Clever Geek Handbook

AES Decryption has different behavior in iOS 7 than iOS 8/9

The following method returns different results when run on iOS 7 than on iOS 8/9.

+ (NSData *)decryptData:(NSData *)data key:(NSData *)key iv:(NSData *)iv;
{
  NSData *result = nil;

  // setup key
  unsigned char cKey[FBENCRYPT_KEY_SIZE];
  bzero(cKey, sizeof(cKey));
  [key getBytes:cKey length:FBENCRYPT_KEY_SIZE];

  // setup iv
  char cIv[FBENCRYPT_BLOCK_SIZE];
  bzero(cIv, FBENCRYPT_BLOCK_SIZE);
  if (iv) {
    [iv getBytes:cIv length:FBENCRYPT_BLOCK_SIZE];
  }

  // setup output buffer
  size_t bufferSize = [data length] + FBENCRYPT_BLOCK_SIZE;
  void *buffer = malloc(bufferSize);

  // do decrypt
  size_t decryptedSize = 0;
  CCCryptorStatus cryptStatus =
      CCCrypt(kCCDecrypt, FBENCRYPT_ALGORITHM, kCCOptionPKCS7Padding, cKey,
              FBENCRYPT_KEY_SIZE, cIv, [data bytes], [data length], buffer,
              bufferSize, &decryptedSize);

  if (cryptStatus == kCCSuccess) {
    result = [NSData dataWithBytesNoCopy:buffer length:decryptedSize];
  } else {
    free(buffer);
    NSLog(@"[ERROR] failed to decrypt| CCCryptoStatus: %d", cryptStatus);
  }

  return result;
}

Encryption works on iOS 7/8/9. But the result of decrypting nil on iOS 7.

decryptedSize

equals 0 after execution. Elements buffer

remain 0.

Some definitions

#define FBENCRYPT_ALGORITHM kCCAlgorithmAES128
#define FBENCRYPT_BLOCK_SIZE kCCBlockSizeAES128
#define FBENCRYPT_KEY_SIZE kCCKeySizeAES256

I have read answers to similar questions CCCrypt()

on SO. Tried the following:

  • Increase cKey

    length by 1
  • Extend the length cKey

    toFBENCRYPT_KEY_SIZE * 2 + 1

  • Set the first byte cKey

    to 0 (some say iOS 6 does this when getting the key bytes from the NSString)

None of the above works.

I come back with some sample data when the method is called.

Three parameters passed to decryptData

:

  • Details: ea1e6896 b5731f40 1d560a18 f0729fa6

    ,
  • : 17c76e90 9a6fef8d b1fd45fa 2de18db0 d2236264 db6c8a60 125599ec 2dfb5614

    , 256 bit for AES256
  • iv:, 41463531 38453234 44333835 42463636

    16-byte which is the same block size

Expected output (and actual output on iOS8 / 9) 248e51af 66bf85d3 00003ab6 fe3c0000

.

+3


source to share


1 answer


Guess quickly, because there is little information:

The data was encrypted using another plugin, which is PKCS # 7 (or PKCS # 5). mcrypt()

, while pop was written by some bozos and uses non-standard zero padding, which is insecure and won't work if the last byte of data is 0x00.



For more information on transferring PKCs # 7 see this SO answer .

Earlier versions CCCrypt

will return an error if the padding was clearly incorrect, this was a security bug that was later fixed. IIRC iOS7 was the last version to report bad padding as a bug.

+1


source






More articles:


All Articles