Update zgpriv_protected_dec.py

- write zgpriv to disk instead of hex output to console - removed the last 16 bytes
2025-04-29 17:39:43 +00:00 · 2025-03-05 02:18:25 +05:30 · 2025-03-05 02:18:25 +05:30 · a5f80f536f
commit a5f80f536f
parent 24ee589e0c
1 changed files with 10 additions and 7 deletions
--- a/zgpriv_protected_dec.py
+++ b/zgpriv_protected_dec.py
@ -12,7 +12,7 @@ def main() -> None:
 	AES-Key unwrap zlpriv_protected.dat with the KEK

 	Derivation function uses the TK (given in PR3.3 source) as the AES Key for OMAC1 (CMAC)
-	sign function. Data is IK + a couple of zeros.
+	sign function.

 	Oem_Aes_AES128KDFCTR_r8_L128()

@ -22,7 +22,7 @@ def main() -> None:
 	Context is 16 bytes zero.
 	Label = IK
 	i = 1
-	L = 128 (int)
+	L = 128 (0x80)
 	''' 
 	cmac_secret = bytes.fromhex("8B222FFD1E76195659CF2703898C427F")
 	cmac = CMAC.new(cmac_secret, ciphermod=AES)
@ -31,11 +31,14 @@ def main() -> None:
 	cmac.update(cmac_data)

 	KEK = cmac.hexdigest()
-	print(KEK)
-	with open("zlpriv_protected.dat", "rb") as f:
-		zlprotec = f.read()
+	# KEK = "8f0618e44af40cd782525b7851c51a7c"
 	
-	print(aes_key_unwrap(bytes.fromhex(KEK), zlprotec).hex())
+	with open("zgpriv_protected.dat", "rb") as f:
+		zgprotec = f.read()
+
+	with open("zgpriv.dat", "wb") as f:
+		f.write(aes_key_unwrap(bytes.fromhex(KEK), zgprotec)[:32])
+		print("[+] Decrypted zgpriv written to disk.")

 if __name__ == '__main__':
 	main()