summaryrefslogtreecommitdiffstats
path: root/decode-qr-uri.py
diff options
context:
space:
mode:
Diffstat (limited to 'decode-qr-uri.py')
-rwxr-xr-xdecode-qr-uri.py19
1 files changed, 8 insertions, 11 deletions
diff --git a/decode-qr-uri.py b/decode-qr-uri.py
index 711ce5b..493f086 100755
--- a/decode-qr-uri.py
+++ b/decode-qr-uri.py
@@ -1,5 +1,7 @@
#!/bin/env python3
import urllib.parse
+import hmac
+import hashlib
from hashlib import pbkdf2_hmac
import base64
import argparse
@@ -64,28 +66,23 @@ key = pbkdf2_hmac(
logging.debug("KDF Output: 0x%s", key.hex())
# Validate whether our key is correct using the provided MAC
-# TODO: Fix
-'''
+# The MAC'd payload does not include the MAC itself
+macedPayload = o.query[0:o.query.rfind('&')] # mac is last param, so can remove it this way
+
hmacKey = key[16:48]
hmacer = hmac.new(hmacKey, digestmod=hashlib.sha256)
-hmacer.update(urllib.parse.unquote(o.query).encode("utf-8"))
+hmacer.update(macedPayload.encode('utf-8'))
hmacDigest = hmacer.digest()
logging.info('HMAC Digest: 0x%s', hmacDigest.hex())
try:
mac = query['mac'][0]
- if base64.b64decode(mac) != hmacDigest:
- logging.warning("Falied to validate HMAC")
+ if base64.b64decode(mac) != hmacDigest[0:12]:
+ logging.warning("Falied to validate HMAC. Are you use this passcode is correct?")
except:
logging.warning("No MAC was provided in URI. Cannot verify if key is correct")
-print(query['mac'][0])
-print(o.query.encode('utf-8'))
-print(hmacDigest)
-print(base64.b64decode(query['mac'][0]))
-'''
-
# Remove the KDF salt from the encrypted data
encdata = enc[8:]