Skip to content

Instantly share code, notes, and snippets.

@usualsuspect

usualsuspect/secure.py

Created December 10, 2025 14:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save usualsuspect/7d630ddc0d16d4c86847489ed3a4ea1d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save usualsuspect/7d630ddc0d16d4c86847489ed3a4ea1d to your computer and use it in GitHub Desktop.
Download ZIP
Pure Python implementation of SecureStringToBSTR
Raw
secure.py
#!/usr/bin/env python3
#
# Pure Python code for PowerShell's SecureStringToBSTR API
#
# @jaydinbas
#
import base64
import binascii
import hashlib
# or Crypto.xxx depending on your system
from Cryptodome.Cipher import AES
from Cryptodome.Util.Padding import unpad
def secure_string_decrypt(key,data):
_ = data[:32] # not sure, some MD5 probably
data = data[32:]
data = base64.b64decode(data).decode("utf16")
(_,iv,ct) = data.split("|")
ct = binascii.unhexlify(ct)
iv = base64.b64decode(iv)
cipher = AES.new(key=key,iv=iv,mode=AES.MODE_CBC)
plain = unpad(cipher.decrypt(ct),16)
return plain.decode("utf16")
# test vectors from
# https://eddiejackson.net/wp/?p=28189
key = bytes([2,3,1,4,54,32,144,23,5,3,1,41,36,31,18,175,6,17,1,9,5,1,76,23])
data = "76492d1116743f0423413b16050a5345MgB8AFoAQgByAHQAWABEAEQAZQBpAFgATgBiAGIAbwBzAEIAZQBKAEIARgBNAHcAPQA9AHwAOABjADMANABmADUAYgA3ADQAZAA1ADMANQA1AGEAMAA3ADgAMwA5AGEAOQBiAGUANwAzADAAYQBmADkAOQA1ADYANAA5ADcAYQA2ADUANwA4AGEANwAwADQANgA4ADEAYgAzADQAMQAyADYAZgA0ADkAMgAyADEAYwAwADAANAA="
print(secure_string_decrypt(key,data))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment