I have successfully constructed RSA2 key by splitting private key blob into n, e, d, p, q values with the following code:
JavaScript
x
33
33
1
szKey = 0x4002
e = struct.unpack("<I", bytearray(keyBlob[0x10:0x14]))[0]3
4
#RSA modulus *n*5
modulusLen = szKey// 86
modulusStart = 0x147
modulusEnd = modulusStart + modulusLen8
n = int(bytes(keyBlob[modulusStart:modulusEnd][::-1]).hex(), 16)9
10
#First factor of *n* (*p*)11
pLen = szKey// 1612
pStart = modulusEnd13
pEnd = pStart + pLen14
p = int(bytes(keyBlob[pStart:pEnd][::-1]).hex(), 16)15
16
#Second factor of *n* (*q*)17
qLen = szKey// 1618
qStart = pEnd19
qEnd = qStart + qLen20
q = int(bytes(keyBlob[qStart:qEnd][::-1]).hex(), 16)21
22
#Private exponent *d*23
dLen = szKey// 8 24
dStart = keyBlobLen - dLen25
d = int(bytes(keyBlob[dStart:keyBlobLen][::-1]).hex(), 16)26
27
#create private key 28
key_params = (n, e, d, p, q) 29
try:30
ret = RSA.construct(key_params)31
except Exception as e:32
raise ValueError("[ERROR] can't create RSA key")33
I did not get any error. However, when I’m trying to decrypt data with this key I get an error: incorrect decryption. I use this piece of code:
JavaScript
1
4
1
AESEncKey = bytes(binary.get_content_from_virtual_address(startEncBin + encBinLen - 0x80, 0x80))2
cipher = PKCS1_OAEP.new(rsa2Key)3
decText = cipher.decrypt(AESEncKey) #error here4
At the same time I see that standart windows functions do it well on the same blob:
JavaScript
1
6
1
2
if ( CryptAcquireContextA(&phProv, 0, 0, 1u, 0xF0000000))3
if ( CryptImportKey(phProv, pRSA2Key, 0x254u, 0, 0, &phKey))4
if ( CryptDecrypt(phKey, 0, -1, 0, pbDataa, &dwDataLen))5
6
Why do I faced “incorrect decryption” error? I think I might use a wrong padding in python..
Also this is my keyblob:
JavaScript
1
39
39
1
04C00000 07 02 00 00 00 A4 00 00 52 53 41 32 00 04 00 00 ..¤..RSA2. 2
04C00010 01 00 01 00 59 60 35 2F 60 02 72 8B 9C 9C 46 6F .Y`5/`.rFo 3
04C00020 45 89 9E C1 5F 3B 78 86 60 26 AB 69 F7 88 21 DA E..Á_;x.`&«i÷.!Ú 4
04C00030 F3 97 D3 62 0D 1C 12 59 43 90 3C FF CF AF C2 A6 ó.Ób...YC.<ÿϯ¦ 5
04C00040 E8 55 09 8C C2 26 F1 1B 6B 10 3F 57 2C E5 1E D3 èU..Â&ñ.k.?W,å.Ó 6
04C00050 D0 AE 74 97 67 01 85 8C F1 A0 41 F5 E4 BF 90 16 Юt.g...ñ Aõä¿.. 7
04C00060 1E 1D 70 17 8D 66 90 74 74 72 CA EC E3 CD 98 C4 ..p..f.ttrÊìãÍ.Ä 8
04C00070 BC BB D6 E4 D7 96 83 B1 24 38 1C 29 C8 2F ED 25 ¼»Öä×..±$8.)È/í% 9
04C00080 EE 33 E3 51 C3 9A 61 2D EB CD 81 B6 8E 00 0E B0 î3ãQÃ.a-ëÍ.¶...° 10
04C00090 72 5F C1 AE 6F 76 B6 E8 BB 0B DC EC F4 82 77 DD r_Á®ov¶è».Üìô.wÝ 11
04C000A0 48 C8 BD 4D 83 8B AD A5 D2 80 A6 A9 36 48 27 A5 HȽM...¥Ò.¦©6H'¥ 12
04C000B0 CE 9A 23 AB B2 9B 8D A0 84 C3 F3 5C E2 BB 8B CF Î.#«².. .Ãóâ».Ï 13
04C000C0 D5 53 DF DE 07 B1 E9 6E 1E 98 24 F7 BC B3 F4 51 ÕSßÞ.±én..$÷¼³ôQ 14
04C000D0 C1 BA 30 D1 B7 39 18 86 8D 66 54 96 87 CB 57 56 Áº0Ñ·9...fT..ËWV 15
04C000E0 B7 B9 43 B9 AA B0 BD 8A 6B A8 F2 1C A3 CE 1A 73 ·¹C¹ª°½.k¨ò.£Î.s 16
04C000F0 D0 01 E8 BE CC DA 93 E6 CB E2 E0 8B 38 6D A1 3E Ð.è¾ÌÚ.æËâà.8m¡> 17
04C00100 D5 68 0B 5B 69 BB 41 1E 99 8B 4B FE 56 AD F8 EA Õh.[i»A...KþV.øê 18
04C00110 5B 11 DC D5 63 01 E1 1B CA 75 A5 94 1A B3 F0 86 [.ÜÕc.á.Êu¥..³ð. 19
04C00120 4B 12 DB 26 7B EA 81 99 28 98 76 AD C8 85 AC 3A K.Û&{ê..(.v.È.¬: 20
04C00130 4A 2F CC 33 90 43 21 AD AD 49 B5 51 DB 32 32 7D J/Ì3.C!..IµQÛ22} 21
04C00140 DB 7A BA F2 55 59 91 CA 20 C2 8A 1A E6 3F 83 3B ÛzºòUY.Ê Â..æ?.; 22
04C00150 A6 58 BD 88 11 27 90 B4 09 7A B8 00 35 DC 3D A4 ¦X½..'.´.z¸.5Ü=¤ 23
04C00160 EA E9 4A D3 6F 16 7C F9 53 29 14 8A EB E4 BE F5 êéJÓo.|ùS)..ëä¾õ 24
04C00170 6A E8 E0 C5 BC 52 EF C3 88 D3 C3 ED 9B 51 60 1B jèàżRïÃ.ÓÃí.Q`. 25
04C00180 74 DC 25 1B 1D 27 6B 74 09 B0 08 E0 9B 8A D7 48 tÜ%..'kt.°.à..×H 26
04C00190 73 FD 66 40 0B E8 41 81 02 E4 43 F5 BF F4 2D EA sýf@.èA..äCõ¿ô-ê 27
04C001A0 DF CD 5C 5E 3C 8D EF 9C 3D 38 88 04 C9 77 D1 4B ßÍ^<.ï.=8..ÉwÑK 28
04C001B0 D2 86 71 EB 5A CE D7 FC CF BA 1B FD 2C 81 74 40 Ò.qëZÎ×üϺ.ý,.t@ 29
04C001C0 82 79 13 DD 00 9E 93 E8 54 59 B4 34 7B 5F B9 80 .y.ÝèTY´4{_¹. 30
04C001D0 7C 69 5B 44 65 A8 F4 15 DA FA BC 44 B3 3B 47 7B |i[De¨ô.Úú¼D³;G{ 31
04C001E0 6D C7 75 0D CF A7 03 44 69 B8 E6 3F 94 03 72 1E mÇu.ϧ.Di¸æ?..r. 32
04C001F0 A3 92 6D AB F2 06 A8 C7 8C 7C B7 2A 0C 79 5C B3 £.m«ò.¨Ç.|·*.y³ 33
04C00200 2B BF 32 38 16 D0 58 67 F5 04 CA 9B 42 27 6E 76 +¿28.ÐXgõ.Ê.B'nv 34
04C00210 67 96 64 00 99 F9 91 B5 BD BA 97 03 50 85 64 0C g.d..ù.µ½º..P.d. 35
04C00220 72 1D 2A 92 6B D0 D6 08 86 D0 9C 68 2B 1C 36 AA r.*.kÐÖ..Ð.h+.6ª 36
04C00230 94 38 63 48 D3 07 CB FC 46 DC 86 86 23 E2 9D C2 .8cHÓ.ËüFÜ..#â. 37
04C00240 04 8C C4 2D 9A 13 40 E8 35 15 B3 84 54 1D 32 98 ..Ä-..@è5.³.T.2. 38
04C00250 F6 1F 8D 3B39
This is an encrypted code:
JavaScript
1
9
1
00F0CF20 42 70 06 C1 08 C4 D6 CB C6 6E ED 63 3F 00 73 33 Bp.Á.ÄÖËÆníc?.s3 2
00F0CF30 92 AB 7E 15 88 1A F0 F5 D3 52 59 7B A0 65 1A A8 .«~ðõÓRY{ e.¨ 3
00F0CF40 5A EE DE AD AA C2 E9 06 F2 99 CB 9E 6A C7 F3 8C ZîÞ.ªÂé.ò.Ë.jÇó. 4
00F0CF50 75 CA 45 D9 A4 DC 29 AC 3D B1 5F 13 2F F5 DD 23 uÊEÙ¤Ü)¬=±_./õÝ# 5
00F0CF60 F1 00 1E 1A C9 DB CB 66 96 96 76 23 6E 69 99 66 ñÉÛËf..v#ni.f 6
00F0CF70 09 B0 67 0F 04 DA F9 48 5E 54 EA A4 D4 6A 73 6A .°g..ÚùH^Tê¤Ôjsj 7
00F0CF80 DE FC 1F 1C 19 9F 4C BB F7 BF 1C C1 47 26 82 FB Þü.L»÷¿.ÁG&.û 8
00F0CF90 6C 71 5D 95 A1 45 A3 AA 0A 4D A1 B3 FE 9C D8 74 lq].¡E£ª.M¡³þ.Øt 9
Advertisement
Answer
Decryption does not work for two reasons:
CryptDecrypt(), (s. Remarks) uses the little endian format, i.e. the ciphertext must be reversed.- The required padding is not OAEP, but PKCS#1 v1.5 padding.
If this is fixed, e.g. with
JavaScript
1
7
1
from Crypto.Cipher import PKCS1_v1_52
3
cipher = PKCS1_v1_5.new(ret) # apply PKCS#1 v1.5 padding4
ct = ct[::-1] # reverse ciphertext 5
decrypted = cipher.decrypt(ct, b'error') 6
print(decrypted.hex()) # 080200001066000020000000af1478d93f5ce5b8db5df78049fe4d22ac0c8b23f8563a6ad805bd0e82fb82497
decryption works:
JavaScript
1
2
1
080200001066000020000000af1478d93f5ce5b8db5df78049fe4d22ac0c8b23f8563a6ad805bd0e82fb82492
The plaintext is a 12 bytes BLOBHEADER structure followed by the 32 bytes AES key defined by it.