I have the next json file. It includes an AES cyphered text. I have the key ITP2021ATP! and the way to generate the IV, but when i try to decrypt it, it is not working. It is base 64 encoded too.
var Ou = function(t) {
var e = function(t) {
var e = (new Date).getTimezoneOffset()
, n = new Date(t.getTime() + 60 * e * 1e3).getDate()
, r = parseInt((n < 10 ? "0" + n : n).toString().split("").reverse().join(""))
, i = t.getFullYear()
, a = parseInt(i.toString().split("").reverse().join(""))
, o = parseInt(t.getTime().toString(), 16).toString(36) + ((i + a) * (n + r)).toString(24)
, s = o.length;
if (s < 14)
for (var c = 0; c < 14 - s; c++)
o += "0";
else
s > 14 && (o = o.substr(0, 14));
return "#" + o + "$"
}(new Date(t.lastModified))
, n = Jo.a.enc.Utf8.parse(e)
, r = Jo.a.enc.Utf8.parse(e.toUpperCase())
, i = Jo.a.AES.decrypt(t.response, n, {
iv: r,
mode: Jo.a.mode.CBC,
padding: Jo.a.pad.Pkcs7
});
return JSON.parse(i.toString(Jo.a.enc.Utf8))
};
{"lastModified":1666642401166,"response":"MCiQxX4X6Ul1myrY1nOq45F63b1vo2dkbQsbMKAodQIuRMVcrrI4x9I1+6Oh6+3RCd4GIYd4HZYMPz7ANXkkfACKTPR/fViIFo2nDloUiY8gRi+tMWyDUKKBxoIFreJuvQldLLPishC7KTpJ4X7lUI+L2it5U6+Qx/YaXKeMOOetMoX7hCF3QhEJ7vIm63g16Vyyq6b+qiMeFyCavdoLZ5GBVEBNboOKhLiCWSQzUZIg4FJ7nk3vJEY3p2NGiB/KTCYQjdFlMMLr+chwzV+AleLpOlAknJRuANqSLUOe5H75t4wnHn4xSZ6VpWhGD70xUfS50WmHwgGEs7XZ+onSCanzVoN+98eDT84mmBqAZJ6RwHFU0z9LJNG6vSKHDPhA4C5OHAOL53K4MzfpZkpybbC4ux+pxq/qoOCm6fAQYyOXgA1r3SY/QN5Mp2JzisZ0uhEhX11weqYgg96s5R2zL6bdJ4CzJOHAS3lIz6+yXxRpv4+5rjtyPyyD+IIBiA/vYnjLxurAngjjBgg6BFq1hPd2yWtFfl0nvZWWuGolF2iRkQCjZyrFHZuL49GuKFr+QcrMXl2fFXhVRvltTqUNdUaUN8fmvCuIndOdA434YKIqDUQF5EQjq51ZoNxO/Y48TQK2XvauZ0XyU+PwIMPNgDc20H/AFN7Op+KLgkBwqMtbvjFoWhUL9+Ra3yXIiFxunOzCATyRyAJJVBWXsNFkNKEVmjwMu8u+k/7loIKyaujQYK4RJpIIZw96K5x+OCB3uDmsnzTtKSRkudKc2T4NT2Cu1yhKX6DEFyY+pB6TF1asrCX2scwvlM8kpPwVNvhRKENpw76hFfCZGY4/0nvrDOJHsaE2OCxZpHLH+Rxc0lm1FbnbhmDCWHnervwRLaEAUC3LlybuVrfmJ0B0u5eNcmfksiJL5vHyolxjFl8cRl5ki2LVmtH/1yQmBVghBOhZ798EvQNUE2N1wzwAlWUa5yWRPmCZSrswfxYwGitOsr9E0cxtGB7b2q63/TAVp7FzN+SoGXkwfnejNj+CFmL5w4QrJAsYOiEuxLZ8K2+8C7zvJGehEaVlEvKZBZUpCPtSrYHCdWIm3A33WCMX/ptW3gscLqaA8rclb7e36ZjZPc8sM/2ai8YYOGPzvA2WDVHLPSIXOXJZf1Ok72iIHKOHVrQFYj3gK5/cY3chZk5P5g7XRTNCKk0/jjC/MZmUw+YHi8v+/m3wpUMvSp5oiHT1VIjkleQPIstqzBFVnxgKD3YYAu53S6ESj92WPhAEyZZ7sjWm1pxoEvjzm7oBzth7UfnLIpgomDXwpi7dKLpBixFIFfiCwpqEW3bvdoYLvouNVU9jQGtDQHqS0cIunXwQ9Qoa9g09DHK4k2+yGefA80uc9VUz424YHoP9OzRfbBzQJ6id01xq2Zyrpsg8JWBURm2NznyhYPGoDv7t1m4XKAg5aAv8P8rO4WmrLO7FD/yC3q85pxlQrMFrgGxauzQRVHs239gjr7h9YXzKn4Q4U6yRwhKiduDk+KDmqFIUvvOFz5t69PBGcoslhbTt2lhVFoAsUWHfy1VX0F5MucBPEaXB6aMd1p8+2xVRcNv7Twrx5fx4GXue2W26xzYm0oN2WzvJIpXioBoEmkfAYJXp0pLqiJvjVYhRn4hJ8mR/GlOXlb7+08ukzdcGRGmZj+XjGGVxXNyCYgIJLjju/KsL/9KeBgh3sohijde6G89DvVUzqvrwmoY0UjxY+xjq+QOUnKx+OcMfduqUjDk4v3TfwDqC+uVee3P7wKGBzxHUcjBwkaELHXisjtwcB0UK4hclb62Gk6KOQWpVQpIAH91E5X8+VeYu1crRPHSZEM0J0me9VQW2XvEueIhsLD5WeCU1iYPqj0o5Rroip8EUr3A1WBc1Rl90UpHxxXwu149CU1bui0MVMs8utxjoyeJBtMixP9YpaWcFAgCQxWb5qd7d+ssRoDaZoM6dDPPgEHieIWxFDkBRWF7U9y+oLYLWIxjBbFPpF8RkPUGlfAEGDnJsx8SufeYKYPg+PBUACeNb9OcQZnty7G8tVKOW22C+VyJc0Guy9wEkNTwi6bhQ9qLK9iiARr/xQFK4tOzcv+dd7qgnscdPmo1hiFnl87NuXv43uJVr+dEy40peI95mSr11JBe2aUIgHNa90E6Gc5yGJEEy+LAlujo2Hzb+Z7S8VLm3oe2gChYvrPXRHRkSFwqcIJ1nAErov8z4/c6+ZGpMEdDSizdJR0FrX/kIub7quWOyaK9dQpBY3FEC1WFiZZQx7LYzUfJSWVwrnOz6qGmrvZziCi8z+NnQetvZmZcDWwFo/Ccv3+3DgOthUMY7cqA11G82ZQpNmzxCYyhnc4fTQWfLHU+mrF7c0QinFK6NEaiKkmRSqN/vvcKW21I5nTpgKozeWdBlavfIMA643HTXqSKZOGm3RUdkKc7XBOK2fIRZev0xDQbRYALAQNIzUCcxeVHuZ5FZ00Xv+X2bK1+kLFrTGVihFSejZAHWJdpKEgnwE44PUPAu7YiiGg+V/mYrW8R7qdhBfs/MVPxOO/aRVjA52GEhFANp9FfrByGD4Vdvz38RYN917YVhUSc4/4q6GHEWbRltr2LIZsJZ0DqbOkQ+70s1Izd4My9EkWwKD5cK7qJ64Duoi9hEpZ6lIKrvi6pKRn5EkDY+yZVSolZizXqXJx8e6za43zE+DbRIPrQ1HEYBxzcrAZ3C8z+cAm7DFDVyVJpYx0QpbfQXVQrz1cV2/oPd3zsdNw9afSArWwdY/u1bn84g+QG8Rmg5C3cAdVYM0iToCYu5KHc4WnL/xddwI2NmEMYQgrndlqX6nmsfih4WoK4deoZ8rW7m9biMS6gKFSNHwa4adaOKUKe1yavmI+3IQQknB2tpWdK/RlBMB3QzSu4y1Jusr9r/OJI7MBy0cs+s6W/5YDkLG8GlalsPLC5knihi8gJEe894Wa/74noF5aFo7Twzv0xo8q9MQSJLj3aiPC8KmQnbb2aa5dCCMl9KA1fKIB3EWKqUnKm02w2n1ZW/lgNlsq4z1aSP/pQ2IxCtxNnuzxMse2DBEHrM248Zo3PJh4cHGn4NuvqwZnQjQReEXo2M1z2NtWmNfb8KUjyYiyIDvVu1wkiVO1aODjF8eIxfYaGVx+Prvlj2hjfuw9Goy7XWLjM8bDbPAT9S7P6F2gsozcHh2bJYA9G3yu7Z5mWjNEd6XNvEcmdLkDHf3XNKMTsIofvUM8AoJpqK4FGD9W+KksddXs5AD7EPHoNbU7+nn7P4eHBd/FqK42hFU+NzVnvoXhzMvFrvSF65lYal+zuR/JkEJJVF+UHwwcigg3zUsHN/lopwyemHv5L0TGgDu8nwWbpjNgge4gU/V/6EM2OWbpsxvu7V7r5bf2zJL6XaCIz75Ux3IZCCabBZXfMx4BqHdWEhK8fPigPTCtf2CYhuEdlPVXE9emNSo+3uDGOHW0tOBV0i5jRrjPqzbzlFRNGWS3nMLtmlcEZSxwQ1U+IXiFZJZtJkMCiXlLSUfidlxUAYPCV6DxDX1cJhKBi1CgJn9tdbBVCJGLJOKL60SFdC2lfTTz9pdEQQDg5JvYv9FvRatLlY5irFk8OdC8UQk+LwaGY+fpneu3kOoUKrowxS5kEP9OrIC8qtw0nuVY5FdhPACDomRz3gPUcwkyGUNQfRUbFsArxR5aqAKJJtPRFQrbG4Y51gwS81h7p1CUxwUInvEmV3I7DgT7Bl9BZQ4FIHhYCfKIItv7X9eUe1a4YFPePBB2h9P6fKlLXtDvFjSFU/F55qKjoUy8z1OYlWizKw/FRCEqNoQ/ajClA2BAt4riZNPJUzcDi3/SmKNAjRAiE+HouSwJLLVhb/azBUIOsOUrdQNX6A8e+gYXWmZM4wRKIcgOvYLsZ2CBegj4TC1VIhq2dYFulCzAL7pBVYqFlbHsfmE0z3DPqnQZMgrxrtQSsel1hl2btHl+G+k6k/rIUtiErcY9TQp/8RpDrfPo6hey9V2/xhM/vp1508gL0FUPL7syExHlwEAh6+0f2zQBwG6DzjJinQznSJO416HvoSatfwu8MBxVOy3LeQLxuHCUj1CyQcbYSoxPwmALzmFYnj9UTwlx9tZlSgFgb+EK37bzEKlkJSZZL2Wy/42K1+qz6QFPoXcz8wz0EhT2FfJy8zGAyeS+pgSoPH0iZpwhItgUp5bQ9MPqCcG2/tn+yciopW0+0c/9ZNa1w8NZc8kvqNZbYPOjqx54m7Ki//hz85LAFi5b/7U7DkMDuTX/bR2YQ8wzO8onWAr+Zz34jOi5lzVDogTdzpYmo0RCRRPGtInKwc7vhKc+pqArPqLHEe2AGfEad+iMP4YVeCJDpGsjBsaxbYLYkEwi4HfqfFLgwVcQorb9/L3h6aRJ+8BRKtpAqq3J83nPhtXfu/ZQxWTOckWbvGgqQPnfkzd7yJidy99CZZLMSSubQ="}
But when I try to decrypt the file (must generate another json file) I dont get anything useful.
What am i doing wrong?
The IV generated for this based in modified json field is: #3VOMO21HLYK400$
I'm trying to understand what am i doing wrong but I dont get it. Any tip is welcomed.
The part:
i = Jo.a.AES.decrypt(t.response, n, {iv: r, mode: Jo.a.mode.CBC, padding: Jo.a.pad.Pkcs7}
...
return JSON.parse(i.toString(Jo.a.enc.Utf8))
seems to use CryptoJS and performs a decryption with CBC and PKCS#7 padding.
The function at the beginning appears to be a key derivation function, which derives the key presumably from a date as input. So for a reproduction of the key the input is needed. The meaning of ITP2021ATP! is not clear, it fits neither as input for the key derivation nor as key for the encryption. But even without the original input it is possible to derive the key if the IV is known, because there is a relation between key and IV.
The parameter o in the key derivation contains a string, for the generation of which toString(36) and toString(24) was used. toString() applies lowercase letters for a radix larger than 10.
o is extended to the key material e by adding digits and special characters, i.e. the key material consists of lowercase letters (plus digits and special characters).
From the decryption part it can be deduced that n is the key and r is the IV, both of which are derived from the key material e as follows:
n = CryptoJS.enc.Utf8.parse(e)
r = CryptoJS.enc.Utf8.parse(e.toUpperCase())
I.e. IV and key are identical and differ only in that lowercase letters are used for the key and uppercase letters for the IV.
Since the IV is known #3VOMO21HLYK400$, the key can thus be easily derived by converting the uppercase letters to lowercase letters: #3vomo21hlyk400$.
This allows the ciphertext to be decrypted with CryptoJS:
var key = CryptoJS.enc.Utf8.parse('#3vomo21hlyk400$')
var iv = CryptoJS.enc.Utf8.parse('#3VOMO21HLYK400$')
var ciphertext = 'MCiQxX4X6Ul1myrY1nOq45F63b1vo2dkbQsbMKAodQIuRMVcrrI4x9I1+6Oh6+3RCd4GIYd4HZYMPz7ANXkkfACKTPR/fViIFo2nDloUiY8gRi+tMWyDUKKBxoIFreJuvQldLLPishC7KTpJ4X7lUI+L2it5U6+Qx/YaXKeMOOetMoX7hCF3QhEJ7vIm63g16Vyyq6b+qiMeFyCavdoLZ5GBVEBNboOKhLiCWSQzUZIg4FJ7nk3vJEY3p2NGiB/KTCYQjdFlMMLr+chwzV+AleLpOlAknJRuANqSLUOe5H75t4wnHn4xSZ6VpWhGD70xUfS50WmHwgGEs7XZ+onSCanzVoN+98eDT84mmBqAZJ6RwHFU0z9LJNG6vSKHDPhA4C5OHAOL53K4MzfpZkpybbC4ux+pxq/qoOCm6fAQYyOXgA1r3SY/QN5Mp2JzisZ0uhEhX11weqYgg96s5R2zL6bdJ4CzJOHAS3lIz6+yXxRpv4+5rjtyPyyD+IIBiA/vYnjLxurAngjjBgg6BFq1hPd2yWtFfl0nvZWWuGolF2iRkQCjZyrFHZuL49GuKFr+QcrMXl2fFXhVRvltTqUNdUaUN8fmvCuIndOdA434YKIqDUQF5EQjq51ZoNxO/Y48TQK2XvauZ0XyU+PwIMPNgDc20H/AFN7Op+KLgkBwqMtbvjFoWhUL9+Ra3yXIiFxunOzCATyRyAJJVBWXsNFkNKEVmjwMu8u+k/7loIKyaujQYK4RJpIIZw96K5x+OCB3uDmsnzTtKSRkudKc2T4NT2Cu1yhKX6DEFyY+pB6TF1asrCX2scwvlM8kpPwVNvhRKENpw76hFfCZGY4/0nvrDOJHsaE2OCxZpHLH+Rxc0lm1FbnbhmDCWHnervwRLaEAUC3LlybuVrfmJ0B0u5eNcmfksiJL5vHyolxjFl8cRl5ki2LVmtH/1yQmBVghBOhZ798EvQNUE2N1wzwAlWUa5yWRPmCZSrswfxYwGitOsr9E0cxtGB7b2q63/TAVp7FzN+SoGXkwfnejNj+CFmL5w4QrJAsYOiEuxLZ8K2+8C7zvJGehEaVlEvKZBZUpCPtSrYHCdWIm3A33WCMX/ptW3gscLqaA8rclb7e36ZjZPc8sM/2ai8YYOGPzvA2WDVHLPSIXOXJZf1Ok72iIHKOHVrQFYj3gK5/cY3chZk5P5g7XRTNCKk0/jjC/MZmUw+YHi8v+/m3wpUMvSp5oiHT1VIjkleQPIstqzBFVnxgKD3YYAu53S6ESj92WPhAEyZZ7sjWm1pxoEvjzm7oBzth7UfnLIpgomDXwpi7dKLpBixFIFfiCwpqEW3bvdoYLvouNVU9jQGtDQHqS0cIunXwQ9Qoa9g09DHK4k2+yGefA80uc9VUz424YHoP9OzRfbBzQJ6id01xq2Zyrpsg8JWBURm2NznyhYPGoDv7t1m4XKAg5aAv8P8rO4WmrLO7FD/yC3q85pxlQrMFrgGxauzQRVHs239gjr7h9YXzKn4Q4U6yRwhKiduDk+KDmqFIUvvOFz5t69PBGcoslhbTt2lhVFoAsUWHfy1VX0F5MucBPEaXB6aMd1p8+2xVRcNv7Twrx5fx4GXue2W26xzYm0oN2WzvJIpXioBoEmkfAYJXp0pLqiJvjVYhRn4hJ8mR/GlOXlb7+08ukzdcGRGmZj+XjGGVxXNyCYgIJLjju/KsL/9KeBgh3sohijde6G89DvVUzqvrwmoY0UjxY+xjq+QOUnKx+OcMfduqUjDk4v3TfwDqC+uVee3P7wKGBzxHUcjBwkaELHXisjtwcB0UK4hclb62Gk6KOQWpVQpIAH91E5X8+VeYu1crRPHSZEM0J0me9VQW2XvEueIhsLD5WeCU1iYPqj0o5Rroip8EUr3A1WBc1Rl90UpHxxXwu149CU1bui0MVMs8utxjoyeJBtMixP9YpaWcFAgCQxWb5qd7d+ssRoDaZoM6dDPPgEHieIWxFDkBRWF7U9y+oLYLWIxjBbFPpF8RkPUGlfAEGDnJsx8SufeYKYPg+PBUACeNb9OcQZnty7G8tVKOW22C+VyJc0Guy9wEkNTwi6bhQ9qLK9iiARr/xQFK4tOzcv+dd7qgnscdPmo1hiFnl87NuXv43uJVr+dEy40peI95mSr11JBe2aUIgHNa90E6Gc5yGJEEy+LAlujo2Hzb+Z7S8VLm3oe2gChYvrPXRHRkSFwqcIJ1nAErov8z4/c6+ZGpMEdDSizdJR0FrX/kIub7quWOyaK9dQpBY3FEC1WFiZZQx7LYzUfJSWVwrnOz6qGmrvZziCi8z+NnQetvZmZcDWwFo/Ccv3+3DgOthUMY7cqA11G82ZQpNmzxCYyhnc4fTQWfLHU+mrF7c0QinFK6NEaiKkmRSqN/vvcKW21I5nTpgKozeWdBlavfIMA643HTXqSKZOGm3RUdkKc7XBOK2fIRZev0xDQbRYALAQNIzUCcxeVHuZ5FZ00Xv+X2bK1+kLFrTGVihFSejZAHWJdpKEgnwE44PUPAu7YiiGg+V/mYrW8R7qdhBfs/MVPxOO/aRVjA52GEhFANp9FfrByGD4Vdvz38RYN917YVhUSc4/4q6GHEWbRltr2LIZsJZ0DqbOkQ+70s1Izd4My9EkWwKD5cK7qJ64Duoi9hEpZ6lIKrvi6pKRn5EkDY+yZVSolZizXqXJx8e6za43zE+DbRIPrQ1HEYBxzcrAZ3C8z+cAm7DFDVyVJpYx0QpbfQXVQrz1cV2/oPd3zsdNw9afSArWwdY/u1bn84g+QG8Rmg5C3cAdVYM0iToCYu5KHc4WnL/xddwI2NmEMYQgrndlqX6nmsfih4WoK4deoZ8rW7m9biMS6gKFSNHwa4adaOKUKe1yavmI+3IQQknB2tpWdK/RlBMB3QzSu4y1Jusr9r/OJI7MBy0cs+s6W/5YDkLG8GlalsPLC5knihi8gJEe894Wa/74noF5aFo7Twzv0xo8q9MQSJLj3aiPC8KmQnbb2aa5dCCMl9KA1fKIB3EWKqUnKm02w2n1ZW/lgNlsq4z1aSP/pQ2IxCtxNnuzxMse2DBEHrM248Zo3PJh4cHGn4NuvqwZnQjQReEXo2M1z2NtWmNfb8KUjyYiyIDvVu1wkiVO1aODjF8eIxfYaGVx+Prvlj2hjfuw9Goy7XWLjM8bDbPAT9S7P6F2gsozcHh2bJYA9G3yu7Z5mWjNEd6XNvEcmdLkDHf3XNKMTsIofvUM8AoJpqK4FGD9W+KksddXs5AD7EPHoNbU7+nn7P4eHBd/FqK42hFU+NzVnvoXhzMvFrvSF65lYal+zuR/JkEJJVF+UHwwcigg3zUsHN/lopwyemHv5L0TGgDu8nwWbpjNgge4gU/V/6EM2OWbpsxvu7V7r5bf2zJL6XaCIz75Ux3IZCCabBZXfMx4BqHdWEhK8fPigPTCtf2CYhuEdlPVXE9emNSo+3uDGOHW0tOBV0i5jRrjPqzbzlFRNGWS3nMLtmlcEZSxwQ1U+IXiFZJZtJkMCiXlLSUfidlxUAYPCV6DxDX1cJhKBi1CgJn9tdbBVCJGLJOKL60SFdC2lfTTz9pdEQQDg5JvYv9FvRatLlY5irFk8OdC8UQk+LwaGY+fpneu3kOoUKrowxS5kEP9OrIC8qtw0nuVY5FdhPACDomRz3gPUcwkyGUNQfRUbFsArxR5aqAKJJtPRFQrbG4Y51gwS81h7p1CUxwUInvEmV3I7DgT7Bl9BZQ4FIHhYCfKIItv7X9eUe1a4YFPePBB2h9P6fKlLXtDvFjSFU/F55qKjoUy8z1OYlWizKw/FRCEqNoQ/ajClA2BAt4riZNPJUzcDi3/SmKNAjRAiE+HouSwJLLVhb/azBUIOsOUrdQNX6A8e+gYXWmZM4wRKIcgOvYLsZ2CBegj4TC1VIhq2dYFulCzAL7pBVYqFlbHsfmE0z3DPqnQZMgrxrtQSsel1hl2btHl+G+k6k/rIUtiErcY9TQp/8RpDrfPo6hey9V2/xhM/vp1508gL0FUPL7syExHlwEAh6+0f2zQBwG6DzjJinQznSJO416HvoSatfwu8MBxVOy3LeQLxuHCUj1CyQcbYSoxPwmALzmFYnj9UTwlx9tZlSgFgb+EK37bzEKlkJSZZL2Wy/42K1+qz6QFPoXcz8wz0EhT2FfJy8zGAyeS+pgSoPH0iZpwhItgUp5bQ9MPqCcG2/tn+yciopW0+0c/9ZNa1w8NZc8kvqNZbYPOjqx54m7Ki//hz85LAFi5b/7U7DkMDuTX/bR2YQ8wzO8onWAr+Zz34jOi5lzVDogTdzpYmo0RCRRPGtInKwc7vhKc+pqArPqLHEe2AGfEad+iMP4YVeCJDpGsjBsaxbYLYkEwi4HfqfFLgwVcQorb9/L3h6aRJ+8BRKtpAqq3J83nPhtXfu/ZQxWTOckWbvGgqQPnfkzd7yJidy99CZZLMSSubQ=';
var decrypted = CryptoJS.AES.decrypt(
ciphertext,
key,
{
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}
);
document.getElementById("dt").innerHTML = "Decrypted: " + decrypted.toString(CryptoJS.enc.Utf8);<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
<p style="font-family:'Courier New', monospace;" id="dt"></p>or e.g. on CyberChef: