#!/usr/bin/perl

# usage: decrypt.pl aa:bb:cc:dd:ee:ff filename
#  (giving the MAC address of the target phone)

use strict;
use warnings;

use Crypt::Rijndael qw{MODE_CBC};

$/ = undef;
my $mac = shift;
my $data = <>;

my @macbytes = map {hex($_)} split /[:-]/, $mac;
die "Invalid mac address $mac\n" unless scalar @macbytes == 6;

my @initbytes = unpack('C*',, substr($data, 0, 16));

my @iv1 = unpack('C*', 'lixiabingweixian');
my @iv2 = unpack('C*', 'gweiningzhangwei');
my $iv = pack('C16', map {$iv1[$_] ^ $iv2[$_]} 0..$#iv1);

my $l1 = ($macbytes[2] << 24) + ($macbytes[3] << 16) + ($macbytes[4] << 8) + $macbytes[5];
my $l2 = ($initbytes[8] << 8) + $initbytes[9];
my $l = $l1 % $l2;

my @keybytes = (@initbytes[2..3], @macbytes, @initbytes[6..11], ($l >> 8) & 0xff, $l & 0xff);
my $key = pack('C16', @keybytes);

my $ciphertext = substr($data, 16);

my $cipher = Crypt::Rijndael->new($key, Crypt::Rijndael::MODE_CBC);
$cipher->set_iv($iv);
my $cleartext = $cipher->decrypt($ciphertext);

my @props = split /\&/, $cleartext;
foreach my $prop (@props) {
  next unless $prop =~ /^(P\d+)=(.*)$/;
  my ($key, $value) = ($1, $2);
  $value =~ s/\+/ /g;
  $value =~ s/\%([0-9a-f]{2})/chr(hex($1))/eg;
  print "$key = $value\n";
}