Last active

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

Snapchat Image Decrypt - This Ruby script decrypts the blob received from the `bq/blob` endpoint. Many thanks to @kivikakk, @adamcaudill, @tlack, and @NeilHanlon for inspiration, code, guides, and of course, the encryption key.

View snapchat_decrypt.rb
1 2 3 4 5 6 7 8 9 10 11 12
#!/usr/bin/env ruby
 
require 'openssl'
 
data = File.open('blob', 'r:ASCII-8BIT').read
c = OpenSSL::Cipher.new('AES-128-ECB')
c.decrypt
c.key = 'M02cnQ51Ji97vwT4'
o = ''.force_encoding('ASCII-8BIT')
data.bytes.each_slice(16) { |s| o += c.update(s.map(&:chr).join) }
o += c.final
File.open('blob.jpg', 'w') { |f| f.write(o) }

hey, just wanted to say thanks james, this helped with the ruby wrapper i wrote

Thank you for posting this code. I had a number of snapchat files to decrypt so added A loop
Snapchat = Dir["*.jpg.nomedia"]
Snapchat.each {|filename|
..your script....
But I'm finding that if the decryption fails then the loop fails. Do you/anyone know how I can iterate through a folder of files, skipping files that won't decrypt and decrypt the ones that will.

Thanks, Rich

I did it like this, it's simpler and works perfectly:

def decrypt encrypted
    d = OpenSSL::Cipher::AES128.new :ECB
    d.decrypt
    d.key = ENCRYPTION_KEY
    d.update(encrypted) + d.final
end

Woah! I just saw this. Sorry about that guys. Let me read above and get back to you.

@nneal Of course! Enjoy!

@marshalmorris That's a great point. Is it failing on the write? f.write?

@ph3nx your solution isn't 100% code complete (it doesn't include the key, etc.), but it is accurate if you were to fill in the blanks.

bjk1 commented

Hi i tried running the script i am on windows 8 and it the cmd it says r.rb:5:in 'initialize' : no such file or directory - blob

From e:/chrome/t/r.rb:5:in 'open'
from e:/chrome/t/t/r.rb:5:in ''

please help not sure what i am doing wrong ?

bjk1 commented

never mind got it

#!/usr/bin/env ruby

require 'openssl'

data = File.open('blob', 'rb:ASCII-8BIT').read
c = OpenSSL::Cipher.new('AES-128-ECB')
c.decrypt
c.key = 'M02cnQ51Ji97vwT4'
o = ''.force_encoding('ASCII-8BIT')
data.bytes.each_slice(16) { |s| o += c.update(s.map(&:chr).join) }
o += c.final
File.open('blob.jpg', 'wb') { |f| f.write(o) }

the b were missing :/

Owner

@bjk1 Glad to hear you got it working!

how exactly do i use the code ?

do7aboy commented

Hello there,

i get this error every time i run the code

~/Downloads/gist6913761-d5be0cab80ad2e6906679cd580693da9c138b609/snapchat_decrypt.rb:11: in `final': bad decrypt (OpenSSL::Cipher::CipherError)

and

~/Downloads/gist6913761-d5be0cab80ad2e6906679cd580693da9c138b609/snapchat_decrypt.rb:11: in `'

all refering to line 11 which is " o +=c.final "

can you help

How can i use this code? where? is an apps?

sinycc commented

I am getting the following error when running this code referencing line 11 (o += c.final)

'final': wrong final block length (OpenSSL::Cippher::CipherError)

Any thoughts? The only thing I changed from your original code is on line 5 and 12:
Changed 'blob' to something else.

Hey guys. I currently have a file saved by my Dumpster app that was a picture, yet saved as an .mp4. I tried running the script on both my android and now my unbuntu pc with no avail, only errors. Any advise?

Owner

@do7aboy & @synycc - I'm not sure. Which ruby are you using? Which OpenSSL?

@dhorvath - What errors are you getting?

I've been trying to decrypt a file using your code as well, and I'm also getting errors. Just running the script without modification on a windows 7 client with openssl 1.0.1 h installed (http://slproweb.com/products/Win32OpenSSL.html) produces this:

snapchat_decrypt.rb:11:in final': wrong final
block length (OpenSSL::Cipher::CipherError)
from <omitted path> snapchat_decrypt.rb:11:in

'

Tried changing name of input and output file to something specific and did a search to see if i did something wrong with the openssl part, but it seems that all that is needed (usually) is to install the binary and you're ready to go.
Also tried running the script on a Ubuntu 14.04 client but with the same error so either I'm not very good at this or something is up with the key :) I installed ruby via apt-get on ubuntu and it installed ruby 1.9.3p484 (2013-11-22 revision 43786) [i686-linux], can't see why it should not work. Any ideas?

I am getting the same error as donaldsr, with very similar scenario. I have also checked my environment to no avail. Any thoughts on this?

snapchat_decrypt.rb:11:in 'final': wrong final block length (OpenSSL::Cipher::CipherError)
from snapchat_decrypt.rb:11:in '<main>'

edit: Sorry forgot version info... I am running ruby 1.9.1 with OpenSSL v1.0.1c

Anyone having success with this? Kinda got stuck with the blob :)

I'm having the same issues as most people here, getting this error when trying to run this script, or bjk1's script:

C:/ProgramData/BlueStacks/UserData/SharedFolder/test.rb:5:in initialize': No such file or directory - blob (E
rrno::ENOENT)
from C:/ProgramData/BlueStacks/UserData/SharedFolder/test.rb:5:in
open'
from C:/ProgramData/BlueStacks/UserData/SharedFolder/test.rb:5:in `'

@wangmauler
From the error message, I'd say that you have not renamed your snapchat file to "blob" or changed the script to run your specific file. You have to either rename it to "blob" or change the script. Also, make sure that you have the file in the same directory as the script, then try again.

Thanks donaldsr, that worked, however now I get a new error:

C:\ProgramData\BlueStacks\UserData\SharedFolder>test.rb
C:/ProgramData/BlueStacks/UserData/SharedFolder/test.rb:11:in final': wrong final block length (OpenSSL::Ciph
er::CipherError)
from C:/ProgramData/BlueStacks/UserData/SharedFolder/test.rb:11:in
'

@wangmauler
Yeah, same error we all get. It seems that snapchat have changed something in the encryption so the old key does not work anymore. Was hoping for jamescmartinez to check with the people who contributed to this if any of them have noticed this change but so far he seems to be busy with other stuff. Patience is a virtue when you dont know how to fix it yourself :)

Owner

Checking! @donaldsr

Owner

I wish Github gists had notifications...

Any updates in the "wrong final block length" error?

Im at the same thing as everyone else now wrong final block length

Now bad decrypt lol

Any updates on this?

@royalelee, what did you do to get the bad decrypt error?

Mine is line 11 bad decrypt cipher error

aka the line with final output in it

Still nothing? :)

snap.rb:11:in `final': bad decrypt (OpenSSL::Cipher::CipherError)
        from snap.rb:11:in `<main>'

I googled for the solution - just need to add one line:

c.decrypt
c.padding = 0 # I added this line
c.key = 'M02cnQ51Ji97vwT4'

Unfortunately it only decrypts old snaps. Stuff from today can't be read by image viewer.
(SnapChat version: 5.0.34.6)

Actually, there is a small difference (char "-") between filenames:
Decryption working: h1a81hurcs00h1088514799151508741.jpg.nomedia
Decryption not working: h1a81hurcs00h-1948520179053141815.jpg.nomedia

No error message.


Anyone could help?

@inxmen, i assume you tried remove the dash in the filename and run it, with the same result? If you get no error message at all it's kinda hard to find a solution, atleast im lost when you have nothing to go on. Anyone else?

@donaldsr, Of course I tried. No error message.

ruby -v
ruby 2.0.0p353 (2013-11-22 revision 43784) [x86_64-linux]

Strange that it does not produce any error message at all.. any idea why? They probably did change the key but that would definitely produce some sort of error message.. Im not that well versed in ruby but is there a way to turn on some sort of deeper debugging to see what is going on? Might be able to set this up on my lab machine some time during the week to see if i can reproduce this.

I changed key to wrong one - there is no warning or message. Script has generated invalid file.
I can't debug ruby - I am beginner in this language. Maybe tomorrow I will find some time to figure it out.

Anybody know where is stored AES key?

i know where it is... i tested the apk v 5.0.34 easiest way it to decompile it in java code and search for it as a string. its really hard to miss

also, the latest apk does use this but the code snippet isnt working :( anyone figure the problem out yet? yes i get same wrong final block length problem.When i added padding as 0, it said data not a multiple of block length

I have my own snapchat decrypting stuff (https://dl.dropboxusercontent.com/u/962389/mgrandi_snapchat_example.zip), which requires python3 and pycrypto. try editing example.py with your username and password and then running it. (make sure you have an unopened snap from someone, you can send a snap to yourself i think, or else it won't work and it will say the file was already deleted).

I just sent a snap to myself and used the above code to decrypt it, and it did work and did produce a correct JPG, but some guy sent me some .jpg.nomedia files that don't seem to work with this decryption / key .....Both that ruby code and my own script produce the same thing, which isn't a JPEG file (it doesn't start with b'\xff\xd8\xff\xe0\x00\x10JFIF\x00\x01')... so i'm pretty confused on whats going on.

maybe its sending it under a different encryption if it detects the app is a certain version? or perhaps they updated the key? Is the android client modifying the data when its saving it to a .nomedia to prevent people from getting it off the phone? My code just downloads it straight from the snapchat server, which would be why mine works fine but these .nomedia files don't work...

Using your ruby example I have made a working C# version.

public static void AesDecryptSnap(string infilename, string outfilename)
{ File.WriteAllBytes(outfilename, AesDecryptSnap(infilename)); }
public static byte[] AesDecryptSnap(string infilename)
{
            byte[] retval = new byte[0];
            byte[] keyAndIvBytes = UTF8Encoding.UTF8.GetBytes("M02cnQ51Ji97vwT4");

            RijndaelManaged algorithm = new RijndaelManaged();
            //set the mode, padding and block size
            algorithm.Padding = PaddingMode.None;
            algorithm.Mode = CipherMode.ECB;
            algorithm.KeySize = 128;
            algorithm.BlockSize = 128;

            using (FileStream inStream = File.OpenRead(infilename))
            {
                using (CryptoStream cryptoStream = new CryptoStream(inStream, algorithm.CreateDecryptor(keyAndIvBytes, keyAndIvBytes), CryptoStreamMode.Read))
                {
                    using (MemoryStream outStream = new MemoryStream())
                    {
                        CopyStream(cryptoStream, outStream);
                        retval = outStream.ToArray();
                    }
                }
            }
            algorithm.Clear();

            return retval;
}
public static void CopyStream(Stream input, Stream output)
{
            byte[] b = new byte[32768];
            int r;
            while ((r = input.Read(b, 0, b.Length)) > 0)
            { output.Write(b, 0, r); output.Flush(); }
}

I also have a version ported to java/android, but it is still untested.

Any update for the latest version of Snapchat? I see there is a update on the python version that takes care of the new encryption implementation introduced in later version of Snapchat, md5, etc.

Updates? Did anyone solve the error?
`final': wrong final block length (OpenSSL::Cipher::CipherError)

This is no more working

M02cnQ51Ji97vwT4 is the old key
Need to find the new one

Any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.