Created
April 8, 2021 07:34
-
-
Save sh4dowb/0596fc4283a5b404132ef72b7d1a23de to your computer and use it in GitHub Desktop.
Decrypt Ruby's ActiveSupport::MessageEncryptor on Python 3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib | |
import base64 | |
from Crypto import Random | |
from Crypto.Cipher import AES | |
import rubymarshal.reader | |
from pbkdf2 import PBKDF2 | |
SECRET = "a3f58debfe0c5b71edaebea3a627f4f" | |
SALT = "12345" | |
ITERATIONS = 65536 | |
KEY_LENGTH = 32 | |
ruby_encrypted_message = "" # "salt.base64message--base64salt--base64signature" | |
# we dont check for signature | |
parts = ruby_encrypted_message.split(".")[1].split("--") | |
key = PBKDF2(SECRET, SALT, ITERATIONS).read(KEY_LENGTH) | |
ciphertext = parts[0] | |
iv = parts[1] | |
aes = AES.new(key, AES.MODE_GCM, iv) | |
aes.decrypt(ciphertext) | |
data = rubymarshal.reader.loads(decrypted) | |
print(data) # plaintext |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment