Skip to content

Instantly share code, notes, and snippets.

@gquere

gquere/informatica_105_decrypt.py

Created March 13, 2023 11:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gquere/206a5a7fe8bb26a8243ea2bb827a8bb6 to your computer and use it in GitHub Desktop.
Save gquere/206a5a7fe8bb26a8243ea2bb827a8bb6 to your computer and use it in GitHub Desktop.
Download ZIP
Decrypt Informatica 10.5 secrets
Raw
informatica_105_decrypt.py
#!/usr/bin/env python3
import argparse
import base64
import re
from Cryptodome.Cipher import AES
from Cryptodome.Util.Padding import unpad
parser = argparse.ArgumentParser(description = 'Decrypt Informatica passwords')
parser.add_argument('-k', '--sitekey', type=str, required=True)
parser.add_argument('secret', type=str)
args = parser.parse_args()
with open(args.sitekey, 'rb') as f:
sitekey_data = f.read()
sitekey = sitekey_data[4:36]
secret_data = base64.b64decode(args.secret)
# find envelope pattern: 00 00 00 01 00 00 00 xx 00 00 00 00
key = sitekey
envelopes = re.finditer(b'\x00\x00\x00\x01\x00\x00\x00.\x00\x00\x00\x00', secret_data)
for envelope in envelopes:
iv = secret_data[envelope.end() + 4:envelope.end() + 20]
secret_len = secret_data[envelope.end() + 20:envelope.end() + 24]
secret = secret_data[envelope.end() + 24:envelope.end() + 24 + int.from_bytes(secret_len)]
cipher = AES.new(key, AES.MODE_CBC, iv=iv)
pt = unpad(cipher.decrypt(secret), 16)
key = pt
print(pt)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment