My favorites | Sign in
Project Home Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
Encryption  
Encryption used by the procotol
Updated Nov 7, 2011

Introduction

MXit uses AES-128 encryption to encrypt the user's pin, and messages on the user's request.

For the exact algorithms used, see encryption.py.

Padding the data

For a start, the ascii values of the 7 characters <mxit/> is prepended to the data. This is useful to check that the correct key was used to decrypt the data.

For AES encryption, only blocks of exactly 16 bytes can be encrypted. Larger amounts of data are split into blocks of 16 bytes each, and encrypted blocks joined again.

Since data is not always a multiple of 16, it has to be padded. MXit uses an approach similar to the PKCS7 padding: bytes with value 0 are added to the data, until it is 1 less than a multiple of 16. If the data was a multiple of 16, 15 bytes are added. The last byte is then set to the number of padded bytes added, including itself (a number between 1 and 16, inclusive).

Example:

sample-data -> <mxit/>sample-data\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e
byte values:
115 97 109 112 108 101 45 100 97 116 97 -> 60 109 120 105 116 47 62 115 97 109 112 108 101 45 100 97 116 97 0 0 0 0 0 0 0 0 0 0 0 0 0 14

Padding the Key

The key has to be exactly 16 bytes. To achieve this, the key is 'pasted over' the first part of the bytes 54 49 55 48 51 56 51 52 53 50 51 52 51 53 54 55 are replaced with the ascii values of the key. Those bytes are the ascii values of the string 6170383452343567.

Example, in ascii:

password -> password52343567

Encryption & Decryption

Standard AES-128 encryption is used for any data, with the padding specified above.

Client ID

Each download of the MXit application contains a unique id in the following form:

AABBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBBBBBBCCCCCCCC

The first two digits (A) represent a length in hexadecimal form. The rest of the id is split into two parts.

The first part (B) has a length (including the hyphens) specified by A. This is sent with every login.

The second part (C) is used to encrypt the pin.

Pin

For login, registration and updating the user profile, the user pin must be encrypted.

The key is the ascii values of the C part of the client id.

The data is the pin.

The key and data are padded as explained above, and encrypted. The result is encoded as base64 before being sent.

Comment by praveen....@gmail.com, Jan 19, 2009

Hi

Can you please explain the "Padding of Key" in a little more detail, and what are you refering to as the "first part of the bytes"

And how did you get so much info on the mxit protocol? I'm just using wireshark and a jar emulator on my pc It's nice that you are sharing your info to everyone

Thanks

Comment by darkhear...@gmail.com, Dec 1, 2010

I have a message I need to decrypt but I lost the password? Could you help? mail me at admin (at) dhc . za. org

Comment by Daniel14...@gmail.com, Jan 5, 2014

Hey I lost a password of a message I need to decrypt ,i really really need your help...send me an email

Powered by Google Project Hosting