So I was given a key and a hash to decrypt with PowerShell.
key: (165, 49, 50, 151, 4, 58, 80, 217, 250, 19, 249, 150, 185, 102, 202, 113)
hash:
76492d1116743f0423413b16050a5345MgB8AEsAVQBkAGkAWQBQAGYAcgA2ADQASwBCAGQ
AcwBkAFEATQByAFQATABqAFEAPQA9AHwAOQBkAGQAYQA2AGQAYgA4ADQAZQBmAGUAMgBiADQ
ANgA1ADkANAA5AGYAMQBlADIAYgA5ADIAMQBmADUANgA0ADgANgBiADYANwBmAGMANgBjADAA
ZgA5AGUAZQAxAGQANgA3ADUANwA3ADUAZgA1AGYAOABlADcAOQA0AGMAOQA4ADMAZgBmADQ
AMQBkADcAYgAyADkAZQBhADEANwA2AGEAMQBhADMAZQBiADEAOQBkAGMANABiAGIANQBhAGM
AOQA0ADQAMwBhADAAZQAzAGQAZQAwADIANwA2ADUANwAzADcAMABhAGMAMwAxAGYAYwBjA
DYANAA5ADYAZgBlAGQANAA3ADIAMAA2AGUAOQA0ADEAMQA2ADEAYgA2ADMAYgAwADUANQA1A
GQAYQBiADQAOABkAGMANQAyADUAZABkADIANQA5AGQANQA3ADIANgA4ADUAYQA3ADcAMgAxAD
AAOQA2AGUAYQA4ADUAZQAyADgAZABhADMANABlADkANwA0ADIAZQBiADMAMwAzADMAMwAwA
DIAZAA4ADIAYgAwADkAZgBjADUAMgA4AGQANQBkADUAOQA0ADgAMwA4ADEAYgBmAGIAMwBjAGU
AYQAyADUAZgA3ADgAOQA0AGUAZABiAGMAYgBkADcANQAyADQAOQA0ADkANwAxADgAOQAxAGMA
ZAA5ADcAMQA2AGQAOABjAGQAOQAyAGIANQA0AGUAZgAzADcANwA0ADkAOQAxAGIANQA2AGUANw
AyADIAMAA5ADcAOQA3ADIANwAyADAAZgAyAGUAMgA2AGQAMwA1ADMAMAA1AGUAYwAxADcAYw
A2AGQAMwA2AGQAZQBjADgANwAyADYAYwBkADgANQA5AGYANwAwAGUAMQA3AGUANwBkADIAMQ
A4ADgANAA2ADIANAAwAGIANAA5ADgAMwBiADMAOAA1ADUAYgBiAGUAMABhAGIANgAxAGEAMwB
mADYAYQA5ADUANQBmAGUAZQAyADAAZQBhADAAZQAxADUAOAAxAGIAZQA1ADMAMAA5AGUAYQ
BiADkANwAwAGQAMQBmAGQAYgAxAGIANQA0ADAAYwAwADMAOQA5ADcANQA1ADcAOABjADUANg
AyADAAMAA2ADEAZAAyAGQAYgA0ADYAZAA2AGUAOABhADUANQA4ADgAYQA0AGMAZgAwADQANwB
lAGMAZABiAGQAYgBjADQANwA1AGQAYQA2ADQAYgA4ADcAMAAzADIAMgBhADIAZgA1ADAANgA4AGU
AYwBlADgAMgA4AGEAMwAzAGYAMAAzADkANQBlADkAMgBkADIAMgA1ADAAOAA4AGIAOQA3AGUAYg
AzADIAZQA3ADMAMQA4AA==
My code:
$Key = (165, 49, 50, 151, 4, 58, 80, 217, 250, 19, 249, 150, 185, 102, 202, 113)
ConvertFrom-SecureString (ConvertTo-SecureString
"abovehash" -AsPlainText -Force) -Key $Key
My theory is that it is already a secure string but to flip it to plaintext I would need to convertto and convertfrom to translate it. I used a website which decoded it perfectly https://www.wietzebeukema.nl/powershell-securestring-decoder/#
I get the hash re-hashed again.
I know how to make my own secure key and decrypt it but how would you decrypt a hash if you were given the hash and the key.
I remember trying to do this 4 or 5 years ago to store random stuff in it. What I found out is for some reason the ConvertFrom-SecureString never worked. After some reasearch I found out converting to BTSR using the System.Runtime.InteropServices.Marshal SecureStringtoBTSR from a SecureString and then using the PtrToStringAuto will decrypt it properly. I will try to locate the reasoning and post it. But this should work and provide you the message you want:
$Key = (165, 49, 50, 151, 4, 58, 80, 217, 250, 19, 249, 150, 185, 102, 202, 113)
$hash = "76492d1116743f0423413b16050a5345MgB8AEsAVQBkAGkAWQBQAGYAcgA2ADQASwBCAGQAcwBkAFEATQByAFQATABqAFEAPQA9AHwAOQBkAGQAYQA2AGQAYgA4ADQAZQBmAGUAMgBiADQANgA1ADkANAA5AGYAMQBlADIAYgA5ADIAMQBmADUANgA0ADgANgBiADYANwBmAGMANgBjADAAZgA5AGUAZQAxAGQANgA3ADUANwA3ADUAZgA1AGYAOABlADcAOQA0AGMAOQA4ADMAZgBmADQAMQBkADcAYgAyADkAZQBhADEANwA2AGEAMQBhADMAZQBiADEAOQBkAGMANABiAGIANQBhAGMAOQA0ADQAMwBhADAAZQAzAGQAZQAwADIANwA2ADUANwAzADcAMABhAGMAMwAxAGYAYwBjADYANAA5ADYAZgBlAGQANAA3ADIAMAA2AGUAOQA0ADEAMQA2ADEAYgA2ADMAYgAwADUANQA1AGQAYQBiADQAOABkAGMANQAyADUAZABkADIANQA5AGQANQA3ADIANgA4ADUAYQA3ADcAMgAxADAAOQA2AGUAYQA4ADUAZQAyADgAZABhADMANABlADkANwA0ADIAZQBiADMAMwAzADMAMwAwADIAZAA4ADIAYgAwADkAZgBjADUAMgA4AGQANQBkADUAOQA0ADgAMwA4ADEAYgBmAGIAMwBjAGUAYQAyADUAZgA3ADgAOQA0AGUAZABiAGMAYgBkADcANQAyADQAOQA0ADkANwAxADgAOQAxAGMAZAA5ADcAMQA2AGQAOABjAGQAOQAyAGIANQA0AGUAZgAzADcANwA0ADkAOQAxAGIANQA2AGUANwAyADIAMAA5ADcAOQA3ADIANwAyADAAZgAyAGUAMgA2AGQAMwA1ADMAMAA1AGUAYwAxADcAYwA2AGQAMwA2AGQAZQBjADgANwAyADYAYwBkADgANQA5AGYANwAwAGUAMQA3AGUANwBkADIAMQA4ADgANAA2ADIANAAwAGIANAA5ADgAMwBiADMAOAA1ADUAYgBiAGUAMABhAGIANgAxAGEAMwBmADYAYQA5ADUANQBmAGUAZQAyADAAZQBhADAAZQAxADUAOAAxAGIAZQA1ADMAMAA5AGUAYQBiADkANwAwAGQAMQBmAGQAYgAxAGIANQA0ADAAYwAwADMAOQA5ADcANQA1ADcAOABjADUANgAyADAAMAA2ADEAZAAyAGQAYgA0ADYAZAA2AGUAOABhADUANQA4ADgAYQA0AGMAZgAwADQANwBlAGMAZABiAGQAYgBjADQANwA1AGQAYQA2ADQAYgA4ADcAMAAzADIAMgBhADIAZgA1ADAANgA4AGUAYwBlADgAMgA4AGEAMwAzAGYAMAAzADkANQBlADkAMgBkADIAMgA1ADAAOAA4AGIAOQA3AGUAYgAzADIAZQA3ADMAMQA4AA=="
$Secured = $hash | ConvertTo-SecureString -key $key
$BTSR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Secured)
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BTSR)
And of course in pure Microsoft fashion the explanation article is no longer where it used to be. Once I have the context reasoning I will update.
Update
Here is an SO Answer giving some context to it: Are you able to use PtrToStringAuto to decrypt a secure string in Powershell 7 on macOS?