Decrypting AES-128-ECB, first character decrypts to 4 bytes

Question

I have an iOS app that is encrypting a string using [NSData AES128EncryptWithKey:] and sending it via HTTP. We did not write the app, and why it's not just using HTTPS and instead using HTTP with AES-128 bit encryption - I have no idea. I know it's not ideal but I'm working with what the client has given me and as of right NOW I have no ability/authority to fix that.

I am charged with writing a server app to take this data that is being sent as a raw binary HTTP POST and decrypting the POST body and then working on that sent data. I'm using PHP as it's the language I can write the server side in fastest (I am modifying a similar server app that already does the work we need it to do. The last use the data was not encrypted and was sent over HTTPS)

When I decrypt the string using either mcrypt_decrypt (MCRYPT_RIJNDAEL_128) or openssl_decrypt (AES-128-ECB), using the developer supplied 16 byte key, the first character of the string is expanded to 4 bytes, all wrong, and the rest of the string decrypts just fine. The string begins with username=WHATEVER and then has about 700 bytes of other data behind it (total length is a multiple of 16, it's padded server-side correctly as best I can tell). The entire string is correct, but when decrypted, what I get is:

o@{asername=WHATEVER...

Every search I've made tells me about a bad 16 bytes when using AES-CBC with the wrong IV, but it decrypts correctly with ECB - just the first byte is wrong, and expanded to 4 bytes.

What am I missing?

Decrypting AES-128-ECB, first character decrypts to 4 bytes

Answers (1)

Related Questions