-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathfiles_decrypt.py
More file actions
66 lines (50 loc) · 1.99 KB
/
files_decrypt.py
File metadata and controls
66 lines (50 loc) · 1.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
""" Built-in modules """
import os
import re
import sys
from pathlib import Path
# External modules #
from cryptography.fernet import Fernet
def print_err(msg: str):
"""
Displays the passed in error message via stderr.
:param msg: The error message to be displayed.
:return: Nothing
"""
print(f'\n* [ERROR] {msg} *\n', file=sys.stderr)
def main():
"""
Decrypts the encrypted exfiltration data.
:return: Nothing
"""
path = Path.cwd() / 'DecryptDock'
# If the DecryptDock does not exist #
if not path.exists():
print_err('DecryptDock missing, now created so move files in it and rerun program')
# Ensure storage path for exfiltration data exists #
path.mkdir(parents=True)
sys.exit(1)
re_files = re.compile(r'^e_.{1,253}\.[a-z]{2,4}$')
key = b'UR58Mz1VHiGJa1_W42E4G0FD__Ihb4vevs3wmWhVtOc='
for file in os.scandir(path):
# If the item matches file regex and is not .keep file or decrypted hash file #
if re_files.match(file.name) and file.name not in ('.keep', 'SHA_Hashes.txt'):
crypt_path = path / file.name
plain_path = path / file.name[2:]
try:
# Read the encrypted cipher text #
with crypt_path.open('rb') as encrypted_text:
data = encrypted_text.read()
# Decrypt the cipher text data #
decrypted = Fernet(key).decrypt(data)
# Write the plain text data to fresh file #
with plain_path.open('wb') as decrypted_text:
decrypted_text.write(decrypted)
# Delete the cipher text file #
crypt_path.unlink()
# If error occurs during file operation #
except (UnicodeError, OSError) as io_err:
print_err(f'Error occurred decrypting {file.name}: {io_err}')
sys.exit(0)
if __name__ == '__main__':
main()