Pycrypto AES decryption resulting in extra "\x07\x07\x07\x07\x07\x07\x07'"

Question

After decryption with Pycrypto Aes, result after base64 decoding is geting extra (at end) "\x07\x07\x07\x07\x07\x07\x07".

Python Output: Decrypted json Message:

b'{"EndTime":"\\/Date(1408876230508+0530)\\/","SessionID":"ddbecfdb-b87f-48d5-84dd-9dce439459ac","TestString":"WORKING FINE"}\x07\x07\x07\x07\x07\x07\x07'

Unencrypted Json Message:

{"EndTime":"\/Date(1408876230508+0530)\/","SessionID":"ddbecfdb-b87f-48d5-84dd-9dce439459ac","TestString":"WORKING FINE"}

Also, when I try to Json.loads the decrypted message I am getting the TYPE Error, hence I tried to do base64.b64decode() but this one is erroring out as binascii.Error: Incorrect padding.

My REST service Encoding code:

    Dim rawdatastream As New MemoryStream
    Dim jsonserialization As New Json.DataContractJsonSerializer(GetType(AuthorizationResultType))
    jsonserialization.WriteObject(rawdatastream, c)

    Using encryptor As Aes = Aes.Create()
        encryptor.Key = {66, 16, 1, 61, 58, 16, 16, 49, 66, 16, 46, 46, 16, 146, 49, 255,
                         240, 127, 189, 191, 3, 151, 89, 124, 56, 89, 134, 164, 165, 201, 212, 216}
        encryptor.Mode = CipherMode.CBC
        encryptor.IV = {66, 16, 1, 61, 58, 16, 16, 49, 66, 16, 46, 46, 16, 146, 49, 66}
        Dim clearBytes As Byte() = Encoding.UTF8.GetBytes(Encoding.UTF8.GetString(rawdatastream.ToArray()))
        Using ms As New MemoryStream()
            Using cs As New CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write)
                cs.Write(clearBytes, 0, clearBytes.Length)
                cs.Close()
            End Using
            result.Msg = Convert.ToBase64String(ms.ToArray())
        End Using
    End Using

Python Code:

import requests
import json
import base64
from Crypto.Cipher import AES

baseurl = 'http://localhost:9624/'

def LoginAccess(userid, password):
    print('Accessing Authorization info')
    response = requests.get(baseurl +'BasicServ.svc/auth/Authorize/'+userid+'/'+password+'/2')
    print (response.json())

    rawmsg =response.json()
    msg= rawmsg['AuthorizeResult']['Msg']

    cypherkey=[66, 16, 1, 61, 58, 16, 16, 49, 66, 16, 46, 46, 16, 146, 49, 255,240, 127, 189, 191, 3, 151, 89, 124, 56, 89, 134, 164, 165, 201, 212, 216]
    iv=[66, 16, 1, 61, 58, 16, 16, 49, 66, 16, 46, 46, 16, 146, 49, 66]
    cry=AES.new(bytes(cypherkey),AES.MODE_CBC,bytes(iv))
    print("decryption done")
    c = cry.decrypt(base64.b64decode(msg))
    print (c)
    print(base64.b64decode(c))
    print (json.loads(base64.b64decode(c)))
    print (rawmsg['AuthorizeResult']['MsgN'])

Finally, what mistake did I do in my decryption, base64decode and json conversion error ( I think all errors are due to extra padding getting generated)

EDIT: CODE AFTER PADDING:

WCF REST CODE:

    Dim rawdatastream As New MemoryStream
    Dim jsonserialization As New Json.DataContractJsonSerializer(GetType(AuthorizationResultType))
    jsonserialization.WriteObject(rawdatastream, c)
    result.Unlocksize = Encoding.UTF8.GetString(rawdatastream.ToArray()).Length


    Using encryptor As Aes = Aes.Create()
        encryptor.Mode = CipherMode.CBC
        encryptor.Key = {66, 16, 1, 61, 58, 16, 16, 49, 66, 16, 46, 46, 16, 146, 49, 255, 240, 127, 189, 191, 3, 151, 89, 124, 56, 89, 134, 164, 165, 201, 212, 216}
        encryptor.IV = {66, 16, 1, 61, 58, 16, 16, 49, 66, 16, 46, 46, 16, 146, 49, 66}

        Console.WriteLine(encryptor.IV)
        Console.WriteLine(encryptor.Key)
        Dim datalen As Integer
        Dim actualcoount As Integer = Encoding.UTF8.GetBytes(Encoding.UTF8.GetString(rawdatastream.ToArray())).Count
        datalen = 32 - (Encoding.UTF8.GetBytes(Encoding.UTF8.GetString(rawdatastream.ToArray())).Count Mod 32)
        Dim correctionbytes As String = ""
        For i = 1 To datalen
            correctionbytes = correctionbytes + "1"
        Next
        result.Unlocksize = datalen

        Dim clearBytes As Byte() = Encoding.UTF8.GetBytes(Encoding.UTF8.GetString(rawdatastream.ToArray()) + correctionbytes)
        Using ms As New MemoryStream()
            Using cs As New CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write)
                cs.Write(clearBytes, 0, clearBytes.Length)
                cs.Close()
            End Using
            result.Msg = Convert.ToBase64String(ms.ToArray())
        End Using
    End Using

have you tried to `rstrip` the `"\x07\x07\x07\x07\x07\x07\x07"` — Padraic Cunningham, Aug 24 '14 at 10:30
Where is your Python code? I know what the problem is, but if you supply the code I can propose a fix. — Maarten Bodewes, Aug 24 '14 at 10:34
@PadraicCunningham, I dont think I can use rstrip without converting it to string first. — surpavan, Aug 24 '14 at 10:42
Also, I dont know if it will always generating the same string. Will also wait for @owlstead answer, please post yours too. Json.loads is erroring out as "TypeError: can't use a string pattern on a bytes-like object" — surpavan, Aug 24 '14 at 11:04

score 4 · Accepted Answer · edited May 23 '17 at 12:27

4

It seems like PyCrypto does not provide PKCS#7 padding / unpadding (as it should). So you should implement this using data = data[:-data[-1]]. So you should perform this on variable c directly after the call to decrypt.

You could check all the (in this case 7) padding bytes, but if you want to protect against invalid ciphertext, you should really add a MAC (HMAC) instead.

More information here

edited May 23 '17 at 12:27

Community

1
1

answered Aug 24 '14 at 11:32

Maarten Bodewes

90,524
13
150
263

I changed the mode from CBC to CFB at both WCF and python, yet I receive it the same trailing values, dont know why. With CBC mode did the data bytes manipulation on 32,16 and 8 as bytes count but still the same. After few tests, came to know that the actual count of "ClearBytes" after correction at WCF is 128, but in python "len(base64.b64decode(msg)" is 144. So, somewhere some extra bytes are getting added. – surpavan Aug 24 '14 at 12:55
I can correct it from string value, but want to know why it is happening (:( with me) – surpavan Aug 24 '14 at 12:55
Did you look up PKCS#7 padding and what it is? Maybe set the padding mode explicitly to [`None`](http://msdn.microsoft.com/en-us/library/system.security.cryptography.paddingmode%28v=vs.110%29.aspx) for CFB mode? Are you sure you tested that right? – Maarten Bodewes Aug 24 '14 at 15:32
Yes, I have tested, and what makes me get confused is the b64decode(msg) len is not same as clearbytes.count. I am stuck right there, I haven't edited the python code yet since there is a byte count difference. – surpavan Aug 24 '14 at 16:37
Tried with this code too "encryptor.Padding = PaddingMode.PKCS7" – surpavan Aug 24 '14 at 17:15
I just did? In the answer? – Maarten Bodewes Aug 24 '14 at 18:29
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/59895/discussion-between-surpavan-and-owlstead). – surpavan Aug 24 '14 at 18:35

Pycrypto AES decryption resulting in extra "\x07\x07\x07\x07\x07\x07\x07'"

1 Answers1