Secure-Notes/decrypt_backup.py at main · buggenzo/Secure-Notes · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import os
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives import hashes

def decrypt_backup(encrypted_file_path, password, output_zip_path):
    # 1. Read all the crypted file (.enc)
    with open(encrypted_file_path, 'rb') as f:
        data = f.read()

    # Extract Salt and IV
    # Java: fos.write(salt); (16 byte)
    salt = data[:16]
    # Java: fos.write(iv); (12 byte)
    nonce_iv = data[16:28]
    # crypted payload
    ciphertext = data[28:]

    print(f"Extracted Salt: {salt.hex()}")
    print(f"Extracted IV: {nonce_iv.hex()}")

    # Extract key from passwd (PBKDF2)
    # 10000 iterations, SHA256
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32, # 256 bit key
        salt=salt,
        iterations=10000,
    )
    key = kdf.derive(password.encode('utf-8'))

    # Decrypt using AES-GCM
    aesgcm = AESGCM(key)
    try:

        decrypted_data = aesgcm.decrypt(nonce_iv, ciphertext, None)

        # Save result (clear Zip)
        with open(output_zip_path, 'wb') as f:
            f.write(decrypted_data)

        print(f"SUCCESS! Decrypted File saved in: {output_zip_path}")
        print("Now you can open it like a file Zip.")

    except Exception as e:
        print("ERROR: wrong password or corrupted file.")
        print(e)

# ----------------------------
# CHANGE
# CHANGE input_file with file name of encrypted backup
# CHANGE
# CHANGE
# ----------------------------
input_file = "SecureNotes_Backup_20251118_113945.enc"

output_file = "unlocked_backup.zip"
user_pass = input("Insert password for backup: ")

decrypt_backup(input_file, user_pass, output_file)