Skip to main content
Sign in

Content Protection - Samsung LYNK - Decrypting Key.xml

Dwaine Webb
  • Updated

Table of Contents

  1. Summary
  2. Git Bash Decryption Process
  3. PowerShell Decryption Process

 

Summary

Example processes are provided below using PowerShell and GitBash to decrypt key.xml, but you can devise whatever method works best for your organization using these concepts. 

 

What you will need before you begin:

  1. Common Tools for AES / File Inspection / Crypto (macOS, Linux, Windows)
    • Platform Crypto Tools Hex Tools Base64 Tools
      Linux OpenSSL, dd xxd, hexdump base64
      macOS OpenSSL, dd xxd base64
      Windows (Git Bash) OpenSSL xxd base64
      Windows (PowerShell) OpenSSL Format-Hex certutil
      WSL Same as Linux Same as Linux Same as Linux
  2. The AES‑256‑CBC encrypted file named key.xml
  3. The Base64‑encoded AES‑256 Samsung LYNK key from Swank
    • Note: The first 16 bytes of key.xml are the IV (Initialization Vector)

 

Git Bash Decryption Process

STEP 1 — Convert your Base64 key → Hex

Note: you need to put in the path to your key.xml where it states YOURBASE64KEY.

echo "<YOURBASE64KEY>" | base64 -d | xxd -p -c 256

Save this hex key. You’ll need it later.

STEP 2 — Extract the IV (first 16 bytes)

Note: If you are not working from the path your key.xml resides, you would need to include a path.

dd if=key.xml of=iv.bin bs=1 count=16

Convert IV to hex:

xxd -p iv.bin

Save the converted IV output from this command. You’ll need it later.

 

STEP 3 — Extract the encrypted payload

Remove the IV from the input file so OpenSSL decrypts only the ciphertext:

dd if=key.xml of=encrypted.bin bs=1 skip=16

You now have:

  • The encrypted XML: encrypted.bin
  • The IV: Saved from Step 2
  • The hex AES‑256 key: Saved from Step 1

 STEP 4 — Decrypt using OpenSSL (AES‑256‑CBC)

Replace <HEX_KEY> with your 64‑character hex key.\ Replace <HEX_IV> with your 32‑character hex IV.

openssl aes-256-cbc -d \
  -in encrypted.bin \
  -out keydecrypted.xml \
  -K <HEXKEY> \
  -iv <HEX_IV>

Your decrypted XML file should now be in the keydecrypted.xml file.

 

PowerShell Decryption Process

Note: PowerShell requires OpenSSL to be installed. You can download prebuilt binaries from other third-party sources.

STEP 1 — Convert your Base64 key → Hex

Note: You will need to put in the path to your key.xml where it states YOURBASE64KEY.

$hexKey = [System.BitConverter]::ToString([System.Convert]::FromBase64String("YOURBASE64KEY")).Replace("-", "")

 

STEP 2 — Extract the IV (first 16 bytes)

Note: You will need to put in the path to your key.xml where it states YOURPATH on the first line.

$bytes   = [System.IO.File]::ReadAllBytes("YOURPATH/key.xml")
$ivBytes = $bytes[0..15]
$cipher  = $bytes[16..($bytes.Length-1)]
[IO.File]::WriteAllBytes("iv.bin", $ivBytes)
[IO.File]::WriteAllBytes("encrypted.bin", $cipher)
$hexIV = ([System.BitConverter]::ToString($ivBytes)).Replace("-", "")

You now have:

  • The encrypted XML: encrypted.bin
  • The IV: $hexIV
  • The hex AES‑256 key: $hexKey

 

 STEP 3 — Decrypt using OpenSSL (AES‑256‑CBC)

Note: You may need to alter your path to openssl.exe

& "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" aes-256-cbc -d -in encrypted.bin -out key_decryptedPS.xml -K $hexKey -iv $hexIV

Your decrypted XML file should now be in the keydecrypted.xml file.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk