IntuneWin32App

1.1.0

Decrypt2.ps1

                                # Instantiate required objects

[System.Security.Cryptography.ICryptoTransform]$Transform = $null

[System.IO.FileStream]$FileStreamTarget = $null

[System.IO.FileStream]$FileStreamSource = $null

[System.Security.Cryptography.CryptoStream]$CryptoStream = $null

# Import required assemblies for file compression

$ClassImport = Add-Type -AssemblyName "System.IO.Compression.FileSystem"

# Read Win32 app meta data

$IntuneWinFile = "C:\Temp\IntuneWinAppUtil\Output\7z1900-x64.intunewin"

$IntuneWinMetaData = Get-IntuneWin32AppMetaData -FilePath $IntuneWinFile

# Retrieve Base64 encoded encryption key and initialization vector

$Base64Key = $IntuneWinMetaData.ApplicationInfo.EncryptionInfo.EncryptionKey

$Base64IV = $IntuneWinMetaData.ApplicationInfo.EncryptionInfo.InitializationVector

# Extract encoded .intunewin from Contents folder

$ExtractedIntuneWinFile = $IntuneWinFile + ".extracted"

$ZipFile = [System.IO.Compression.ZipFile]::OpenRead($IntuneWinFile)

$IntuneWinFileName = Split-Path -Path $IntuneWinFile -Leaf

$ZipFile.Entries | Where-Object { $_.Name -like $IntuneWinFileName } | ForEach-Object {

    [System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, $ExtractedIntuneWinFile, $true)

}

$ZipFile.Dispose()

# Specify the decoded file name and path

$TargetFilePath = "C:\Temp\IntuneWinAppUtil\Output\7z1900-x64.intunewin.decoded"

# Convert Base64 encryption info to bytes

$Key = [System.Convert]::FromBase64String($Base64Key)

$IV = [System.Convert]::FromBase64String($Base64IV)

$AES = [System.Security.Cryptography.Aes]::Create()

$buffer = New-Object byte[](2097152)

# Open target filestream for read/write

$FileStreamTarget = [System.IO.File]::Open($TargetFilePath, [System.IO.FileMode]::Create, [System.IO.FileAccess]::ReadWrite, [System.IO.FileShare]::None)

# Create AES decryptor

$Decryptor = $AES.CreateDecryptor($Key, $IV)

# Open source filestream for read-only

$FileStreamSource = [System.IO.File]::Open($ExtractedIntuneWinFile, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::None)

$FileStreamSourceSeek = $FileStreamSource.Seek(48l, [System.IO.SeekOrigin]::Begin)

# Construct new CryptoStream

$CryptoStream = New-Object -TypeName System.Security.Cryptography.CryptoStream -ArgumentList @($FileStreamTarget, $Decryptor, [System.Security.Cryptography.CryptoStreamMode]::Write)

# Write chunks of 

while ($BytesRead = $FileStreamSource.Read($buffer, 0, 2097152)) {

    $CryptoStream.Write($buffer, 0, $BytesRead)

    $CryptoStream.Flush()

}

# Flush final block in cryptostream

$CryptoStream.FlushFinalBlock()

# Dispose of objects and release locks

$CryptoStream.Dispose()

$FileStreamSource.Dispose()

$Decryptor.Dispose()

$FileStreamTarget.Dispose()

$AES.Dispose()

# Remove extracted intunewin file

Remove-Item -Path $ExtractedIntuneWinFile -Force