mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ ls -lh
total 240K
-rwxrwxrwx 1 mingyang mingyang 29K Oct 12 16:04 737850c38fd0c2f80ee04daafac45658_lsb.bin
-rwxrwxrwx 1 mingyang mingyang 7.5K Oct 12 16:04 base64_decoded.bin
-rwxrwxrwx 1 mingyang mingyang 512 Oct 12 16:04 decrypted_4D75489A4272985E9CC934B74D71FF55.bin
-rwxrwxrwx 1 mingyang mingyang 512 Oct 12 16:04 decrypted_69C4A7892F12FFC30F51712A3F000489.bin
-rwxrwxrwx 1 mingyang mingyang 178K Oct 12 16:04 decrypted_output.Wangwang0603.bin
-rwxrwxrwx 1 mingyang mingyang 4.0K Oct 12 16:04 decrypted_wallet_head.bin
-rwxrwxrwx 1 mingyang mingyang 512 Oct 12 16:04 reconstructed_from_qr.bin
-rwxrwxrwx 1 mingyang mingyang 1.0K Oct 12 16:04 reconstructed_from_qr_16parts.bin
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ cd ~/extracted_blocks
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ for f in *.bin; do
echo "> echo "=== $f ==="
> file "$f"
> ent "$f" | grep Entropy
> xxd -l 16 "$f"
> echo
> done
=== 737850c38fd0c2f80ee04daafac45658_lsb.bin ===
737850c38fd0c2f80ee04daafac45658_lsb.bin: data
Entropy = 7.583474 bits per byte.
00000000: 56d4 9c91 b6f6 271d 80e0 0aab f55b 5593 V.....'......[U.
=== base64_decoded.bin ===
base64_decoded.bin: data
Entropy = 7.978491 bits per byte.
00000000: 7a2d 508d bc76 c4ab 1c99 655e c77e c9a8 z-P..v....e^.~..
=== decrypted_4D75489A4272985E9CC934B74D71FF55.bin ===
decrypted_4D75489A4272985E9CC934B74D71FF55.bin: data
Entropy = 7.597696 bits per byte.
00000000: 4e35 f9f1 477d 12ee 60dc e2d6 251a 0b5c N5..G}..`...%..\
=== decrypted_69C4A7892F12FFC30F51712A3F000489.bin ===
decrypted_69C4A7892F12FFC30F51712A3F000489.bin: data
Entropy = 7.596058 bits per byte.
00000000: bcbd cd55 f7cc 3281 ecfd 4b11 9823 4711 ...U..2...K..#G.
=== decrypted_output.Wangwang0603.bin ===
decrypted_output.Wangwang0603.bin: data
Entropy = 7.999001 bits per byte.
00000000: 036c 3f83 4d33 8954 d2a9 52ef e910 2074 .l?.M3.T..R... t
=== decrypted_wallet_head.bin ===
decrypted_wallet_head.bin: data
Entropy = 7.956883 bits per byte.
00000000: f67f 0f2c cb11 e324 43a3 0779 c2d0 1f7d ...,...$C..y...}
=== reconstructed_from_qr.bin ===
reconstructed_from_qr.bin: data
Entropy = 7.421457 bits per byte.
00000000: 71d1 ea62 591a 0e1b cad1 0895 7ab2 c1da q..bY.......z...
=== reconstructed_from_qr_16parts.bin ===
reconstructed_from_qr_16parts.bin: data
Entropy = 7.421457 bits per byte.
00000000: 71d1 ea62 591a 0e1b cad1 0895 7ab2 c1da q..bY.......z...
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ for f in *.bin; do
> echo "=== $f ==="
> xxd -l 32 "$f"
> done
=== 737850c38fd0c2f80ee04daafac45658_lsb.bin ===
00000000: 56d4 9c91 b6f6 271d 80e0 0aab f55b 5593 V.....'......[U.
00000010: 8d89 3a30 1c1e a719 b1cd 0f1e 3937 5f8b ..:0........97_.
=== base64_decoded.bin ===
00000000: 7a2d 508d bc76 c4ab 1c99 655e c77e c9a8 z-P..v....e^.~..
00000010: 2b17 db87 9fbb e986 b6cb d01d 9c64 c0d5 +............d..
=== decrypted_4D75489A4272985E9CC934B74D71FF55.bin ===
00000000: 4e35 f9f1 477d 12ee 60dc e2d6 251a 0b5c N5..G}..`...%..\
00000010: 872a 68ba 040e 2949 45ba dc1b a54c db61 .*h...)IE....L.a
=== decrypted_69C4A7892F12FFC30F51712A3F000489.bin ===
00000000: bcbd cd55 f7cc 3281 ecfd 4b11 9823 4711 ...U..2...K..#G.
00000010: 14bb 51ed 123d d604 7a9e 7dbd 89b6 ad3d ..Q..=..z.}....=
=== decrypted_output.Wangwang0603.bin ===
00000000: 036c 3f83 4d33 8954 d2a9 52ef e910 2074 .l?.M3.T..R... t
00000010: bcb5 6e8f 0533 6893 fdd7 1767 d40f 5c59 ..n..3h....g..\Y
=== decrypted_wallet_head.bin ===
00000000: f67f 0f2c cb11 e324 43a3 0779 c2d0 1f7d ...,...$C..y...}
00000010: 6a4f 0837 18c5 0944 eb65 6399 a4de 5b03 jO.7...D.ec...[.
=== reconstructed_from_qr.bin ===
00000000: 71d1 ea62 591a 0e1b cad1 0895 7ab2 c1da q..bY.......z...
00000010: 6001 91fd f0de 7187 52ee 73c2 9923 47c7 `.....q.R.s..#G.
=== reconstructed_from_qr_16parts.bin ===
00000000: 71d1 ea62 591a 0e1b cad1 0895 7ab2 c1da q..bY.......z...
00000010: 6001 91fd f0de 7187 52ee 73c2 9923 47c7 `.....q.R.s..#G.
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ xxd -l 64 reconstructed_from_qr_16parts.bin
00000000: 71d1 ea62 591a 0e1b cad1 0895 7ab2 c1da q..bY.......z...
00000010: 6001 91fd f0de 7187 52ee 73c2 9923 47c7 `.....q.R.s..#G.
00000020: 149d 1152 bf95 80dd 487c 75da 9f1e 4370 ...R....H|u...Cp
00000030: e441 0cb3 a4da 9baf 27d1 fb43 9c51 a007 .A......'..C.Q..
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> from Cryptodome.Cipher import AES
>
> def try_key(key, label):
> data = open("/home/mingyang/extracted_blocks/737850c38fd0c2f80ee04daafac45658_lsb.bin","rb").read()
> iv, ciphertext, tag = data[:16], data[16:-16], data[-16:]
> try:
> cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
> plaintext = cipher.decrypt_and_verify(ciphertext, tag)
print(> print(f"✅ 成功 ({label}),前32字节明文:", plaintext[:32].hex())
except> except Exception as e:
> print(f"❌ {label}: {e}")
>
> # 载入 QR 重建文件
> qrdata = open("/home/mingyang/extracted_blocks/reconstructed_from_qr_16parts.bin", "rb").read()
>
长度尝试
try> # 三种长度尝试
> try_key(qrdata[:16], "AES-128 前16字节")
> try_key(qrdata[:24], "AES-192 前24字节")
> try_key(qrdata[:32], "AES-256 前32字节")
> EOF
❌ AES-128 前16字节: MAC check failed
❌ AES-192 前24字节: MAC check failed
❌ AES-256 前32字节: MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> from Cryptodome.Cipher import AES
>
> def test_key(hexkey, label):
> key = bytes.fromhex(hexkey)
> data = open("/home/mingyang/extracted_blocks/737850c38fd0c2f80ee04daafac45658_lsb.bin","rb").read()
> iv, ciphertext, tag = data[:16], data[16:-16], data[-16:]
> try:
> cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
> plaintext = cipher.decrypt_and_verify(ciphertext, tag)
> print(f"✅ {label} 解密成功,前32字节明文:", plaintext[:32].hex())
> except Exception as e:
> print(f"❌ {label}: {e}")
>
> test_key("4D75489A4272985E9CC934B74D71FF55", "Key_4D75...")
> test_key("69C4A7892F12FFC30F51712A3F000489", "Key_69C4...")
EOF
> EOF
❌ Key_4D75...: MAC check failed
❌ Key_69C4...: MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
rom Cry> from Cryptodome.Cipher import AES
>
ef self_> def self_test(fname):
> data = open(fname,"rb").read()
> if len(data) < 32:
> print(f"{fname}: 太短,无法检测")
> return
iv, ci> iv, ciphertext, tag = data[:16], data[16:-16], data[-16:]
> # 从文件名提取潜在 key
> hexkey = fname.split("_")[1].split(".")[0]
> key = bytes.fromhex(hexkey)
> try:
> cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
> plain = cipher.decrypt_and_verify(ciphertext, tag)
> print(f"✅ {fname} 自解密成功, 前32字节:", plain[:32].hex())
cept Ex> except Exception as e:
p> print(f"❌ {fname} 自解密失败:", e)
>
> self_test("/home/mingyang/extracted_blocks/decrypted_4D75489A4272985E9CC934B74D71FF55.bin")
> self_test("/home/mingyang/extracted_blocks/decrypted_69C4A7892F12FFC30F51712A3F000489.bin")
> EOF
Traceback (most recent call last):
File "<stdin>", line 19, in <module>
File "<stdin>", line 11, in self_test
ValueError: non-hexadecimal number found in fromhex() arg at position 1
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> import os
> from Cryptodome.Cipher import AES
>
> def self_test(fname):
> data = open(fname,"rb").read()
if len(> if len(data) < 32:
> print(f"{fname}: 太短,无法检测")
> return
> iv, ciphertext, tag = data[:16], data[16:-16], data[-16:]
> # 取纯文件名,再提取 key
> basename = os.path.basename(fname)
> hexkey = basename.replace("decrypted_", "").split(".")[0]
> key = bytes.fromhex(hexkey)
> try:
> cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
plain > plain = cipher.decrypt_and_verify(ciphertext, tag)
> print(f"✅ {basename} 自解密成功, 前32字节:", plain[:32].hex())
cept Ex> except Exception as e:
> print(f"❌ {basename} 自解密失败:", e)
>
st("/h> self_test("/home/mingyang/extracted_blocks/decrypted_4D75489A4272985E9CC934B74D71FF55.bin")
> self_test("/home/mingyang/extracted_blocks/decrypted_69C4A7892F12FFC30F51712A3F000489.bin")
> EOF
❌ decrypted_4D75489A4272985E9CC934B74D71FF55.bin 自解密失败: MAC check failed
❌ decrypted_69C4A7892F12FFC30F51712A3F000489.bin 自解密失败: MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> from Cryptodome.Cipher import AES
>
> def test_cross(key_hex, target_file, label):
y = byte> key = bytes.fromhex(key_hex)
> data = open(target_file, "rb").read()
> iv, ciphertext, tag = data[:16], data[16:-16], data[-16:]
> try:
> cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
> plain = cipher.decrypt_and_verify(ciphertext, tag)
p> print(f"✅ {label} 解密成功 -> {target_file}")
> print("前32字节明文:", plain[:32].hex())
> except Exception as e:
> print(f"❌ {label} 解密失败 -> {target_file}: {e}")
>
> # 互相解密
> test_cross("69C4A7892F12FFC30F51712A3F000489",
> "/home/mingyang/extracted_blocks/decrypted_4D75489A4272985E9CC934B74D71FF55.bin",
> "Key_69C4...")
test_cr>
> test_cross("4D75489A4272985E9CC934B74D71FF55",
"> "/home/mingyang/extracted_blocks/decrypted_69C4A7892F12FFC30F51712A3F000489.bin",
> "Key_4D75...")
> EOF
❌ Key_69C4... 解密失败 -> /home/mingyang/extracted_blocks/decrypted_4D75489A4272985E9CC934B74D71FF55.bin: MAC check failed
❌ Key_4D75... 解密失败 -> /home/mingyang/extracted_blocks/decrypted_69C4A7892F12FFC30F51712A3F000489.bin: MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> from Cryptodome.Cipher import AES
>
> def test_cross(key_hex, target_file, label):
> key = bytes.fromhex(key_hex)
> data = open(target_file, "rb").read()
> iv, ciphertext, tag = data[:16], data[16:-16], data[-16:]
> try:
> cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
> plain = cipher.decrypt_and_verify(ciphertext, tag)
> print(f"✅ {label} 解密成功 -> {target_file}")
print> print("前32字节明文:", plain[:32].hex())
> except Exception as e:
prin> print(f"❌ {label} 解密失败 -> {target_file}: {e}")
>
> # 互相解密
> test_cross("4D75489A4272985E9CC934B74D71FF55",
> "/home/mingyang/extracted_blocks/decrypted_4D75489A4272985E9CC934B74D71FF55.bin",
> "Key_69C4...")
test_cr>
> test_cross("69C4A7892F12FFC30F51712A3F000489",
> "/home/mingyang/extracted_blocks/decrypted_69C4A7892F12FFC30F51712A3F000489.bin",
> "Key_4D75...")
OF> EOF
❌ Key_69C4... 解密失败 -> /home/mingyang/extracted_blocks/decrypted_4D75489A4272985E9CC934B74D71FF55.bin: MAC check failed
❌ Key_4D75... 解密失败 -> /home/mingyang/extracted_blocks/decrypted_69C4A7892F12FFC30F51712A3F000489.bin: MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ ls -lh --full-time ~/extracted_blocks
total 240K
-rwxrwxrwx 1 mingyang mingyang 29K 2025-10-12 16:04:10.416402600 +0200 737850c38fd0c2f80ee04daafac45658_lsb.bin
-rwxrwxrwx 1 mingyang mingyang 7.5K 2025-10-12 16:04:10.376402600 +0200 base64_decoded.bin
-rwxrwxrwx 1 mingyang mingyang 512 2025-10-12 16:04:10.566402600 +0200 decrypted_4D75489A4272985E9CC934B74D71FF55.bin
-rwxrwxrwx 1 mingyang mingyang 512 2025-10-12 16:04:10.616402600 +0200 decrypted_69C4A7892F12FFC30F51712A3F000489.bin
-rwxrwxrwx 1 mingyang mingyang 178K 2025-10-12 16:04:10.686402600 +0200 decrypted_output.Wangwang0603.bin
-rwxrwxrwx 1 mingyang mingyang 4.0K 2025-10-12 16:04:10.746402600 +0200 decrypted_wallet_head.bin
-rwxrwxrwx 1 mingyang mingyang 512 2025-10-12 16:04:10.936402600 +0200 reconstructed_from_qr.bin
-rwxrwxrwx 1 mingyang mingyang 1.0K 2025-10-12 16:04:10.986402600 +0200 reconstructed_from_qr_16parts.bin
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ strings decrypted_wallet_head.bin | head -n 30
sx{6
3->P&S
OU(l
`QU"
o'(N
p3Ac
w9-I
c2vQ
{lSs\
TbJt
msF?q
)?6"
0q&p
@4~^$
cg4:
w#,b0k
W,bj
7{*3q
mexL\[#
2Yi0
7^2%8
A!sE
?kRnB
H:/jE
+mzo
D%tz<!
p`-*
Th%i]
nQndh(N
;)*g
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ grep -a -E "salt|nonce|iv|key|ver|date" decrypted_wallet_head.bin
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ xxd -l 16 decrypted_4D75489A4272985E9CC934B74D71FF55.bin
l 16 decrypted_69C4A700000000: 4e35 f9f1 477d 12ee 60dc e2d6 251a 0b5c N5..G}..`...%..\
892F12Fmingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ xxd -l 16 decrypted_69C4A7892F12FFC30F51712A3F000489.bin
d -l 16 decrypted_wallet_head.00000000: bcbd cd55 f7cc 3281 ecfd 4b11 9823 4711 ...U..2...K..#G.
bin
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ xxd -l 16 decrypted_wallet_head.bin
00000000: f67f 0f2c cb11 e324 43a3 0779 c2d0 1f7d ...,...$C..y...}
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ ent reconstructed_from_qr_16parts.bin
64 reconstructedEntropy = 7.421457 bits per byte.
Optimum compression would reduce the size
of this 1024 byte file by 7 percent.
Chi square distribution for 1024 samples is 706.00, and randomly
would exceed this value less than 0.01 percent of the times.
Arithmetic mean value of data bytes is 121.3477 (127.5 = random).
Monte Carlo value for Pi is 3.294117647 (error 4.86 percent).
Serial correlation coefficient is 0.048777 (totally uncorrelated = 0.0).
_from_mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ xxd -l 64 reconstructed_from_qr_16parts.bin
00000000: 71d1 ea62 591a 0e1b cad1 0895 7ab2 c1da q..bY.......z...
00000010: 6001 91fd f0de 7187 52ee 73c2 9923 47c7 `.....q.R.s..#G.
00000020: 149d 1152 bf95 80dd 487c 75da 9f1e 4370 ...R....H|u...Cp
00000030: e441 0cb3 a4da 9baf 27d1 fb43 9c51 a007 .A......'..C.Q..
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
mport ha> import hashlib, binascii
> data = open("/home/mingyang/extracted_blocks/reconstructed_from_qr_16parts.bin","rb").read()
"长度:"> print("长度:", len(data))
> # 取前 32/48/64 字节分别作为种子测试
> for l in (16, 24, 32):
> derived = hashlib.sha256(data[:l]).digest()
> print(f"Seed前{l}字节 -> SHA256:", binascii.hexlify(derived).decode())
> EOF
长度: 1024
Seed前16字节 -> SHA256: ba5eb42affc684fa829527a512af75c90c74266034e1dd15866d46646b62b18e
Seed前24字节 -> SHA256: f10bf1a24f9d9142d368df739a923dc1e1b3bbf6e61ad1efcf3eb8da23dbb367
Seed前32字节 -> SHA256: 95dd6c8a2ba746ddeef6146bf22964283e2f1bd5183a28cb5dd72681ce612a0b
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> from Cryptodome.Cipher import AES
> import hashlib, binascii, os
>
= open(> seed = open("/home/mingyang/extracted_blocks/reconstructed_from_qr_16parts.bin","rb").read()
> candidates = {
"SHA> "SHA256(seed[:16])": hashlib.sha256(seed[:16]).digest(),
> "SHA256(seed[:24])": hashlib.sha256(seed[:24]).digest(),
> "SHA256(seed[:32])": hashlib.sha256(seed[:32]).digest(),
> }
>
> targets = [f for f in os.listdir("/home/mingyang/extracted_blocks") if f.endswith(".bin")]
>
> for name, key in candidates.items():
> print(f"\n=== Testing key: {name} ===")
or f in > for f in targets:
path => path = f"/home/mingyang/extracted_blocks/{f}"
dat> data = open(path,"rb").read()
> if len(data) < 48:
> continue
iv,> iv, ciphertext, tag = data[:16], data[16:-16], data[-16:]
> try:
> cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
pl> plain = cipher.decrypt_and_verify(ciphertext, tag)
> print(f"✅ {f} 解密成功 (using {name}),前16字节:", plain[:16].hex())
> except Exception as e:
> if "MAC check failed" not in str(e):
> print(f"⚠️ {f}: {e}")
> EOF
=== Testing key: SHA256(seed[:16]) ===
=== Testing key: SHA256(seed[:24]) ===
=== Testing key: SHA256(seed[:32]) ===
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ mkdir -p candidates
seed_file in reconstructed_from_qr*.bin; do
for len in 16 24 32; do
head -c $len "$seed_filemingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ for seed_file in reconstructed_from_qr*.bin; do
> for len in 16 24 32; do
> head -c $len "$seed_file" > seed_part.bin
> openssl dgst -sha256 -binary seed_part.bin > key_candidate.bin
f> for target in *.bin; do
> python3 decrypt_test.py "$target" key_candidate.bin
> done
> done
> done
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
python3: can't open file '/home/mingyang/extracted_blocks/decrypt_test.py': [Errno 2] No such file or directory
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ import sys
Crypto.Cipher import AES
def try_decrypt(target_path, key):
with open(target_path, "rb") as f:
data = f.read()
if len(data) < 48: return False
iv, ct, tag = data[:16], data[16:-16], data[-16:]
try:
cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
plain = cipher.decrypt_and_verify(ct, tag)
print(f"✅ Success: {target_path}")
print("Plaintext:", plain[:32].hex())
return True
except Exception as e:
return False
if __name__ == "__main__":
target = sys.argv[1]
key = open(sys.argv[2], "rb").read()
try_decrypt(target, key)
Command 'import' not found, but can be installed with:
sudo apt install graphicsmagick-imagemagick-compat # version 1.4+really1.3.42-1, or
sudo apt install imagemagick-6.q16 # version 8:6.9.11.60+dfsg-1.6ubuntu1
sudo apt install imagemagick-6.q16hdri # version 8:6.9.11.60+dfsg-1.6ubuntu1
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ from Crypto.Cipher import AES
Command 'from' not found, but can be installed with:
sudo apt install mailutils
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ def try_decrypt(target_path, key):
-bash: syntax error near unexpected token `('
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ with open(target_path, "rb") as f:
-bash: syntax error near unexpected token `('
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ data = f.read()
-bash: syntax error near unexpected token `('
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ if len(data) < 48: return False
-bash: syntax error near unexpected token `data'
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ iv, ct, tag = data[:16], data[16:-16], data[-16:]
Command 'iv,' not found, did you mean:
command 'iv' from deb openimageio-tools (2.4.16.0+dfsg-1build1)
command 'iva' from deb iva (1.0.11+ds-4)
Try: sudo apt install <deb name>
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ try:
try:: command not found
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
-bash: syntax error near unexpected token `('
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ plain = cipher.decrypt_and_verify(ct, tag)
-bash: syntax error near unexpected token `('
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ print(f"✅ Success: {target_path}")
-bash: syntax error near unexpected token `f"✅ Success: {target_path}"'
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ print("Plaintext:", plain[:32].hex())
-bash: syntax error near unexpected token `"Plaintext:",'
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ return True
-bash: return: True: numeric argument required
-bash: return: can only `return' from a function or sourced script
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ except Exception as e:
except: command not found
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ return False
-bash: return: False: numeric argument required
-bash: return: can only `return' from a function or sourced script
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ if __name__ == "__main__":
> target = sys.argv[1]
> key = open(sys.argv[2], "rb").read()
-bash: syntax error near unexpected token `('
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ try_decrypt(target, key)
-bash: syntax error near unexpected token `target,'
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
mport sy> import sys
> from Crypto.Cipher import AES
>
> def try_decrypt(target_path, key):
> with open(target_path, "rb") as f:
data > data = f.read()
if len(> if len(data) < 48: return False
iv, ct> iv, ct, tag = data[:16], data[16:-16], data[-16:]
> try:
> cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
> plain = cipher.decrypt_and_verify(ct, tag)
> print(f"✅ Success: {target_path}")
> print("Plaintext:", plain[:32].hex())
> return True
> except Exception as e:
> return False
>
> if __name__ == "__main__":
> target = sys.argv[1]
> key = open(sys.argv[2], "rb").read()
> try_decrypt(target, key)
> EOF
Traceback (most recent call last):
File "<stdin>", line 2, in <module>
ModuleNotFoundError: No module named 'Crypto'
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> mkdir -p candidates
> for seed_file in reconstructed_from_qr*.bin; do
> for len in 16 24 32; do
head > head -c $len "$seed_file" > seed_part.bin
> openssl dgst -sha256 -binary seed_part.bin > key_candidate.bin
> for target in *.bin; do
> python3 decrypt_test.py "$target" key_candidate.bin
> done
> done
> done
OF> EOF
File "<stdin>", line 1
mkdir -p candidates
^^^^^^^^^^
SyntaxError: invalid syntax
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ xxd -l 256 reconstructed_from_qr_16parts.bin
00000000: 71d1 ea62 591a 0e1b cad1 0895 7ab2 c1da q..bY.......z...
00000010: 6001 91fd f0de 7187 52ee 73c2 9923 47c7 `.....q.R.s..#G.
00000020: 149d 1152 bf95 80dd 487c 75da 9f1e 4370 ...R....H|u...Cp
00000030: e441 0cb3 a4da 9baf 27d1 fb43 9c51 a007 .A......'..C.Q..
00000040: 71d1 ea62 591a 0e1b cad1 0895 7ab2 c1da q..bY.......z...
00000050: 0018 96f4 f0de 7187 99d6 3bc2 9923 479f ......q...;..#G.
00000060: d2dc 1352 bf95 40ef 466e 75da 9f1e d501 ...R..@.Fnu.....
00000070: 7441 0cb3 a46a 57b3 0303 4418 80af fbb4 tA...jW...D.....
00000080: 2703 545a 2273 ed80 a020 9c72 4a91 5495 '.TZ"s... .rJ.T.
00000090: c015 5b1b feaf 5f78 2917 9717 ad28 2dcc ..[..._x)....(-.
000000a0: d63a c00e c63f ee41 edfc 3e97 391a 678c .:...?.A..>.9.g.
000000b0: 316a 799d 9969 c65a 55c1 d215 d2c3 4f6e 1jy..i.ZU.....On
000000c0: 2703 545a 2273 ed80 a020 9c72 4a91 5495 '.TZ"s... .rJ.T.
000000d0: ee1f 35c1 1bd3 4863 330c 670f 6d22 6e70 ..5...Hc3.g.m"np
000000e0: f575 6d46 73ef 7a79 1f0f 4735 4a18 b390 .umFs.zy..G5J...
000000f0: 7b98 2a80 f0a1 5938 3091 1dc0 5025 a92b {.*...Y80...P%.+
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ strings -n 8 reconstructed_from_qr_16parts.bin
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
rom Cry> from Cryptodome.Cipher import AES
> import os
>
> key_seed = open("reconstructed_from_qr_16parts.bin", "rb").read()[:32]
> data = open("737850c38fd0c2f80ee04daafac45658_lsb.bin","rb").read()
>
1: IV> # 尝试 1: IV=12, Tag=16 (GCM 标准)
> # Key = 32字节,IV = data[:12], Tag = data[-16:]
> iv12, ciphertext1, tag16 = data[:12], data[12:-16], data[-16:]
>
> try:
pher = A> cipher = AES.new(key_seed, AES.MODE_GCM, nonce=iv12)
> plaintext = cipher.decrypt_and_verify(ciphertext1, tag16)
print(> print(f"✅ GCM (IV=12, Tag=16) 成功! 前32字节明文:", plaintext[:32].hex())
> except Exception as e:
> print(f"❌ GCM (IV=12, Tag=16) 失败: {e}")
>
> EOF
❌ GCM (IV=12, Tag=16) 失败: MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
rom Cry> from Cryptodome.Cipher import AES
>
> # 737850c38fd0c2f80ee04daafac45658_lsb.bin (L = 29K) 结构分析:
> # data = [IV 16B] + [Ciphertext L-32B] + [Tag 16B]
>
> # 提取 Key (QR 数据中的第一个 16 字节重复块)
> key_16 = bytes.fromhex("71d1ea62591a0e1bcad108957ab2c1da")
a = open> data = open("737850c38fd0c2f80ee04daafac45658_lsb.bin","rb").read()
> iv16, ciphertext, tag16 = data[:16], data[16:-16], data[-16:]
>
试用这个 16 > # 尝试用这个 16 字节 Key 和 16 字节 Nonce/IV 解密
> try:
> # 注意: GCM Nonce 理论上应为 12 字节,但我们首先测试 16 字节结构
ipher = > cipher = AES.new(key_16, AES.MODE_GCM, nonce=iv16)
> plaintext = cipher.decrypt_and_verify(ciphertext, tag16)
> print(f"✅ GCM (Key=QR头16B, IV=16, Tag=16) 成功! 前32字节明文:", plaintext[:32].hex())
> except Exception as e:
> print(f"❌ GCM (Key=QR头16B, IV=16, Tag=16) 失败: {e}")
> EOF
❌ GCM (Key=QR头16B, IV=16, Tag=16) 失败: MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ # 查看 decrypted_wallet_head.bin 的前 64 字节
l 64 decmingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ xxd -l 64 decrypted_wallet_head.bin
00000000: f67f 0f2c cb11 e324 43a3 0779 c2d0 1f7d ...,...$C..y...}
00000010: 6a4f 0837 18c5 0944 eb65 6399 a4de 5b03 jO.7...D.ec...[.
00000020: 0513 bb05 3e3c 768f dd8b 458c 4abd 5090 ....><v...E.J.P.
00000030: ea76 c1fb e80d a2a2 10aa 424d aa8e 245f .v........BM..$_
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> import hashlib
> from Cryptodome.Cipher import AES
>
> # Key / Salt 定义
> # Password (来自 QR 重复块 16B)
> password_hex = "71d1ea62591a0e1bcad108957ab2c1da"
> password = bytes.fromhex(password_hex)
>
> # Salt (来自加密文件 737850c3...lsb.bin 的前 16B IV)
> salt_hex = "56d49c91b6f6271d80e00aabf55b5593"
> salt = bytes.fromhex(salt_hex)
>
> # 加密数据
> data = open("737850c38fd0c2f80ee04daafac45658_lsb.bin","rb").read()
> iv16, ciphertext, tag16 = data[:16], data[16:-16], data[-16:]
>
> # 派生 Key
> # 尝试 1000 次迭代 (常见值)
> derived_key = hashlib.pbkdf2_hmac('sha256', password, salt, 1000, dklen=32)
>
> print("Derived Key (PBKDF2, Iter=1000):", derived_key.hex())
解密尝试 (使>
> # 解密尝试 (使用派生出的 Key)
> try:
> # 再次尝试 16B Nonce/IV 和 16B Tag
> cipher = AES.new(derived_key, AES.MODE_GCM, nonce=iv16)
> plaintext = cipher.decrypt_and_verify(ciphertext, tag16)
> print(f"✅ 解密成功! Key: PBKDF2(QR头16B, IV), 前32字节明文:", plaintext[:32].hex())
> except Exception as e:
prin> print(f"❌ 解密失败 (PBKDF2): {e}")
> EOF
Derived Key (PBKDF2, Iter=1000): 92ab5329cf9da52b141a20db5b019b1473a341fd73f0faa09c5fec6fcb84b91d
❌ 解密失败 (PBKDF2): MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> import hashlib
> from Cryptodome.Cipher import AES
>
> # Key / Salt 定义
> password = bytes.fromhex("71d1ea62591a0e1bcad108957ab2c1da")
> salt = bytes.fromhex("56d49c91b6f6271d80e00aabf55b5593")
> data = open("737850c38fd0c2f80ee04daafac45658_lsb.bin","rb").read()
> iv16, ciphertext, tag16 = data[:16], data[16:-16], data[-16:]
>
派生 Key> # 派生 Key (Iter=10000)
> derived_key = hashlib.pbkdf2_hmac('sha256', password, salt, 10000, dklen=32)
> print("Derived Key (PBKDF2, Iter=10000):", derived_key.hex())
>
尝试
try:> # 解密尝试
> try:
her = A> cipher = AES.new(derived_key, AES.MODE_GCM, nonce=iv16)
> plaintext = cipher.decrypt_and_verify(ciphertext, tag16)
> print(f"✅ 解密成功! Key: PBKDF2(Iter=10000), 前32字节明文:", plaintext[:32].hex())
except E> except Exception as e:
> print(f"❌ 解密失败 (PBKDF2, Iter=10000): {e}")
> EOF
Derived Key (PBKDF2, Iter=10000): 31709ef5543f7fa2909a9544f1fd4a5eb9891389e4451f0e0d8c0e30765875bd
❌ 解密失败 (PBKDF2, Iter=10000): MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> import hashlib
> from Cryptodome.Cipher import AES
>
> # Key / Salt 定义
> password = bytes.fromhex("71d1ea62591a0e1bcad108957ab2c1da")
> salt = bytes.fromhex("56d49c91b6f6271d80e00aabf55b5593")
> data = open("737850c38fd0c2f80ee04daafac45658_lsb.bin","rb").read()
> iv16, ciphertext, tag16 = data[:16], data[16:-16], data[-16:]
>
> # 派生 Key (Iter=100000)
> derived_key = hashlib.pbkdf2_hmac('sha256', password, salt, 100000, dklen=32)
> print("Derived Key (PBKDF2, Iter=100000):", derived_key.hex())
解密尝试
tr>
> # 解密尝试
> try:
> cipher = AES.new(derived_key, AES.MODE_GCM, nonce=iv16)
> plaintext = cipher.decrypt_and_verify(ciphertext, tag16)
> print(f"✅ 解密成功! Key: PBKDF2(Iter=100000), 前32字节明文:", plaintext[:32].hex())
pt Exce> except Exception as e:
> print(f"❌ 解密失败 (PBKDF2, Iter=100000): {e}")
> EOF
Derived Key (PBKDF2, Iter=100000): 67def8a4729bf29086eba9602758a4336ba84e74b554e87af1170414a5a68931
❌ 解密失败 (PBKDF2, Iter=100000): MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
> import hashlib
> from Cryptodome.Cipher import AES
>
> # Key / Salt 定义
> # New Password (来自 QR 数据中的第二个 16 字节块 0x10-0x1F)
> password = bytes.fromhex("600191fdf0de718752ee73c2992347c7")
>
> # Salt (来自加密文件 737850c3...lsb.bin 的前 16B IV)
> salt = bytes.fromhex("56d49c91b6f6271d80e00aabf55b5593")
> data = open("737850c38fd0c2f80ee04daafac45658_lsb.bin","rb").read()
>
> # 尝试 1: Nonce=16B, Tag=16B
> iv16, ciphertext, tag16 = data[:16], data[16:-16], data[-16:]
>
派生 Key > # 派生 Key (Iter=10000)
derived_> derived_key = hashlib.pbkdf2_hmac('sha256', password, salt, 10000, dklen=32)
> print("Derived Key (PBKDF2, Iter=10000, New PW):", derived_key.hex())
解密尝试 (尝>
> # 解密尝试 (尝试 1)
> try:
cipher => cipher = AES.new(derived_key, AES.MODE_GCM, nonce=iv16)
> plaintext = cipher.decrypt_and_verify(ciphertext, tag16)
> print(f"✅ 解密成功! Key: PBKDF2(New PW), 前32字节明文:", plaintext[:32].hex())
> except Exception as e:
int(f"> print(f"❌ 解密失败 (PBKDF2, New PW, IV=16): {e}")
>
Nonce> # 尝试 2: Nonce=12B (GCM 标准), Tag=16B (如果头部 16B 包含 4B 头部和 12B Nonce)
里我们假设 N> # 这里我们假设 Nonce 是 IV16 的前 12 字节
> iv12 = iv16[:12]
ext2 = d> ciphertext2 = data[12:-16] # Ciphertext 从 12B 处开始
>
(尝试 2)> # 解密尝试 (尝试 2)
> try:
> cipher = AES.new(derived_key, AES.MODE_GCM, nonce=iv12)
> plaintext = cipher.decrypt_and_verify(ciphertext2, tag16)
print(> print(f"✅ 解密成功! Key: PBKDF2(New PW), 前32字节明文:", plaintext[:32].hex())
ept Exc> except Exception as e:
print(> print(f"❌ 解密失败 (PBKDF2, New PW, IV=12): {e}")
F>
> EOF
Derived Key (PBKDF2, Iter=10000, New PW): 9dbe3df47889e49aedbc306ddf0d012c7837c0f8df2c66ca01fa4095e687a46a
❌ 解密失败 (PBKDF2, New PW, IV=16): MAC check failed
❌ 解密失败 (PBKDF2, New PW, IV=12): MAC check failed
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ hexkey = os.path.basename(fname).replace("decrypted_", "").split(".")[0]
-bash: syntax error near unexpected token `('
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ python3 - <<'EOF'
>
> hexkey = os.path.basename(fname).replace("decrypted_", "").split(".")[0]
EOF>
>
>
> EOF
Traceback (most recent call last):
File "<stdin>", line 2, in <module>
NameError: name 'os' is not defined. Did you forget to import 'os'?
mingyang@WIN-I34U7AC4ARK:~/extracted_blocks$ import os
xtract_key_from_filename(fname):
hexkey = os.path.basename(fname).replace("decrypted_", "").split(".")[0]
return hexkey
# 测试
file_path = "/home/mingyang/extracted_blocks/decrypted_4D75489A4272985E9CC934B74D71FF55.bin"
print(extract_key_from_filename(file_path)) # 输出: 4D75489A4272985E9CC934B74D71FF55
Command 'import' not found, but can be installed with:
sudo apt install graphicsmagick-imagemagick-compat # version 1.4+really1.3.42-1, or
sudo apt install imagemagick-6.q16 # version 8:6.9.11.60+dfsg-1.6ubuntu1
sudo apt install imagemagick-6.q16hdri # version 8:6.9.11.60+dfsg-1.6ubuntu1
最新发布
扫一扫
4251
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
