From 5ea85f74eb99ece0ed5d4b287ddf94144587b129 Mon Sep 17 00:00:00 2001
From: astravaganza <83530103+astravaganza@users.noreply.github.com>
Date: Mon, 3 Mar 2025 03:17:51 +0530
Subject: [PATCH] Add files via upload

---
 zgpriv_protected_dec.py | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 zgpriv_protected_dec.py

diff --git a/zgpriv_protected_dec.py b/zgpriv_protected_dec.py
new file mode 100644
index 0000000..9e71009
--- /dev/null
+++ b/zgpriv_protected_dec.py
@@ -0,0 +1,41 @@
+from Crypto.Cipher import AES
+from Crypto.Hash import CMAC
+
+from cryptography.hazmat.primitives.keywrap import aes_key_unwrap
+
+def main() -> None:
+	'''
+	8B 22 2F FD 1E 76 19 56 59 CF 27 03 89 8C 42 7F - Transient Key
+	9C E9 34 32 C7 D7 40 16 BA 68 47 63 F8 01 E1 36 - Intermediate Key
+
+	Derive a KEK (Key Encryption Key) with the TK and the IK
+	AES-Key unwrap zlpriv_protected.dat with the KEK
+
+	Derivation function uses the TK (given in PR3.3 source) as the AES Key for OMAC1 (CMAC)
+	sign function. Data is IK + a couple of zeros.
+
+	Oem_Aes_AES128KDFCTR_r8_L128()
+
+	Data is 
+	[i]2 || Label || 0x00 || Context || [L]2
+
+	Context is 16 bytes zero.
+	Label = IK
+	i = 1
+	L = 128 (int)
+	''' 
+	cmac_secret = bytes.fromhex("8B222FFD1E76195659CF2703898C427F")
+	cmac = CMAC.new(cmac_secret, ciphermod=AES)
+
+	cmac_data = bytes.fromhex('019CE93432C7D74016BA684763F801E13600000000000000000000000000000000000080')
+	cmac.update(cmac_data)
+
+	KEK = cmac.hexdigest()
+	print(KEK)
+	with open("zlpriv_protected.dat", "rb") as f:
+		zlprotec = f.read()
+
+	print(aes_key_unwrap(bytes.fromhex(KEK), zlprotec).hex())
+
+if __name__ == '__main__':
+	main()
\ No newline at end of file