dotysan/ios7deobfuscate.pl

## ios7deobfuscate.pl
#!/usr/bin/perl -pw
use strict;

# Sun 6 Jun 2004 Curtis Doty <Curtis@GreenKey.net>
# - modified Riku Meskanen's ios7decrypt.pl script
# - added WEP key translation and supposed extra keys

my @md5xlat = (	0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, # dsfd;kfo
		0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, # A,.iyewr
		0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53, # kldJKDHS
		0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, # UBsgvca6
		0x39, 0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76, # 9834ncxv
		0x39, 0x38, 0x37, 0x33, 0x32, 0x35, 0x34, 0x6b, # 9873254k
		0x3b, 0x66, 0x67, 0x38, 0x37);			# ;fg87

my @wepxlat = (	0x2c, 0xf4, 0x6e, 0xc3, 0x7a, 0x4e, 0x14, 0x29,
		0x3e, 0xf3, 0x17, 0x5a, 0x6d, 0x26, 0x6a, 0x07,
		0x5a, 0x62, 0x14, 0x06, 0x0d, 0x33, 0x12, 0x03,
		0x31, 0xc6, 0x0c, 0x72, 0x28, 0x5b, 0x7a, 0xc7);

my $pf; my @xlat;

if (/(password|md5|key|ascii|40bit|128bit|hex)\s+7\s+([\da-f]+)/io) {
	if (!(length($2) & 1)) {
		my $type	= $1;
		my $obfuscated	= $2;
		my $clear	= "";

		# first two chars is the $salt and the rest is the actual $hash
		my ($salt, $hash) = ($obfuscated =~ /^(..)(.+)/o);

		# two different possible translations
		if ($type =~ /bit|hex/) {
			$salt = hex($salt);
			$pf = "%02X";
			@xlat = @wepxlat;
		} else {
			$pf = "%c";
			@xlat = @md5xlat;
		}

		# get down to businesss
		for (my $i=0; $i<length($hash); $i+=2) {
			$salt = $salt & 0x1f;	# don't spill the salt
			$clear .= sprintf $pf, hex(substr($hash,$i,2)) ^ $xlat[$salt++];
		}

		s/7\s+$obfuscated/$clear/;
	}
}
	#!/usr/bin/perl -pw
	use strict;

	# Sun 6 Jun 2004 Curtis Doty <Curtis@GreenKey.net>
	# - modified Riku Meskanen's ios7decrypt.pl script
	# - added WEP key translation and supposed extra keys

	my @md5xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, # dsfd;kfo
	0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, # A,.iyewr
	0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53, # kldJKDHS
	0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, # UBsgvca6
	0x39, 0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76, # 9834ncxv
	0x39, 0x38, 0x37, 0x33, 0x32, 0x35, 0x34, 0x6b, # 9873254k
	0x3b, 0x66, 0x67, 0x38, 0x37); # ;fg87

	my @wepxlat = ( 0x2c, 0xf4, 0x6e, 0xc3, 0x7a, 0x4e, 0x14, 0x29,
	0x3e, 0xf3, 0x17, 0x5a, 0x6d, 0x26, 0x6a, 0x07,
	0x5a, 0x62, 0x14, 0x06, 0x0d, 0x33, 0x12, 0x03,
	0x31, 0xc6, 0x0c, 0x72, 0x28, 0x5b, 0x7a, 0xc7);

	my $pf; my @xlat;

	if (/(password\|md5\|key\|ascii\|40bit\|128bit\|hex)\s+7\s+([\da-f]+)/io) {
	if (!(length($2) & 1)) {
	my $type = $1;
	my $obfuscated = $2;
	my $clear = "";

	# first two chars is the $salt and the rest is the actual $hash
	my ($salt, $hash) = ($obfuscated =~ /^(..)(.+)/o);

	# two different possible translations
	if ($type =~ /bit\|hex/) {
	$salt = hex($salt);
	$pf = "%02X";
	@xlat = @wepxlat;
	} else {
	$pf = "%c";
	@xlat = @md5xlat;
	}

	# get down to businesss
	for (my $i=0; $i<length($hash); $i+=2) {
	$salt = $salt & 0x1f; # don't spill the salt
	$clear .= sprintf $pf, hex(substr($hash,$i,2)) ^ $xlat[$salt++];
	}

	s/7\s+$obfuscated/$clear/;
	}
	}