Skip to content

Instantly share code, notes, and snippets.

Created Feb 5, 2022
What would you like to do?
A simple Python script that shows how the Pax messages are encrypted and decrypted, and how to derive the encryption key.
#!/usr/bin/env python3
from Crypto.Cipher import AES
import binascii
import os
# performs a decryption of a 32 byte packet
# this grabs the IV from the last 16 bytes of the packet and decrypts
def decryptPacket(key, packet):
ivBytes = packet[-16:]
packetCipher =, AES.MODE_OFB, IV=ivBytes)
return packetCipher.decrypt(packet[:16])
# this is the FIXED key that's in the Pax app binary :)
keykey = binascii.unhexlify('F7C866C38F78753086293BD57DD32540')
keyCipher =, AES.MODE_ECB)
# put the 8 character serial number of the device here. unsure what happens if the serial
# is shorter
serial = 'WEEDFUCK'
print('- Serial number: {}'.format(serial))
keyStr = serial + serial
keyStrBytes = str.encode(keyStr)
print('- Key input bytes: {}'.format(binascii.hexlify(keyStrBytes)))
key = keyCipher.encrypt(keyStrBytes)
print('- Key: {}'.format(binascii.hexlify(key)))
# decode a few packets… can you figure out what they mean? :)
packet = decryptPacket(key, binascii.unhexlify('346048A655C9C92B6CD4E66699019981F5FD2F15B23CFA137372A9B1D1D7B965'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))
packet = decryptPacket(key, binascii.unhexlify('C40922B9B4F7469BCFE3E2AB9BD36A07B01B1D57DE917F06FA1369F796CD2EF4'))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))
print('Decrypted packet: {}'.format(binascii.hexlify(packet)))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment