xa2\xf9\xe4\xfc\xb4\xb5\xb7\xb5\xa1\xad\xab\xaf\xe5\xd4\xe1\xe5\xe0\xaa\xeb\x93\xe3\xc6\xcd\xa0\x84\xa3\xdf\x94\xaa\xae\xe3\xe0\xa5\x8e\xdc\x8b\x99\xf4\x90\xcf\x90\xa6\xb4\xb8\xc4\xd6\x97\xf6\xc4\xcc\xc4\xb1\xce\xc2\xf2\x87\xd6\xd2\xca\x9c\xd1\x86\x80\xde\x00\xd1\xfd\xb4\xb0\xbe\xd8\xb2\xb0\xc9\xc9\xc2\x00\xf0\xac\xfe\xea\x8f\x8e\xbd\xd1\x91\x85\xc0\xa2\xbd\xf1\xfc\xac\x85\x9f\xd8\xfc\xe3\xc8\xa8\x8c\x94\x94\xb6\x98\xcd\x95\xa6"
   inputfile = outputfile = text = ''
   action = 0 # 0 = decryption, 1 = encryption

   if '-h' in argv or '--help' in argv or len(argv) < 2:
      print "[*] Usage: %s [-o <outputfile>] <inputfile>" % argv[0]
      sys.exit()

   for i in range(1,len(argv)):
      if argv[i] == '-o':
         outputfile = argv[i+1]
      elif argv[i-1] != '-o' and argv[i][0] != '-':
            inputfile = argv[i]

   if(isfile(inputfile)):
      f = open(inputfile,"r")
      text = f.read()
      f.close()
      if text[0:24] == "<Config_Information_File":
         print "[*] Decrypted router configuration file detected. Encrypting..."
         text = xorWord(text, secretkey)
         action = 0
      elif text[0:24] == xorWord("<Config_Information_File", secretkey):
         print "[*] Encrypted router configuration file detected. Decrypting..."
         text = xorWord(text, secretkey)
         action = 1
      else:
         print "[*] Unable to recognize configuration file. Exiting..."
   else:
      print "[*] Cannot find file \'%s\'" % inputfile

   if(outputfile == ''):
      print "[*] Dumping %s file..." % ("decrypted" if not action else "encrypted")
      print ""
      print text
   else:
      if(isfile(outputfile)):
         answer = raw_input("[*] The file \'%s\' exists, are you sure you want to replace the file? [y/N] " % outputfile)
         if answer.lower() in ('y','yes'):
            pass
         else:
            sys.exit()
      f = open(outputfile,"w")
      f.write(text)
      f.close()
      print "[*] Configuration settings backup file %s successfully and saved to \'%s\'. Exiting..." % (("decrypted" if not action else "encrypted"),outputfile)

if __name__ == "__main__":
   main(sys.argv)
	#!/usr/bin/python

	# =============================================================
	# Telekom Malaysia (TM) Innacomm ADSL-MARITIME-W3410N
	# Router Configuration Settings Backup File Decryption Tool
	#
	# This Python script is used to decrypt the backup configuration
	# settings file of the TM Innacomm ADSL-MARITIME-W3410N (which
	# is apparently a rebranded PROLiNK ADSL2 PRS1241B modem according
	# to blog.fpmurphy.com). The usage is pretty self-explanatory
	# so I won't make a whole guide about it, it will decrypt an
	# encrypted file and encrypt a decrypted file if given (which
	# is just how XOR encryption works). Redistribution is allowed
	# but credits must be given, also feel free to use this as a
	# wrapper to decrypt XOR-encrypted files by changing the
	# "secretkey" variable. The XOR key used for this decryption tool
	# is discovered through personal research and not obtained through
	# other public articles. I found that article only after I finished
	# making this decryption tool.
	#
	# By NRockhouse (https://blog.rockhouse.ga/)
	#
	# DISCLAIMER: This tool is released for testing and
	# educational purposes only. Please do not use it for
	# any malicious intent.
	#
	# REFERENCES:
	# 1. https://stackoverflow.com/a/2612730/3123557
	# 2. https://www.tutorialspoint.com/python/python_command_line_arguments.htm
	# =============================================================

	import sys
	from os.path import isfile

	def main(argv):
	xorWord = lambda ss,cc: ''.join(chr(ord(s)^ord(c)) for s,c in zip(ss,cc*1000))
	secretkey = "\x81\x8c\x8d\x80\x9b\x9d\x90\x9c\xa5\xa9\xad\xa0\xb8\xa9\xf5\xb8\xb5\xb8\xb8\xd0\xc0\xc5\xc4\xa2\xcd\xcc\xc5\xca\xd4\xdb\xe9\xdc\xd3\xde\xac\xd8\xeb\xe7\x9d\xaa\xe9\xff\xfb\xfa\xe0\xef\x9e\x94\xe1\xe1\x8d\xa9\xfd\xfe\xf5\x8a\x85\x87\xbe\x8c\x00\x8e\x8a\xf8\x00\x8a\xe4\xc9\x88\x85\xc7\x80\x84\x84\x87\x84\x9a\xf6\xf0\xa8\x95\x98\x93\x80\xa1\xbc\xf9\xa4\xaf\x96\xa9\xa3\xad\x81\xef\xe7\xdd\xb9\xf6\xd2\xd6\xd1\x8b\xd8\xc6\xf0\xc8\xc4\xc9\xb6\xc1\x88\xb5\xb4\xb1\xbe\xba\xf9\xab\xb8\xb3\xb0\xd5\xb0\x00\xa8\xc5\xa1\xd2\xec\xce\xff\xe5\xe8\xc9\x90\xe3\xae\xa5\xea\x8b\x8a\xd5\xa8\xbf\xda\xc8\xa2\xa2\xf9\xe4\xfc\xb4\xb5\xb7\xb5\xa1\xad\xab\xaf\xe5\xd4\xe1\xe5\xe0\xaa\xeb\x93\xe3\xc6\xcd\xa0\x84\xa3\xdf\x94\xaa\xae\xe3\xe0\xa5\x8e\xdc\x8b\x99\xf4\x90\xcf\x90\xa6\xb4\xb8\xc4\xd6\x97\xf6\xc4\xcc\xc4\xb1\xce\xc2\xf2\x87\xd6\xd2\xca\x9c\xd1\x86\x80\xde\x00\xd1\xfd\xb4\xb0\xbe\xd8\xb2\xb0\xc9\xc9\xc2\x00\xf0\xac\xfe\xea\x8f\x8e\xbd\xd1\x91\x85\xc0\xa2\xbd\xf1\xfc\xac\x85\x9f\xd8\xfc\xe3\xc8\xa8\x8c\x94\x94\xb6\x98\xcd\x95\xa6"
	inputfile = outputfile = text = ''
	action = 0 # 0 = decryption, 1 = encryption

	if '-h' in argv or '--help' in argv or len(argv) < 2:
	print "[*] Usage: %s [-o <outputfile>] <inputfile>" % argv[0]
	sys.exit()

	for i in range(1,len(argv)):
	if argv[i] == '-o':
	outputfile = argv[i+1]
	elif argv[i-1] != '-o' and argv[i][0] != '-':
	inputfile = argv[i]

	if(isfile(inputfile)):
	f = open(inputfile,"r")
	text = f.read()
	f.close()
	if text[0:24] == "<Config_Information_File":
	print "[*] Decrypted router configuration file detected. Encrypting..."
	text = xorWord(text, secretkey)
	action = 0
	elif text[0:24] == xorWord("<Config_Information_File", secretkey):
	print "[*] Encrypted router configuration file detected. Decrypting..."
	text = xorWord(text, secretkey)
	action = 1
	else:
	print "[*] Unable to recognize configuration file. Exiting..."
	else:
	print "[*] Cannot find file \'%s\'" % inputfile

	if(outputfile == ''):
	print "[*] Dumping %s file..." % ("decrypted" if not action else "encrypted")
	print ""
	print text
	else:
	if(isfile(outputfile)):
	answer = raw_input("[*] The file \'%s\' exists, are you sure you want to replace the file? [y/N] " % outputfile)
	if answer.lower() in ('y','yes'):
	pass
	else:
	sys.exit()
	f = open(outputfile,"w")
	f.write(text)
	f.close()
	print "[*] Configuration settings backup file %s successfully and saved to \'%s\'. Exiting..." % (("decrypted" if not action else "encrypted"),outputfile)

	if __name__ == "__main__":
	main(sys.argv)