-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdecrypt_optimized.py
More file actions
116 lines (86 loc) · 4.87 KB
/
decrypt_optimized.py
File metadata and controls
116 lines (86 loc) · 4.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
import base64
from hashlib import pbkdf2_hmac
# Fixed IVs used by Bubble.io (obtained through JS debugging)
FIXED_IV_Y = 'po9'
FIXED_IV_X = 'fl1'
def derive_key_iv(appname, custom_iv=None, is_fixed=True):
"""Derive AES key and IV using PBKDF2-MD5
Args:
appname: Application name
custom_iv: Custom IV string (for fixed IV decrypt) or bytes (for payload decrypt)
is_fixed: True for fixed IV operations, False for payload operations
"""
if is_fixed:
derived_iv = pbkdf2_hmac('md5', custom_iv.encode('utf-8'), appname.encode('utf-8'), 7, dklen=16)
derived_key = pbkdf2_hmac('md5', appname.encode('utf-8'), appname.encode('utf-8'), 7, dklen=32)
else:
derived_iv = pbkdf2_hmac('md5', custom_iv, appname.encode('utf-8'), 7, dklen=16)
derived_key = None
return derived_key, derived_iv
def decrypt_aes_cbc(ciphertext, key, iv):
"""Decrypt using AES-CBC mode"""
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
decryptor = cipher.decryptor()
return decryptor.update(ciphertext) + decryptor.finalize()
def unpad_pkcs7(data):
"""Remove PKCS7 padding"""
return data[:-data[-1]]
def decrypt_with_fixed_iv(appname, encrypted_b64, fixed_iv):
"""Decrypt x or y values using fixed IV"""
ciphertext = base64.b64decode(encrypted_b64)
key, iv = derive_key_iv(appname, fixed_iv, is_fixed=True)
return decrypt_aes_cbc(ciphertext, key, iv)
def decrypt_payload(appname, timestamp, iv_bytes, encrypted_payload_b64):
"""Decrypt the main payload (z) using timestamp and IV"""
ciphertext = base64.b64decode(encrypted_payload_b64)
# Create key from appname + timestamp
key_material = f"{appname}{timestamp}".encode('utf-8').replace(b'\x01', b'')
derived_key = pbkdf2_hmac('md5', key_material, appname.encode('utf-8'), 7, dklen=32)
# Derive IV
_, derived_iv = derive_key_iv(appname, iv_bytes, is_fixed=False)
# Decrypt and remove padding
decrypted = decrypt_aes_cbc(ciphertext, derived_key, derived_iv)
return unpad_pkcs7(decrypted)
def main():
"""Main decryption function"""
# Encrypted values from user
x_encrypted = "GranouOs1r8ks5StX2FCJkiwW/aVIWS8+GKGnji2zSc="
y_encrypted = "Ob1I+e/bWBepc/11Xzu4CQ=="
z_encrypted = "KnZrD10QJJpNsYGBnu6rQncLUVljrJrzvzErFeijZLoRRIhEFSASiiPLVQxh4a57yBYbU5dTw9n7bJ7qNk9+EBN5QiuAxBjihA68wS1Z3oFfRuE75IrPPG4SzYhqfqKH29jVgue5c9Thzm/9POSXzkfcmzy2wb6AACEazJ6s+hnCAq8rN0J3uDZ8RoPYxuHh7ucT6g7gx3NOPSxlsyignMAa5Atucup4XS7B7Cd6cTotHmMBPaQySjWjBbtqSR0+Nzh7ju7HAIGqWKm41xuVrOaDDhvOiL91P+YYp4atdMMJbhcarOzXfhBVxTM6T4CCXWXlxobYqJxlXbV0XUbIDeZ+e1apzv7jY1feFwjvO2FdAjxJkrhK7jyPO+j3XKqaXk8eOQJsSB/8PQDz09LwAE/UUrL2Hv01Qa7ksLplpsEDF29wKWkZNafeujO6fxyspY4FGieEGd7hMj5rgzqsLEOe+hhMQT9Q3SN6fh0NiWZZWnw9arja6ghlD2ONs87s2uDooRtT95ZRxKfzHy67uRmcPSgidAWoQ1uG2/UYWkyqN9bHmap1Prv6VILJryBhk+Mbrreiia3Qd8xtHOL3QNXVv0uYzA1h5A5hnMXfovZb9xbAZG84njoOM8+mvWD5opZuJ0aggrtOP5R96jgeEbimzH/z+EmaHwIK6xz4UOGGk0WQ01/Bomuo4XwNwN6a+ZyHTNhMYtoyjkEvwVoeR6HtL7+gik7P4OmlXoWSJkrFszFJe4dTzzajG42a5fmKSdRulFYqUHMliDfi7aztshw2paL6UTfwSS9p+D5M7OFqWSGTO0jZcWfApYJwy1UcnPcfD6zAhQsZ8qfOYrprWt4Cyar+D+4hP34S5LcuCLNrwdh0Wly+BUYFNI/SKyTZlsMtYwjuaVciHYGZ6O8QpcJBr9Ivv878BJKF6L5ogNC5XkJRfblt6Vo7bSvCRbFo"
# Get appname from user
print("=" * 60)
print("Bubble.io Payload Decrypter - Optimized Version")
print("=" * 60)
appname = input("\nEnter AppName (from X-Bubble-Appname header): ").strip()
if not appname:
print("Error: AppName is required!")
return
try:
# Step 1: Decrypt timestamp (y)
print("\n[1] Decrypting timestamp (y)...")
decoded_y_raw = decrypt_with_fixed_iv(appname, y_encrypted, FIXED_IV_Y)
decoded_y = decoded_y_raw.decode('utf-8').replace('_1', '')
print(f" ✓ Timestamp: {decoded_y}")
# Step 2: Decrypt IV (x)
print("\n[2] Decrypting IV (x)...")
decoded_x = decrypt_with_fixed_iv(appname, x_encrypted, FIXED_IV_X)
decoded_x = decoded_x.replace(b'\x0e', b'').replace(b'\r', b'').replace(b'\x0f', b'')
print(f" ✓ IV extracted")
# Step 3: Decrypt payload (z)
print("\n[3] Decrypting payload (z)...")
decrypted_payload = decrypt_payload(appname, decoded_y, decoded_x, z_encrypted)
print("\n" + "=" * 60)
print("DECRYPTED PAYLOAD:")
print("=" * 60)
print(decrypted_payload.decode('utf-8'))
print("=" * 60)
except Exception as e:
print(f"\n❌ Decryption failed: {e}")
print("\nPossible reasons:")
print(" - Incorrect AppName")
print(" - Corrupted encrypted data")
print(" - Invalid base64 encoding")
if __name__ == "__main__":
main()