I'm using the following script, for its construction I've relied on the community and chat-gpt.
import base64from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modesfrom cryptography.hazmat.backends import default_backendfrom win32crypt import CryptUnprotectData# Función decrypt_valdef decrypt_val(buff: bytes, master_key: bytes) -> str: iv = buff[3:15] payload = buff[15:-16] cipher = Cipher(algorithms.AES(master_key), modes.GCM(iv, buff[-16:]), backend=default_backend()) # Se especifica la etiqueta con el modo GCM decryptor = cipher.decryptor() decrypted_pass = decryptor.update(payload) + decryptor.finalize() decrypted_pass = decrypted_pass.decode() return decrypted_pass# Función get_master_keydef get_master_key() -> bytes: # Esta es la master_key proporcionada master_key = "RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACwiiOT7hVKSpqHHKmfelp6AAAAAAIAAAAAABBmAAAAAQAAIAAAAEr1FtZCawv6cT1z5zzXxZ30h4O7Ity3EBLfTdtM0oO6AAAAAA6AAAAAAgAAIAAAACpGZwsT0RKSCl/ukX6ZxNytKpAbHgRmqLqpRW++TcxEMAAAAC8HEpNDthKadJlMBCAvonE1QXVGTjE4Hh0TJv75iz48R2eb93lG9zxpr8xhh1C7e0AAAAAWODcIFOqibQmHRL/fnDgtFy7JdNC7NynDGMtcucS4R5yD92+2UFPFquqfEbpu/gIW5eMv3LQIQDJlR5I53KRs" master_key = base64.b64decode(master_key) master_key = master_key[5:] master_key = CryptUnprotectData(master_key, None, None, None, 0)[1] return master_key# Token codificado proporcionadobuff = base64.b64decode("djEwsdUQtUlo+u8fbT3dIDywsWtq1iEpaNs5ok1ax5Qln8Jf38QQDtAXr8TQSQMehOnLbYtEwq246L+wRl25BwN5ozWZPzKjedpJ6jzFVoNih4HS8Pdb7WTWEFi22hUj2pUlFLhUgA==")#Vector de inicialización: sdUQtUlo+u8f#payload: bT3dIDywsWtq1iEpaNs5ok1ax5Qln8Jf38QQDtAXr8TQSQMehOnLbYtEwq246L+wRl25BwN5ozWZPzKjedpJ6jzFVoNih4HS8Pdb7WTWEFi# Obtener la clave maestramaster_key = get_master_key()# Desencriptar el tokentoken_desencriptado = decrypt_val(buff, master_key)print("Token desencriptado:", token_desencriptado)What I can't understand is why it's working if the actual decryption key is:
RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADpHGBl4XjpT7wJCP5hOfbvEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAACBsNvEC+5NobWlwI47gXQ0gH6ygCckW03d7sYYm741jAAAAAAOgAAAAAIAACAAAAAgDb9rlDSBX2EQtybfDfjA5bgYY9JJz+bngBHWuu39dzAAAAAE1EXarF4tpHFdmSbA2KvcFn/2mZ3qVyQ7SFha/qy+0VoPntSIYTpRFXC0cqzsOn5AAAAA4rH6CNjtkamgk/bC1Cot8e1FA9wz4pZ4+wxYL738mFkOg6cMTwnuAL2ogQv9Ah/AjhkpH+bLFV5Zwrr2Zumx4A==Why doesn't the script work with that decryption key, but with this one it does?: RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACwiiOT7hVKSpqHHKmfelp6AAAAAAIAAAAAABBmAAAAAQAAIAAAAEr1FtZCawv6cT1z5zzXxZ30h4O7Ity3EBLfTdtM0oO6AAAAAA6AAAAAAgAAIAAAACpGZwsT0RKSCl/ukX6ZxNytKpAbHgRmqLqpRW++TcxEMAAAAC8HEpNDthKadJlMBCAvonE1QXVGTjE4Hh0TJv75iz48R2eb93lG9zxpr8xhh1C7e0AAAAAWODcIFOqibQmHRL/fnDgtFy7JdNC7NynDGMtcucS4R5yD92+2UFPFquqfEbpu/gIW5eMv3LQIQDJlR5I53KRs