Skip to content

Instantly share code, notes, and snippets.

@tristanseifert
Created Feb 5, 2022
Embed
What would you like to do?
A simple Python script that shows how the Pax messages are encrypted and decrypted, and how to derive the encryption key.
#!/usr/bin/env python3
from Crypto.Cipher import AES
import binascii
import os
# performs a decryption of a 32 byte packet
# this grabs the IV from the last 16 bytes of the packet and decrypts
def decryptPacket(key, packet):
ivBytes = packet[-16:]
packetCipher = AES.new(key, AES.MODE_OFB, IV=ivBytes)
return packetCipher.decrypt(packet[:16])
# this is the FIXED key that's in the Pax app binary :)
keykey = binascii.unhexlify('F7C866C38F78753086293BD57DD32540')
keyCipher = AES.new(keykey, AES.MODE_ECB)
# put the 8 character serial number of the device here. unsure what happens if the serial
# is shorter
serial = 'WEEDFUCK'
print('- Serial number: {}'.format(serial))
keyStr = serial + serial
keyStrBytes = str.encode(keyStr)
print('- Key input bytes: {}'.format(binascii.hexlify(keyStrBytes)))
key = keyCipher.encrypt(keyStrBytes)
print('- Key: {}'.format(binascii.hexlify(key)))
# decode a few packets… can you figure out what they mean? :)
packet = decryptPacket(key, binascii.unhexlify('346048A655C9C92B6CD4E66699019981F5FD2F15B23CFA137372A9B1D1D7B965'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))
packet = decryptPacket(key, binascii.unhexlify('C40922B9B4F7469BCFE3E2AB9BD36A07B01B1D57DE917F06FA1369F796CD2EF4'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))
packet=decryptPacket(key,binascii.unhexlify('D1B8F4FCAAC7D79910D901C73065B3FD66613466613437366162373034373538'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))
packet=decryptPacket(key,binascii.unhexlify('61c0ce7a73e0c36abedbb6f3b0976a2e3d5b800b9015d5879fc3e2b81d8c7046'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment