Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CobaltStrike Beacon AES encryption
import hashlib
import hmac
import binascii
import base64
import sys
import struct
from Crypto.Cipher import AES
HASH_ALGO = hashlib.sha256
SIG_SIZE = HASH_ALGO().digest_size
class AuthenticationError(Exception):
pass
def compare_mac(mac, mac_verif):
if len(mac) != len(mac_verif):
print "invalid MAC size"
return False
result = 0
for x, y in zip(mac, mac_verif):
result |= ord(x) ^ ord(y)
return result == 0
def decrypt(encrypted_data, iv_bytes, signature, shared_key, hmac_key):
if not compare_mac(hmac.new(hmac_key, encrypted_data, HASH_ALGO).digest()[0:16], signature):
raise AuthenticationError("message authentication failed")
cypher = AES.new(shared_key, AES.MODE_CBC, iv_bytes)
data = cypher.decrypt(encrypted_data)
return data
def readInt(buf):
return buf[4:], struct.unpack('>L', buf[0:4])[0]
if __name__ == "__main__":
SHARED_KEY = binascii.unhexlify("441bbd3de3d52997298a8625def8f40c")
HMAC_KEY = binascii.unhexlify("1ede48669d4346c0b0cf2ca15e498c10")
with open(sys.argv[1], 'rb') as f:
enc_data = f.read()
signature = enc_data[-16:]
iv_bytes = bytes("abcdefghijklmnop")
encrypted_data = enc_data[:-16]
dec = decrypt(encrypted_dat
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment