tristanseifert/pax-key.py Secret

## pax-key.py
#!/usr/bin/env python3
from Crypto.Cipher import AES
import binascii
import os

# performs a decryption of a 32 byte packet
# this grabs the IV from the last 16 bytes of the packet and decrypts
def decryptPacket(key, packet):
    ivBytes = packet[-16:]
    packetCipher = AES.new(key, AES.MODE_OFB, IV=ivBytes)
    return packetCipher.decrypt(packet[:16])


# this is the FIXED key that's in the Pax app binary :)
keykey = binascii.unhexlify('F7C866C38F78753086293BD57DD32540')
keyCipher = AES.new(keykey, AES.MODE_ECB)

# put the 8 character serial number of the device here. unsure what happens if the serial
# is shorter
serial = 'WEEDFUCK'
print('- Serial number: {}'.format(serial))

keyStr = serial + serial
keyStrBytes = str.encode(keyStr)
print('- Key input bytes: {}'.format(binascii.hexlify(keyStrBytes)))

key = keyCipher.encrypt(keyStrBytes)
print('- Key: {}'.format(binascii.hexlify(key)))

# decode a few packets… can you figure out what they mean? :)
packet = decryptPacket(key, binascii.unhexlify('346048A655C9C92B6CD4E66699019981F5FD2F15B23CFA137372A9B1D1D7B965'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))

packet = decryptPacket(key, binascii.unhexlify('C40922B9B4F7469BCFE3E2AB9BD36A07B01B1D57DE917F06FA1369F796CD2EF4'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))

packet=decryptPacket(key,binascii.unhexlify('D1B8F4FCAAC7D79910D901C73065B3FD66613466613437366162373034373538'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))

packet=decryptPacket(key,binascii.unhexlify('61c0ce7a73e0c36abedbb6f3b0976a2e3d5b800b9015d5879fc3e2b81d8c7046'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))
	#!/usr/bin/env python3
	from Crypto.Cipher import AES
	import binascii
	import os

	# performs a decryption of a 32 byte packet
	# this grabs the IV from the last 16 bytes of the packet and decrypts
	def decryptPacket(key, packet):
	ivBytes = packet[-16:]
	packetCipher = AES.new(key, AES.MODE_OFB, IV=ivBytes)
	return packetCipher.decrypt(packet[:16])


	# this is the FIXED key that's in the Pax app binary :)
	keykey = binascii.unhexlify('F7C866C38F78753086293BD57DD32540')
	keyCipher = AES.new(keykey, AES.MODE_ECB)

	# put the 8 character serial number of the device here. unsure what happens if the serial
	# is shorter
	serial = 'WEEDFUCK'
	print('- Serial number: {}'.format(serial))

	keyStr = serial + serial
	keyStrBytes = str.encode(keyStr)
	print('- Key input bytes: {}'.format(binascii.hexlify(keyStrBytes)))

	key = keyCipher.encrypt(keyStrBytes)
	print('- Key: {}'.format(binascii.hexlify(key)))

	# decode a few packets… can you figure out what they mean? :)
	packet = decryptPacket(key, binascii.unhexlify('346048A655C9C92B6CD4E66699019981F5FD2F15B23CFA137372A9B1D1D7B965'))
	print('Decrypted packet: {}'.format(binascii.hexlify(packet)))

	packet = decryptPacket(key, binascii.unhexlify('C40922B9B4F7469BCFE3E2AB9BD36A07B01B1D57DE917F06FA1369F796CD2EF4'))
	print('Decrypted packet: {}'.format(binascii.hexlify(packet)))

	packet=decryptPacket(key,binascii.unhexlify('D1B8F4FCAAC7D79910D901C73065B3FD66613466613437366162373034373538'))
	print('Decrypted packet: {}'.format(binascii.hexlify(packet)))

	packet=decryptPacket(key,binascii.unhexlify('61c0ce7a73e0c36abedbb6f3b0976a2e3d5b800b9015d5879fc3e2b81d8c7046'))
	print('Decrypted packet: {}'.format(binascii.hexlify(packet)))