|
|
from Crypto.Cipher import AES |
|
|
from Crypto.Protocol.KDF import PBKDF2 |
|
|
import os |
|
|
import tempfile |
|
|
from dotenv import load_dotenv |
|
|
|
|
|
load_dotenv() |
|
|
|
|
|
def unpad(data): |
|
|
return data[:-data[-1]] |
|
|
|
|
|
def decrypt_and_run(): |
|
|
|
|
|
password = os.getenv("PASSWORD") |
|
|
if not password: |
|
|
raise ValueError("PASSWORD secret not found in environment variables") |
|
|
|
|
|
password = password.encode() |
|
|
|
|
|
with open("code.enc", "rb") as f: |
|
|
encrypted = f.read() |
|
|
|
|
|
salt = encrypted[:16] |
|
|
iv = encrypted[16:32] |
|
|
ciphertext = encrypted[32:] |
|
|
|
|
|
key = PBKDF2(password, salt, dkLen=32, count=1000000) |
|
|
cipher = AES.new(key, AES.MODE_CBC, iv) |
|
|
|
|
|
plaintext = unpad(cipher.decrypt(ciphertext)) |
|
|
|
|
|
with tempfile.NamedTemporaryFile(suffix=".py", delete=False, mode='wb') as tmp: |
|
|
tmp.write(plaintext) |
|
|
tmp.flush() |
|
|
print(f"[INFO] Running decrypted code from {tmp.name}") |
|
|
os.system(f"python {tmp.name}") |
|
|
|
|
|
if __name__ == "__main__": |
|
|
decrypt_and_run() |
|
|
|
|
|
|
|
|
|
