From a5f80f536f4d6b7dc3748a5585c591910fd074c0 Mon Sep 17 00:00:00 2001
From: astravaganza <83530103+astravaganza@users.noreply.github.com>
Date: Wed, 5 Mar 2025 02:18:25 +0530
Subject: [PATCH] Update zgpriv_protected_dec.py

- write zgpriv to disk instead of hex output to console
- removed the last 16 bytes
---
 zgpriv_protected_dec.py | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/zgpriv_protected_dec.py b/zgpriv_protected_dec.py
index 9e71009..4b2b337 100644
--- a/zgpriv_protected_dec.py
+++ b/zgpriv_protected_dec.py
@@ -12,7 +12,7 @@ def main() -> None:
 	AES-Key unwrap zlpriv_protected.dat with the KEK
 
 	Derivation function uses the TK (given in PR3.3 source) as the AES Key for OMAC1 (CMAC)
-	sign function. Data is IK + a couple of zeros.
+	sign function.
 
 	Oem_Aes_AES128KDFCTR_r8_L128()
 
@@ -22,7 +22,7 @@ def main() -> None:
 	Context is 16 bytes zero.
 	Label = IK
 	i = 1
-	L = 128 (int)
+	L = 128 (0x80)
 	''' 
 	cmac_secret = bytes.fromhex("8B222FFD1E76195659CF2703898C427F")
 	cmac = CMAC.new(cmac_secret, ciphermod=AES)
@@ -31,11 +31,14 @@ def main() -> None:
 	cmac.update(cmac_data)
 
 	KEK = cmac.hexdigest()
-	print(KEK)
-	with open("zlpriv_protected.dat", "rb") as f:
-		zlprotec = f.read()
+	# KEK = "8f0618e44af40cd782525b7851c51a7c"
+	
+	with open("zgpriv_protected.dat", "rb") as f:
+		zgprotec = f.read()
 
-	print(aes_key_unwrap(bytes.fromhex(KEK), zlprotec).hex())
+	with open("zgpriv.dat", "wb") as f:
+		f.write(aes_key_unwrap(bytes.fromhex(KEK), zgprotec)[:32])
+		print("[+] Decrypted zgpriv written to disk.")
 
 if __name__ == '__main__':
-	main()
\ No newline at end of file
+	main()