How It Works

Processing Flow

  1. Upload — Your .export file and password are sent over an encrypted HTTPS connection.
  2. Validation — File format and CAPTCHA are verified. Invalid files are rejected immediately.
  3. Decryption — The file is parsed and decrypted entirely in server memory (RAM).
  4. Packaging — The decoded JSON and TXT results are packaged into a ZIP file, also in memory.
  5. Download — The ZIP is delivered to your browser.
  6. Cleanup — All data is wiped from memory immediately after download.

Technical Stack

  • Nginx — reverse proxy, TLS termination, rate limiting
  • Python / Flask — decoding logic and request handling
  • Gunicorn — WSGI server with multiple workers for concurrent requests
  • PyCryptodome — AES-256-CBC decryption
  • Let's Encrypt — TLS certificates with automatic renewal

About the Decryption

FRITZ!Box backup files use AES-256-CBC encryption with a two-step key derivation process:

  1. A bootstrap key is derived from the MD5 hash of your export password, padded with zero bytes
  2. This bootstrap key decrypts an intermediate key embedded in the file header
  3. The intermediate key decrypts all encrypted values (marked with $$$$) throughout the configuration

Encrypted values use AVM's custom Base32 alphabet (A-Z, 1-6 instead of the standard A-Z, 2-7).

For details on data handling, logging, and hosting, see our Privacy Policy.