0
$\begingroup$

I'm making documentation for an ethernet gateway that using Lantronix xPortEDGE module. It can encrypt/decrypt in AES 128, 192 and 256 bits. I'm struggling to get more information from the manufacturer to better understand how it works. This is an aes-128-cfb mode

I'm trying to decrypt a clear text that i send from a ZigBee network :

hello_word_xbee_that_me

What's happening:

  1. The module connects to the server
  2. Module send the initial IV one time during the session, 16 bytes coded
  3. ZigBee network send hello_word_xbee_that_me again and again encrypted through my module to server

In JavaScript, i have a code to decipher this encrypted text.

I'm very frustrated because i'm able to decrypt the first ciphertext using the initial IV, but impossible from the second.

I think i undertood that the first ciphertext becomes the next IV to decipher the next ciphertext etc... As the number of plain characters corresponds to the same number of encrypted characters, and not knowing what else to do, I select the first 16 bytes in order to obtain the following IV.

But from the 2nd decryption, it doesn't work, the plain text is unreadable.

In plus with my server, i'm testing here :

... to test what i receive by the following datas :

To be more clear, there is my testing current work :

My module send every 10 seconds "hello_world_xbee_that_meX" where X is incremented +1 from 0.

I give you exactly that i received :

key: 61616161616161616161616161616161 iv: b18af59605c157d10b6282572485fbd0 [original and unique first IV] enc: 5727866a4669878bf4561b964e9b3510a02154806fbd12ab56 dec: hello_world_xbee_that_me0 iv: ? enc: 83c52ba9feab174e56dd7d97e51c7c95b2b232883f880a8beb dec: hello_world_xbee_that_me1 iv: ? enc: ee5dd05c437bc3649348996f9cf8d55f4be1e324ac284153d1 dec: hello_world_xbee_that_me2 iv: ? enc: 090410f2546e7a9f89dbb002dfd3c87b800568e4106a545274 dec: hello_world_xbee_that_me3

You can see the first IV and i can decipher the first message hello_world_xbee_that_me0.

But now, i don't understand how can i build the second IV etc ... I tested several combinations with the first 'enc' ciphertext and nada.

Can anyone explain me please ?

What didn't I understand?

Thank you in advance for your help,

Syl

Improve this question
$\endgroup$
10
  • $\begingroup$ Why is your chaining values (ones you labelled iv) truncated? $\endgroup$ Commented Nov 3, 2024 at 3:34
  • $\begingroup$ Hello, because i don't know how to get a 16bytes IV from the previous ciphertext. So i take first 16 hexa values from this ciphertext O.O $\endgroup$ Commented Nov 3, 2024 at 9:27
  • $\begingroup$ Check on your programming language's manual, there should be a way to obtain 16 octets in the form of an array of integers or byte string; if not, then switch to another more suitable language. The AES encrypt subroutine takes a key and a input block, and returns an output block - these are all byte strings. $\endgroup$ Commented Nov 3, 2024 at 9:32
  • $\begingroup$ sorry I expressed myself badly. I program in JavaScript, no problem recovering the first 16 bytes in a buffer. I will share my code. But I cannot decipher from the 2nd message, with the 16 bytes mentioned from the previous ciphertext. I don't know if it works in 128-bit blocks... or the full message. In my first post, there are all my captures. "enc" represent each encrypted message received. $\endgroup$ Commented Nov 3, 2024 at 13:55
  • $\begingroup$ I've raised a flag to ask a moderator migrate this to SO (StackOverflow) once you share the code in question. If I were you, I'll not copy this over and delete it here, as you get slightly better attention if a migration link exist on this site. $\endgroup$ Commented Nov 3, 2024 at 14:19

1 Answer 1

Reset to default
0
$\begingroup$

We can decipher all the messages by using the original IV b18af59605c157d10b6282572485fbd0 and deciphering the concatenation of all ciphertexts (shown below). That's how (full-block) CFB is supposed to work for minimum size and computational overhead: the IV is not reused (a must for security), but needs to be transmitted only once; and the number of AES operations is minimized.

5727866a4669878bf4561b964e9b3510a02154806fbd12ab5683c52ba9feab174e56dd7d97e51c7c95b2b232883f880a8bebee5dd05c437bc3649348996f9cf8d55f4be1e324ac284153d1090410f2546e7a9f89dbb002dfd3c87b800568e4106a545274.

Alternatively, to perform a decryption of a ciphertext in isolation we can use as IV the last complete 16-byte block in the concatenation of the original 16-byte IV and earlier ciphertext(s), decipher the concatenation of [the N = 0 to 15 bytes of earlier ciphertext(s) following that IV] and [the new ciphertext], and remove from the decryption the first N bytes. For the second ciphertext that's using IV 5727866a4669878bf4561b964e9b3510, deciphering the ciphertext below, then removing the first 9 bytes.

a02154806fbd12ab5683c52ba9feab174e56dd7d97e51c7c95b2b232883f880a8beb

In practice we need to decipher messages one after the other, and for efficiency we don't want to store and re-decipher all earlier messages, thus that alternative method is better. We can do this by maintaining a buffer of 16 to 31 bytes with the next IV and the 0 to 15 following ciphertext bytes.

Yet another method would buffer the last 16 bytes produced by AES, with the advantage that the number of AES decryption is slightly less than above: one less AES operation for 15/16 ≈ 94% of the decryptions. However, that is complex on top of a library or tool that implements non-incremental AES CFB decryption.

Improve this answer
$\endgroup$
1
  • $\begingroup$ thank you very much for your explanations and time. There is too much site that deal CFB mode with alaways same diagrams, but none with good relevant explanations like yours. Many thanks again. To return to the subjet, i put the entire concatenate cyphertexts in an editor then cut the encrypted fram every 16 bytes. Like this thanks to you, i understood visualy that one bloc is deciphered by the previous block as IV. I was troubled with alignment and incomplete blocks due to this mode. In this sense, it's easier to understand the other modes with padding. $\endgroup$ Commented Nov 4, 2024 at 20:04

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.