Search code examples
pythonphpencryptionaescbc-mode

Decrypting simple script using AES CBC in PHP - migrating from Python

Currently this code runs in Python, without issue :

#!/usr/bin/python   
print('Content-type: text/html\r\n\r')


#! /usr/bin/env python -2
from binascii import hexlify, unhexlify
from Crypto.Cipher import AES
#
# PICCData decryption
# PICCData = AES-128_DECRYPT(KSDMMetaRead; PICCDataTag[||UID] [||SDMReadCtr]||RandomPadding)
IV = 16 * '\x00'
key = 16 * '\x00' # FileAR.SDMMetaRead Key
# Enc_PICC_Data = '\xEF\x96\x3F\xF7\x82\x86\x58\xA5\x99\xF3\x04\x15\x10\x67\x1E\x88'
Enc_PICC_Data = 'EF963FF7828658A599F3041510671E88'
myaes = AES.new(key, AES.MODE_CBC, IV=IV)
PICCData = myaes.decrypt(unhexlify(Enc_PICC_Data))

print (hexlify(PICCData))

Response is :

b'c704de5f1eacc0403d0000da5cf60941'

I am unable to essentially migrate this code over. I have tried variations of the following which does not return any response no matter what I do. I might be doing something painfully stupid :

$e = 'EF963FF7828658A599F3041510671E88';
$key = '00000000000000000000000000000000';
$iv = '00000000000000000000000000000000';

$output = openssl_decrypt($e, 'AES-128-CBC', $key, 0, $iv);
echo $output;

Many thanks in advance, any help is appreciated.

Solution

  • There are 3 issues with your code.

    First: you are using input values in form of hexstring values - they have to be transformed to binary data with hex2bin.

    Second: Your PHP script is using a random padding so it adds some data to makes the output looking different each time it runs. For decryption only the first 16 bytes (32 hexstring characters) will be used (those in your $e variable) you have to force OpenSSL to deny any padding - that's what the option "OPENSSL_ZERO_PADDING" is good for.

    Third: The other option "OPENSSL_RAW_DATA" is forcing OpenSSL to take raw data instead of base64-encoded data.

    Put all three parts together in the code you receive the expected plaintext (here in hexstring): c704de5f1eacc0403d0000da5cf60941

    console:

    output: ��_��@=  �\�    A
output in hex: c704de5f1eacc0403d0000da5cf60941

    Security warning: the following code is UNSECURE (e.g. static key & iv) and has no exception handling!

    code:

    <?php
$e = hex2bin('EF963FF7828658A599F3041510671E88');
$key = hex2bin('00000000000000000000000000000000');
$iv = hex2bin('00000000000000000000000000000000');

$output = openssl_decrypt($e, 'AES-128-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
echo 'output: ' . $output . PHP_EOL;
echo 'output in hex: ' . bin2hex($output);
?>