1

Currently this code runs in Python, without issue :

#!/usr/bin/python   
print('Content-type: text/html\r\n\r')


#! /usr/bin/env python -2
from binascii import hexlify, unhexlify
from Crypto.Cipher import AES
#
# PICCData decryption
# PICCData = AES-128_DECRYPT(KSDMMetaRead; PICCDataTag[||UID] [||SDMReadCtr]||RandomPadding)
IV = 16 * '\x00'
key = 16 * '\x00' # FileAR.SDMMetaRead Key
# Enc_PICC_Data = '\xEF\x96\x3F\xF7\x82\x86\x58\xA5\x99\xF3\x04\x15\x10\x67\x1E\x88'
Enc_PICC_Data = 'EF963FF7828658A599F3041510671E88'
myaes = AES.new(key, AES.MODE_CBC, IV=IV)
PICCData = myaes.decrypt(unhexlify(Enc_PICC_Data))

print (hexlify(PICCData))

Response is :

b'c704de5f1eacc0403d0000da5cf60941'

I am unable to essentially migrate this code over. I have tried variations of the following which does not return any response no matter what I do. I might be doing something painfully stupid :

$e = 'EF963FF7828658A599F3041510671E88';
$key = '00000000000000000000000000000000';
$iv = '00000000000000000000000000000000';

$output = openssl_decrypt($e, 'AES-128-CBC', $key, 0, $iv);
echo $output;

Many thanks in advance, any help is appreciated.

Improve this question

1 Answer 1

Reset to default
2

There are 3 issues with your code.

First: you are using input values in form of hexstring values - they have to be transformed to binary data with hex2bin.

Second: Your PHP script is using a random padding so it adds some data to makes the output looking different each time it runs. For decryption only the first 16 bytes (32 hexstring characters) will be used (those in your $e variable) you have to force OpenSSL to deny any padding - that's what the option "OPENSSL_ZERO_PADDING" is good for.

Third: The other option "OPENSSL_RAW_DATA" is forcing OpenSSL to take raw data instead of base64-encoded data.

Put all three parts together in the code you receive the expected plaintext (here in hexstring): c704de5f1eacc0403d0000da5cf60941

console:

output: ��_��@=  �\�    A
output in hex: c704de5f1eacc0403d0000da5cf60941

Security warning: the following code is UNSECURE (e.g. static key & iv) and has no exception handling!

code:

<?php
$e = hex2bin('EF963FF7828658A599F3041510671E88');
$key = hex2bin('00000000000000000000000000000000');
$iv = hex2bin('00000000000000000000000000000000');

$output = openssl_decrypt($e, 'AES-128-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
echo 'output: ' . $output . PHP_EOL;
echo 'output in hex: ' . bin2hex($output);
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Ah that is fantastic, I had actually done more or less this, but missed out the key with hex2bin. Thank you ever so much, that is a great answer too.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.