EuskadiTech/TeleSec
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: EuskadiTech:v2026.03.5
Branches Tags
EuskadiTech:main EuskadiTech:revert-18-copilot/add-cajas-module EuskadiTech:copilot/refactor-db-connection-choice
EuskadiTech:v2026.03.10 EuskadiTech:v2026.03.9 EuskadiTech:v2026.03.8 EuskadiTech:v2026.03.7 EuskadiTech:v2026.03.6 EuskadiTech:v2026.03.5 EuskadiTech:v2026.03.4 EuskadiTech:v2026.03.3 EuskadiTech:v2026.03.2 EuskadiTech:v2026.03.1 EuskadiTech:v2026.03 EuskadiTech:v2025-07-31_2 EuskadiTech:v2025-07-31_1 EuskadiTech:v2025-07-30_3 EuskadiTech:v2025-07-15_1 EuskadiTech:v2025-07-13_1 EuskadiTech:2025-07-13_1 EuskadiTech:v2025-06-28_2 EuskadiTech:v2025-06-28_1
...
compare: EuskadiTech:v2026.03.8
Branches Tags
EuskadiTech:main EuskadiTech:revert-18-copilot/add-cajas-module EuskadiTech:copilot/refactor-db-connection-choice
EuskadiTech:v2026.03.10 EuskadiTech:v2026.03.9 EuskadiTech:v2026.03.8 EuskadiTech:v2026.03.7 EuskadiTech:v2026.03.6 EuskadiTech:v2026.03.5 EuskadiTech:v2026.03.4 EuskadiTech:v2026.03.3 EuskadiTech:v2026.03.2 EuskadiTech:v2026.03.1 EuskadiTech:v2026.03 EuskadiTech:v2025-07-31_2 EuskadiTech:v2025-07-31_1 EuskadiTech:v2025-07-30_3 EuskadiTech:v2025-07-15_1 EuskadiTech:v2025-07-13_1 EuskadiTech:2025-07-13_1 EuskadiTech:v2025-06-28_2 EuskadiTech:v2025-06-28_1

5 Commits
v2026.03.5 ... v2026.03.8

Author SHA1 Message Date
Naiel
98c6ba39f3 fix 2026-03-03 11:20:57 +01:00
Naiel
03f52c8a92 fix 2026-03-03 11:06:30 +01:00
Naiel
f655a736b3 fix 2026-03-03 10:59:02 +01:00
Naiel
89a68f27da fix 2026-03-03 10:50:05 +01:00
Naiel
4d322e5696 fix 2026-03-03 10:36:42 +01:00
3 changed files with 44 additions and 82 deletions
Expand all files Collapse all files

58
python_sdk/telesec_couchdb.py
View File

@@ -76,52 +76,32 @@ def ts_encrypt(input_value: Any, secret: str) -> str:
return f"RSA{{{b64}}}"
def ts_decrypt(input_value: Any, secret: str) -> Any:
"""
Compatible with JS TS_decrypt behavior:
- If not string: return as-is.
- If RSA{...}: decrypt AES(CryptoJS passphrase mode), parse JSON when possible.
- If plain string JSON: parse JSON.
- Else: return raw string.
"""
def ts_encrypt(input_value: Any, secret: str) -> str:
if not isinstance(input_value, str):
return input_value
payload = json.dumps(input_value, separators=(",", ":"), ensure_ascii=False)
else:
payload = input_value
is_wrapped = input_value.startswith("RSA{") and input_value.endswith("}")
if is_wrapped:
if not secret:
raise TeleSecCryptoError("Secret is required to decrypt RSA payload")
b64 = input_value[4:-1]
try:
raw = base64.b64decode(b64)
except Exception as exc:
raise TeleSecCryptoError("Invalid base64 payload") from exc
payload_bytes = payload.encode("utf-8")
salt = os.urandom(8)
if len(raw) < 16 or not raw.startswith(b"Salted__"):
raise TeleSecCryptoError("Unsupported encrypted payload format")
# OpenSSL EVP_BytesToKey (MD5)
dx = b""
salted = b""
while len(salted) < 48: # 32 key + 16 iv
dx = hashlib.md5(dx + secret.encode() + salt).digest()
salted += dx
salt = raw[8:16]
ciphertext = raw[16:]
key, iv = _evp_bytes_to_key(secret.encode("utf-8"), salt, 32, 16)
cipher = AES.new(key, AES.MODE_CBC, iv=iv)
decrypted = cipher.decrypt(ciphertext)
decrypted = _pkcs7_unpad(decrypted, 16)
key = salted[:32]
iv = salted[32:48]
try:
text = decrypted.decode("utf-8")
except UnicodeDecodeError:
text = decrypted.decode("latin-1")
cipher = AES.new(key, AES.MODE_CBC, iv)
encrypted = cipher.encrypt(_pkcs7_pad(payload_bytes, 16))
try:
return json.loads(text)
except Exception:
return text
try:
return json.loads(input_value)
except Exception:
return input_value
openssl_blob = b"Salted__" + salt + encrypted
b64 = base64.b64encode(openssl_blob).decode("utf-8")
return f"RSA{{{b64}}}"
@dataclass
class TeleSecDoc:

66
python_sdk/windows_agent.py
View File

@@ -7,7 +7,7 @@ import subprocess
import sys
import time
from datetime import datetime, timezone
from typing import Any, Dict, Optional
from typing import Any, Dict, Optional, List
import psutil
import base64
@@ -84,52 +84,32 @@ def ts_encrypt(input_value: Any, secret: str) -> str:
return f"RSA{{{b64}}}"
def ts_decrypt(input_value: Any, secret: str) -> Any:
"""
Compatible with JS TS_decrypt behavior:
- If not string: return as-is.
- If RSA{...}: decrypt AES(CryptoJS passphrase mode), parse JSON when possible.
- If plain string JSON: parse JSON.
- Else: return raw string.
"""
def ts_encrypt(input_value: Any, secret: str) -> str:
if not isinstance(input_value, str):
return input_value
payload = json.dumps(input_value, separators=(",", ":"), ensure_ascii=False)
else:
payload = input_value
is_wrapped = input_value.startswith("RSA{") and input_value.endswith("}")
if is_wrapped:
if not secret:
raise TeleSecCryptoError("Secret is required to decrypt RSA payload")
b64 = input_value[4:-1]
try:
raw = base64.b64decode(b64)
except Exception as exc:
raise TeleSecCryptoError("Invalid base64 payload") from exc
payload_bytes = payload.encode("utf-8")
salt = os.urandom(8)
if len(raw) < 16 or not raw.startswith(b"Salted__"):
raise TeleSecCryptoError("Unsupported encrypted payload format")
# OpenSSL EVP_BytesToKey (MD5)
dx = b""
salted = b""
while len(salted) < 48: # 32 key + 16 iv
dx = hashlib.md5(dx + secret.encode() + salt).digest()
salted += dx
salt = raw[8:16]
ciphertext = raw[16:]
key, iv = _evp_bytes_to_key(secret.encode("utf-8"), salt, 32, 16)
cipher = AES.new(key, AES.MODE_CBC, iv=iv)
decrypted = cipher.decrypt(ciphertext)
decrypted = _pkcs7_unpad(decrypted, 16)
key = salted[:32]
iv = salted[32:48]
try:
text = decrypted.decode("utf-8")
except UnicodeDecodeError:
text = decrypted.decode("latin-1")
cipher = AES.new(key, AES.MODE_CBC, iv)
encrypted = cipher.encrypt(_pkcs7_pad(payload_bytes, 16))
try:
return json.loads(text)
except Exception:
return text
try:
return json.loads(input_value)
except Exception:
return input_value
openssl_blob = b"Salted__" + salt + encrypted
b64 = base64.b64encode(openssl_blob).decode("utf-8")
return f"RSA{{{b64}}}"
@dataclass
class TeleSecDoc:
@@ -415,14 +395,14 @@ def run_once(client: TeleSecCouchDB, machine_id: str, dry_run: bool = False) ->
def parse_args() -> argparse.Namespace:
parser = argparse.ArgumentParser(description="TeleSec Windows Agent")
parser.add_argument("--server", default="", help="CouchDB server URL, ej. https://couch.example")
parser.add_argument("--db", default="telesec", help="Database name")
parser.add_argument("--db", default="", help="Database name")
parser.add_argument("--user", default="", help="CouchDB username")
parser.add_argument("--password", default="", help="CouchDB password")
parser.add_argument("--secret", default="", help="TeleSec secret para cifrado")
parser.add_argument("--machine-id", default="", help="ID de máquina (default: hostname)")
parser.add_argument("--interval", type=int, default=15, help="Intervalo en segundos")
parser.add_argument("--once", action="store_true", help="Ejecutar una sola iteración")
parser.add_argument("--dry-run", action="store_true", help="No apagar realmente, solo log")
parser.add_argument("--once", action="store_false", help="Ejecutar una sola iteración")
parser.add_argument("--dry-run", action="store_false", help="No apagar realmente, solo log")
parser.add_argument(
"--config",
default="",

2
src/app_modules.js
View File

@@ -949,9 +949,11 @@ function TS_decrypt(input, secret, callback, table, id) {
}
// Encrypted format marker: RSA{<ciphertext>} where <ciphertext> is CryptoJS AES output
// console.debug(input);
if (input.startsWith('RSA{') && input.endsWith('}') && typeof CryptoJS !== 'undefined') {
try {
var data = input.slice(4, -1);
// console.debug("TS_decrypt secret:", ">" + secret + "<", typeof secret, secret?.length);
var words = CryptoJS.AES.decrypt(data, secret);
var decryptedUtf8 = null;
try {