#!/usr/bin/env python3 """ Analysis of Provided Credentials - Already Decrypted """ # These are the DECRYPTED credentials you provided import base64 provided_creds = { "prod.authorizationUsername": "ef7475ef70b44f4687158fbbb9ff3f47", "prod.authorizationPassword": "|HXY2).6", "prod.cryptoAuthorizationUsername": "000b94d6601f4c96ba75d8443317a2a9", "prod.cryptoAuthorizationPassword": "xyA}FWoD", "prod.puroAuthorizationUsername": "PuroMobile", "prod.puroAuthorizationPassword": "NswWuF*M2bcC3yWE", "prod.SERVICES_AUTH_ACCOUNT": "4ZmJiYjlmZjNmNDc6fEhYWTIpLjY=", "prod.SERVICES_AUTH_CREDIT_CARD": "VkODQ0MzMxN2EyYTk6eHlBfUZXb0Q=", "prod.SALES_FORCE_CLIENT_ID": "r.zmx.55Fn5fLJCaKtvP64og9Sja8zS4ovIAOdxgNkOdT", "prod.SALES_FORCE_CLIENT_SECRET": "C5E4D2E6EAE201C1ED6011D8AA740933150", "prod.android.TRACKING_API_KEY": "okpCK3fFSk645Ev3", "prod.android.AUTH": "c3dXdUYqTTJiY0MzeVdF", "ios_prod.sk": "IqfcCsisVUTKG38fQyyrtnf7gatCJZt4ND6yjKsgiuQ=", "ios_prod.sacs": "Qz3eLKq2ysuvGg5GxkWrnE2kbhyrg4fQPKBiCP/R+HykjakGLXK91cgLPe7CswOicz0LtChFaojfcFI1kbSD3dElw6JeCq8v5nHbmGVsogFvEe4Mou4Kf/aBoFI=", "ios_prod.eaapak": "ysEPt4+IQ/+31NoXFi7QSizAJBB+zIIyJu92vTKoITkl1GD4", "ios_prod.psi": "HzNbnhY8VAoHDrIFt5HcFvtg=", "ios_prod.tau": "1R1T63GMfKwLB7UuG7QHyS1FFov3YI7LxIJPptrUIOkevpQqY/GubiNrZue9QtW/PUAUOoyEThukZTYlLl1Uqm+eqbI/GgbPPyBIql9z", "ios_prod.tapxak": "B1wlJa0ZpmNrTDY2qhO+ObofUknpC/tvz+otc4nOw6aueAH4JQ==", } print("=" * 80) print("CREDENTIAL ANALYSIS - ALREADY DECRYPTED VALUES") print("=" * 80) print() print("🔴 CRITICAL: These credentials are ALREADY DECRYPTED (plaintext)") print() print("This means an attacker already extracted them from your app!") print("=" * 80) print() # Mapping from code to your credentials mapping = { "TNUOCCA (ACCOUNT)": { "username": "prod.authorizationUsername", "password": "prod.authorizationPassword", "base64": "prod.SERVICES_AUTH_ACCOUNT", "value_username": provided_creds["prod.authorizationUsername"], "value_password": provided_creds["prod.authorizationPassword"], }, "DRAC_TIDERC (CREDIT_CARD)": { "username": "prod.cryptoAuthorizationUsername", "password": "prod.cryptoAuthorizationPassword", "base64": "prod.SERVICES_AUTH_CREDIT_CARD", "value_username": provided_creds["prod.cryptoAuthorizationUsername"], "value_password": provided_creds["prod.cryptoAuthorizationPassword"], }, "P_HTUA (AUTH_P) / P_RAEB (BEAR_P)": { "username": "prod.puroAuthorizationUsername", "password": "prod.puroAuthorizationPassword", "android_auth": "prod.android.AUTH", "value_username": provided_creds["prod.puroAuthorizationUsername"], "value_password": provided_creds["prod.puroAuthorizationPassword"], }, "DI_SELAS / TERCES_SELAS (SALES)": { "client_id": "prod.SALES_FORCE_CLIENT_ID", "client_secret": "prod.SALES_FORCE_CLIENT_SECRET", "value_client_id": provided_creds["prod.SALES_FORCE_CLIENT_ID"], "value_client_secret": provided_creds["prod.SALES_FORCE_CLIENT_SECRET"], }, "P_KCART (TRACK_P) - TRACKING API": { "tracking_key": "prod.android.TRACKING_API_KEY", "value": provided_creds["prod.android.TRACKING_API_KEY"], } } print("📋 CREDENTIAL BREAKDOWN:") print() for category, data in mapping.items(): print(f"[{category}]") for key, value in data.items(): if key.startswith("value"): print(f" ✓ {key}: {value}") print() print("=" * 80) print("🔍 VERIFICATION - Base64 Decoded Values:") print("=" * 80) print() # Decode the base64 auth strings try: account_auth = base64.b64decode( provided_creds["prod.SERVICES_AUTH_ACCOUNT"]).decode('utf-8') print(f"SERVICES_AUTH_ACCOUNT decoded: {account_auth}") print( f" Expected: {provided_creds['prod.authorizationUsername']}:{provided_creds['prod.authorizationPassword']}") print( f" Match: {account_auth == f'{provided_creds['prod.authorizationUsername']}:{provided_creds['prod.authorizationPassword']}'}") print() except Exception as e: print(f"Error decoding SERVICES_AUTH_ACCOUNT: {e}") print() try: crypto_auth = base64.b64decode( provided_creds["prod.SERVICES_AUTH_CREDIT_CARD"]).decode('utf-8') print(f"SERVICES_AUTH_CREDIT_CARD decoded: {crypto_auth}") print( f" Expected: {provided_creds['prod.cryptoAuthorizationUsername']}:{provided_creds['prod.cryptoAuthorizationPassword']}") print( f" Match: {crypto_auth == f'{provided_creds['prod.cryptoAuthorizationUsername']}:{provided_creds['prod.cryptoAuthorizationPassword']}'}") print() except Exception as e: print(f"Error decoding SERVICES_AUTH_CREDIT_CARD: {e}") print() try: android_auth = base64.b64decode( provided_creds["prod.android.AUTH"]).decode('utf-8') print(f"android.AUTH decoded: {android_auth}") print(f" Expected: {provided_creds['prod.puroAuthorizationPassword']}") print( f" Match: {android_auth == provided_creds['prod.puroAuthorizationPassword']}") print() except Exception as e: print(f"Error decoding android.AUTH: {e}") print() print("=" * 80) print("🚨 WHAT THIS MEANS:") print("=" * 80) print() print("1. ✅ YES - These credentials are real and already decrypted") print("2. ⚠️ Someone (you or an attacker) already extracted them from your app") print("3. 🔓 These are the ACTUAL credentials used by your app in production") print("4. 🎯 The TRACKING_API_KEY is: okpCK3fFSk645Ev3") print() print("=" * 80) print("🎯 TRACKING API CREDENTIAL (The one you asked about):") print("=" * 80) print() print(f" Key: {provided_creds['prod.android.TRACKING_API_KEY']}") print() print("This is the plaintext tracking API key that attackers can use to:") print(" • Make unauthorized tracking API calls") print(" • Track any shipment without authentication") print(" • Abuse your API quota") print(" • Access shipment data") print() print("=" * 80) print("⚠️ IMMEDIATE ACTIONS REQUIRED:") print("=" * 80) print() print("1. 🔴 ROTATE ALL THESE CREDENTIALS IMMEDIATELY") print(" - Tracking API key: okpCK3fFSk645Ev3") print(" - Account credentials") print(" - Crypto credentials") print(" - Puro Mobile credentials") print(" - Salesforce client ID/secret") print() print("2. 🔴 Check your API logs for unauthorized access") print(" - Look for requests using these credentials") print(" - Check for unusual traffic patterns") print(" - Identify if anyone has been abusing your APIs") print() print("3. 🔴 Implement proper security (backend proxy)") print(" - Never put credentials in mobile apps again") print(" - Use server-side authentication") print(" - Issue short-lived tokens") print() print("=" * 80) print("❓ HOW TO USE THESE WITH THE DECRYPTION SCRIPT:") print("=" * 80) print() print("You DON'T need the decryption script anymore!") print("These are already the final decrypted values.") print() print("The encryption/decryption was just obfuscation - it didn't protect anything.") print("Anyone with basic reverse engineering skills can extract these.") print()