This repository contains a real playable MP4 file with an encrypted copy of claude-code-main.zip embedded at the end of the video file.
I created this using Codex btw :)
claude-code-main.mp4
open-source-ftw
Recover the embedded payload as claude-code-main.zip.
Expected SHA-256:
BA8F5B65B9C2281B7273E2FA4A0F2B038D803345365AFE41EEECA26FB814AEA2
The MP4 is still playable because the encrypted payload is simply appended after the normal MP4 data.
The end of the file contains:
- trailer magic:
b"OSFTW-END-V1" - payload length: 8-byte big-endian unsigned integer
So the last bytes of the file are:
TRAILER_MAGIC = b"OSFTW-END-V1"
trailer = TRAILER_MAGIC + payload_len.to_bytes(8, "big")The payload itself is:
- 4-byte big-endian metadata length
- UTF-8 JSON metadata
- ciphertext
- 32-byte HMAC-SHA256 tag
After decoding the metadata JSON, use these fields:
metadata["kdf"]["salt_hex"]metadata["kdf"]["iterations"]metadata["nonce_hex"]metadata["sha256"]
The metadata also includes the original output filename and size.
Use PBKDF2-HMAC-SHA256 with the passphrase open-source-ftw:
import hashlib
key_material = hashlib.pbkdf2_hmac(
"sha256",
b"open-source-ftw",
bytes.fromhex(metadata["kdf"]["salt_hex"]),
metadata["kdf"]["iterations"],
dklen=64,
)
enc_key = key_material[:32]
mac_key = key_material[32:]The last 32 bytes of the payload are an HMAC-SHA256 over:
metadata_json_bytes + ciphertextVerify it with:
import hashlib
import hmac
expected_tag = hmac.new(mac_key, metadata_json_bytes + ciphertext, hashlib.sha256).digest()Compare expected_tag with the 32-byte tag from the file before decrypting.
The ciphertext is plaintext XOR a SHA-256 counter keystream.
For counter values 0, 1, 2, ..., generate 32-byte keystream blocks as:
import hashlib
keystream_block = hashlib.sha256(
enc_key + bytes.fromhex(metadata["nonce_hex"]) + counter.to_bytes(8, "big")
).digest()Concatenate enough blocks to cover the ciphertext length, then XOR byte-for-byte with the ciphertext to recover the plaintext.
import json
import math
import struct
import hashlib
import hmac
TRAILER_MAGIC = b"OSFTW-END-V1"
KEY = b"open-source-ftw"
with open("claude-code-main.mp4", "rb") as f:
f.seek(0, 2)
file_size = f.tell()
f.seek(file_size - len(TRAILER_MAGIC) - 8)
trailer = f.read(len(TRAILER_MAGIC) + 8)
assert trailer[:len(TRAILER_MAGIC)] == TRAILER_MAGIC
payload_len = struct.unpack(">Q", trailer[len(TRAILER_MAGIC):])[0]
f.seek(file_size - len(TRAILER_MAGIC) - 8 - payload_len)
payload = f.read(payload_len)
metadata_len = struct.unpack(">I", payload[:4])[0]
metadata_json_bytes = payload[4:4 + metadata_len]
metadata = json.loads(metadata_json_bytes.decode("utf-8"))
ciphertext = payload[4 + metadata_len:-32]
tag = payload[-32:]
key_material = hashlib.pbkdf2_hmac(
"sha256",
KEY,
bytes.fromhex(metadata["kdf"]["salt_hex"]),
metadata["kdf"]["iterations"],
dklen=64,
)
enc_key = key_material[:32]
mac_key = key_material[32:]
expected_tag = hmac.new(mac_key, metadata_json_bytes + ciphertext, hashlib.sha256).digest()
assert hmac.compare_digest(tag, expected_tag)
nonce = bytes.fromhex(metadata["nonce_hex"])
plaintext = bytearray(len(ciphertext))
for counter in range(math.ceil(len(ciphertext) / 32)):
block = hashlib.sha256(enc_key + nonce + counter.to_bytes(8, "big")).digest()
start = counter * 32
end = min(start + 32, len(ciphertext))
for i in range(end - start):
plaintext[start + i] = ciphertext[start + i] ^ block[i]
assert hashlib.sha256(plaintext).hexdigest().upper() == metadata["sha256"].upper()
with open("claude-code-main.zip", "wb") as out:
out.write(plaintext)After recovery, verify the ZIP hash:
Get-FileHash .\claude-code-main.zip -Algorithm SHA256It must match:
BA8F5B65B9C2281B7273E2FA4A0F2B038D803345365AFE41EEECA26FB814AEA2