I have a black box system that is doing some encryption that I need to reverse engineer so I can replicate it in new software. I know the input, the output, and the key. An example:
Plain text: helloworld
Key (b64): 70Af8aELL22xBM1JCtIdsXqvhdYIT3GmSf30K74Jv64=
Ciphertext (b64): eVQr/xluxvohqS5RD7HArQgAJ+lE+BQBUcl+qzMR7Bpfc+B8ndw=
So the key length is 32 bytes, which suggests it's likely AES-256. The plain text is 10 bytes but the ciphertext is 38 bytes, which is an odd length because it's not a block size multiple or a block size multiple + IV length. If I give it a plain text input of 30 bytes, the ciphertext is 58 bytes, and with a plain text of 60 bytes, the ciphertext is 88 bytes. So, consistently, the ciphertext is always 28 bytes more than the plaintext.
I've tried looping through common combinations of AES mode and IV concatenation, i.e.:
- AES256 CBC, CTR, GCM, CFB, OFB
- No IV, IV prepended to ciphertext, IV appended to ciphertext
But none decrypt to the expected plaintext. Perhaps there's some sort of key derivation function happening?
So my questions are:
- Is there anything obvious that I'm missing? Does the ciphertext size give any indication of what might be happening here?
- Is key derivation a realistic guess at what might be happening? If so, are there any common/standard KDFs I should try?
