Decrypting secure string with aes key

Question

So I was given a key and a hash to decrypt with PowerShell.

key: (165, 49, 50, 151, 4, 58, 80, 217, 250, 19, 249, 150, 185, 102, 202, 113)

hash:

76492d1116743f0423413b16050a5345MgB8AEsAVQBkAGkAWQBQAGYAcgA2ADQASwBCAGQ
AcwBkAFEATQByAFQATABqAFEAPQA9AHwAOQBkAGQAYQA2AGQAYgA4ADQAZQBmAGUAMgBiADQ
ANgA1ADkANAA5AGYAMQBlADIAYgA5ADIAMQBmADUANgA0ADgANgBiADYANwBmAGMANgBjADAA
ZgA5AGUAZQAxAGQANgA3ADUANwA3ADUAZgA1AGYAOABlADcAOQA0AGMAOQA4ADMAZgBmADQ
AMQBkADcAYgAyADkAZQBhADEANwA2AGEAMQBhADMAZQBiADEAOQBkAGMANABiAGIANQBhAGM
AOQA0ADQAMwBhADAAZQAzAGQAZQAwADIANwA2ADUANwAzADcAMABhAGMAMwAxAGYAYwBjA
DYANAA5ADYAZgBlAGQANAA3ADIAMAA2AGUAOQA0ADEAMQA2ADEAYgA2ADMAYgAwADUANQA1A
GQAYQBiADQAOABkAGMANQAyADUAZABkADIANQA5AGQANQA3ADIANgA4ADUAYQA3ADcAMgAxAD
AAOQA2AGUAYQA4ADUAZQAyADgAZABhADMANABlADkANwA0ADIAZQBiADMAMwAzADMAMwAwA
DIAZAA4ADIAYgAwADkAZgBjADUAMgA4AGQANQBkADUAOQA0ADgAMwA4ADEAYgBmAGIAMwBjAGU
AYQAyADUAZgA3ADgAOQA0AGUAZABiAGMAYgBkADcANQAyADQAOQA0ADkANwAxADgAOQAxAGMA
ZAA5ADcAMQA2AGQAOABjAGQAOQAyAGIANQA0AGUAZgAzADcANwA0ADkAOQAxAGIANQA2AGUANw
AyADIAMAA5ADcAOQA3ADIANwAyADAAZgAyAGUAMgA2AGQAMwA1ADMAMAA1AGUAYwAxADcAYw
A2AGQAMwA2AGQAZQBjADgANwAyADYAYwBkADgANQA5AGYANwAwAGUAMQA3AGUANwBkADIAMQ
A4ADgANAA2ADIANAAwAGIANAA5ADgAMwBiADMAOAA1ADUAYgBiAGUAMABhAGIANgAxAGEAMwB
mADYAYQA5ADUANQBmAGUAZQAyADAAZQBhADAAZQAxADUAOAAxAGIAZQA1ADMAMAA5AGUAYQ
BiADkANwAwAGQAMQBmAGQAYgAxAGIANQA0ADAAYwAwADMAOQA5ADcANQA1ADcAOABjADUANg
AyADAAMAA2ADEAZAAyAGQAYgA0ADYAZAA2AGUAOABhADUANQA4ADgAYQA0AGMAZgAwADQANwB
lAGMAZABiAGQAYgBjADQANwA1AGQAYQA2ADQAYgA4ADcAMAAzADIAMgBhADIAZgA1ADAANgA4AGU
AYwBlADgAMgA4AGEAMwAzAGYAMAAzADkANQBlADkAMgBkADIAMgA1ADAAOAA4AGIAOQA3AGUAYg
AzADIAZQA3ADMAMQA4AA==

My code:

$Key = (165, 49, 50, 151, 4, 58, 80, 217, 250, 19, 249, 150, 185, 102, 202, 113)
ConvertFrom-SecureString (ConvertTo-SecureString             
"abovehash" -AsPlainText -Force) -Key $Key

My theory is that it is already a secure string but to flip it to plaintext I would need to convertto and convertfrom to translate it. I used a website which decoded it perfectly https://www.wietzebeukema.nl/powershell-securestring-decoder/#

I get the hash re-hashed again.

I know how to make my own secure key and decrypt it but how would you decrypt a hash if you were given the hash and the key.

If I am understanding you correctly, wouldn't you just use "convertfrom-securestring" with the key parameter? — William Higgs, Dec 17 '20 at 00:46
@WilliamHiggs that would be logical but Microsoft changed something which broke it from working like that. The source information was on MSDN and isn't available anymore. — Jim, Dec 17 '20 at 02:01

Jim · Accepted Answer · 2020-12-17T01:04:01.063

I remember trying to do this 4 or 5 years ago to store random stuff in it. What I found out is for some reason the ConvertFrom-SecureString never worked. After some reasearch I found out converting to BTSR using the System.Runtime.InteropServices.Marshal SecureStringtoBTSR from a SecureString and then using the PtrToStringAuto will decrypt it properly. I will try to locate the reasoning and post it. But this should work and provide you the message you want:

$Key = (165, 49, 50, 151, 4, 58, 80, 217, 250, 19, 249, 150, 185, 102, 202, 113)
$hash = "76492d1116743f0423413b16050a5345MgB8AEsAVQBkAGkAWQBQAGYAcgA2ADQASwBCAGQAcwBkAFEATQByAFQATABqAFEAPQA9AHwAOQBkAGQAYQA2AGQAYgA4ADQAZQBmAGUAMgBiADQANgA1ADkANAA5AGYAMQBlADIAYgA5ADIAMQBmADUANgA0ADgANgBiADYANwBmAGMANgBjADAAZgA5AGUAZQAxAGQANgA3ADUANwA3ADUAZgA1AGYAOABlADcAOQA0AGMAOQA4ADMAZgBmADQAMQBkADcAYgAyADkAZQBhADEANwA2AGEAMQBhADMAZQBiADEAOQBkAGMANABiAGIANQBhAGMAOQA0ADQAMwBhADAAZQAzAGQAZQAwADIANwA2ADUANwAzADcAMABhAGMAMwAxAGYAYwBjADYANAA5ADYAZgBlAGQANAA3ADIAMAA2AGUAOQA0ADEAMQA2ADEAYgA2ADMAYgAwADUANQA1AGQAYQBiADQAOABkAGMANQAyADUAZABkADIANQA5AGQANQA3ADIANgA4ADUAYQA3ADcAMgAxADAAOQA2AGUAYQA4ADUAZQAyADgAZABhADMANABlADkANwA0ADIAZQBiADMAMwAzADMAMwAwADIAZAA4ADIAYgAwADkAZgBjADUAMgA4AGQANQBkADUAOQA0ADgAMwA4ADEAYgBmAGIAMwBjAGUAYQAyADUAZgA3ADgAOQA0AGUAZABiAGMAYgBkADcANQAyADQAOQA0ADkANwAxADgAOQAxAGMAZAA5ADcAMQA2AGQAOABjAGQAOQAyAGIANQA0AGUAZgAzADcANwA0ADkAOQAxAGIANQA2AGUANwAyADIAMAA5ADcAOQA3ADIANwAyADAAZgAyAGUAMgA2AGQAMwA1ADMAMAA1AGUAYwAxADcAYwA2AGQAMwA2AGQAZQBjADgANwAyADYAYwBkADgANQA5AGYANwAwAGUAMQA3AGUANwBkADIAMQA4ADgANAA2ADIANAAwAGIANAA5ADgAMwBiADMAOAA1ADUAYgBiAGUAMABhAGIANgAxAGEAMwBmADYAYQA5ADUANQBmAGUAZQAyADAAZQBhADAAZQAxADUAOAAxAGIAZQA1ADMAMAA5AGUAYQBiADkANwAwAGQAMQBmAGQAYgAxAGIANQA0ADAAYwAwADMAOQA5ADcANQA1ADcAOABjADUANgAyADAAMAA2ADEAZAAyAGQAYgA0ADYAZAA2AGUAOABhADUANQA4ADgAYQA0AGMAZgAwADQANwBlAGMAZABiAGQAYgBjADQANwA1AGQAYQA2ADQAYgA4ADcAMAAzADIAMgBhADIAZgA1ADAANgA4AGUAYwBlADgAMgA4AGEAMwAzAGYAMAAzADkANQBlADkAMgBkADIAMgA1ADAAOAA4AGIAOQA3AGUAYgAzADIAZQA3ADMAMQA4AA=="
$Secured = $hash | ConvertTo-SecureString -key $key

$BTSR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Secured)
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BTSR)

And of course in pure Microsoft fashion the explanation article is no longer where it used to be. Once I have the context reasoning I will update.

Update

Here is an SO Answer giving some context to it: Are you able to use PtrToStringAuto to decrypt a secure string in Powershell 7 on macOS?

Decrypting secure string with aes key

1 Answers1