Media Server File Decryption¶
Overview¶
Example script to decrypt a file downloaded from Acrobits Media Server.
Python Example¶
#!/usr/bin/python3
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from binascii import unhexlify,crc32
key = unhexlify('F4EC56A83CDA65B2C6DC11E2CF693DAA')
nonce = b'\0'*len(key)
cipher = Cipher(algorithms.AES(key), modes.CTR(nonce), backend=default_backend())
dec = cipher.decryptor()
file_in = open('encrypted', 'rb')
file_out = open('decrypted.jpg', 'wb')
crc = 0
while True:
enc_block=file_in.read(10240)
if not enc_block:
break
print('.', end='')
dec_block = dec.update(enc_block)
crc = crc32(dec_block, crc)
file_out.write(dec_block)
print()
file_in.close()
file_out.close()
print("Hash: "+str(crc))
JavaScript Example¶
The following example requires the latest version (16.x) of Node.js LTS. The crc module is 3rd-party, and therefore optional. It is only required to verify the CRC of decrypted files, and any lines using it can be removed.
import { webcrypto } from 'crypto';
import { readFile, writeFile } from 'fs/promises';
// crc module is optional and only needed if crc calculation functionality is required
// run `npm install crc` to install if needed
import crc from 'crc'; // remove if not using crc
const { subtle } = webcrypto;
const { crc32 } = crc; // remove if not using crc
const hexKey = 'F4EC56A83CDA65B2C6DC11E2CF693DAA';
const keyArr = Uint8Array.from(hexKey.match(/.{1,2}/g).map(hex => parseInt(hex, 16)));
const counter = new Uint8Array(keyArr.length);
const key = await subtle.importKey('raw', keyArr, "AES-CTR", true, ['decrypt']);
const input = await readFile('encrypted', { flag: 'r' });
const decResult = await subtle.decrypt(
{
name: 'AES-CTR',
counter,
length: 128
},
key,
input
);
const outBuf = Buffer.from(decResult);
await writeFile('decrypted_js.jpg', outBuf);
console.log(`Hash: ${crc32(outBuf)}`); // remove if not using crc
OpenSSL Example¶
openssl enc -aes-128-ctr -d -K F4EC56A83CDA65B2C6DC11E2CF693DAA -iv 00000000000000000000000000000000 -nopad -in encrypted -out decrypted_file.jpg
crc32 decrypted_file.jpg
The encrypted version is available here.
The decrypted version is available here.
The hex-encoded key for this file is F4EC56A83CDA65B2C6DC11E2CF693DAA
The unsigned decimal integer hash of the original is 4488649