-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdecrypt
executable file
·108 lines (94 loc) · 2.25 KB
/
decrypt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!/bin/bash
# Decrypt data using AES256 in CBC mode, optionally utilising IV and keys from
# Wireshark's ssl.debug_file file
#IV=
#KEY=
C=${CIPHER:-aes-256-cbc}
if [ $# -ge 2 -a $# -le 3 ]; then
debug_file="$1"
mode=$2
start_frame=$3
material=$(awk -vstart_frame=$start_frame '
function try_name(name) {
if (frame >= start_frame && !found[name]) {
key_name = name;
found[name] = 1;
}
}
/^\| / {
if (key_name) {
# handle at most 16 bytes of hex data
key = substr($0, 3, 3 * 16);
gsub(/ /, "", key);
}
}
! /^\| / {
if (key_name) {
print key_name "=" key ";";
key = "";
key_name = "";
}
}
/^dissect_ssl enter frame #/ { sub("#", ""); frame = $4; }
/^Client Write key/ { try_name("CKEY"); }
/^Server Write key/ { try_name("SKEY"); }
/^Client Write IV/ { try_name("CIV"); }
/^Server Write IV/ { try_name("SIV"); }
' "$debug_file")
[ -z "${SHOWKEYS:+x}" ] || echo "$material" >&2
eval "$material"
[ -z "$IV" ] || echo "Warning: IV from debug won't be used" >&2
[ -z "$KEY" ] || echo "Warning: KEY from debug won't be used" >&2
case $mode in
[Cc]*) KEY=${KEY:-$CKEY}; IV=${IV:-$CIV} ;;
[Ss]*) KEY=${KEY:-$SKEY}; IV=${IV:-$SIV} ;;
*)
echo "Invalid mode, accepting only client or server" >&2
exit 1
;;
esac
if [ -z "$KEY" -o -z "$IV" ]; then
echo "Debug file is invalid, does not contain IV and KEY" >&2
exit 1
fi
elif [ $# -lt 2 ]; then
if [ -z "$IV" -o -z "$KEY" ]; then
cat <<EOF >&2
Usage: echo hh hh.. | $0 debug-file mode [start-frame]
Usage: IV=... KEY=... $0 hh hh hh hh..
debug-file is created with 'wireshark -o ssl.debug_file:debug-file'
mode is either c(lient) or s(server).
Only the first Master Secret starting at or after start-frame are used (if
omitted, it will use the first occurrence).
The CIPHER environment variable (default: aes-256-cbc) can be used to specify to
cipher.
Set the SHOWKEYS envvar to show the keys and ciphers extracted from the debug
file.
EOF
exit 1
fi
fi
if [ $# -gt 3 ]; then
echo "$*"
else
awk '
{
for (i=1; i<NF; i++) {
if ($i ~ /^[0-9a-fA-F]{2}/) {
print $i;
} else if (i > 1) {
# do not stop for at the first | in "| 12 34 |", but at
# the last "|"
break;
}
}
}
'
fi |
xxd -ps -r |
openssl $C -nosalt -iv "${IV// /}" -K "${KEY// /}" -d |
if [ -t 1 ]; then
xxd
else
cat
fi