Skip to content

Instantly share code, notes, and snippets.

View maganuk's full-sized avatar

maganuk

1 follower · 0 following
View GitHub Profile
@maganuk
maganuk / unprotectAspNetIdentityCookie.js
Created March 12, 2021 20:09 — forked from flut1/unprotectAspNetIdentityCookie.js
Unprotects a cookie in Node.JS that was encrypted using ASP.NET Core Identity with the default settings.
import { padStart } from 'lodash';
import leb128 from 'leb128';
import crypto from 'crypto';
// magic header used to identify an identity cookie
const MAGIC_HEADER = 0x09F0C9F0;
// key id size in bytes
const SIZE_KEY_ID = 16;
// size of key modifier according to the CbcAuthenticatedEncryptor:
// https://github.com/aspnet/DataProtection/blob/dev/src/Microsoft.AspNetCore.DataProtection/Cng/CbcAuthenticatedEncryptor.cs