Bad encrypted message recieved

[shenki]

Successfully exchanged a few push messages with a TextSecure 2 user. However, then messages stopped being correctly received by my client. They say "Bad encrypted message...". The same is happening on their end; my messages are being received but showing the same error message.

I'm on Nexus 5 running Android 4.4.2, with TextSecure 2.0.1 and now TextSecure 2.0.2. The bad encrypted message was seen with both version of TS.

A pastebin that includes at most one bad transfer is at http://hastebin.com/mobiqikegi

[shenki]

The other user used the padlock to end the session, and once the re-keying took place messages are flowing successfully again. Will close this one for now.

[moxie0]

Hey @shenki could you tell me exactly how many messages you successfully exchanged before this started? In each direction? Thanks!

[SevenFactors]

I too am experiencing this issue with the difference that neither party has ended the encryption transport.

The "Bad encrypted message..." manifested 3msg-sent 1msg-received after updating to version 2.0.2

Both of us have been using TS previous version 2.0. We processed weeks before the major update.

Both of us activate the PUSH service.

[moxie0]

I've been able to reproduce this. It happens if two contacts simultaneously send each-other their first-ever encrypted message with each-other. That message will come through fine, but the next won't.

[shenki]

Hey @moxie0, sounds like you're on top of it, but in case you still wanted know how many messages we sent it looked something like this:

A -> B A <- B (B may have just installed a new version before sending this) A -> B A <- B A <- B A <- B this was the first busted one, and from then on it failed until B ended the session and we rekeyed

Here's a poor quality photograph of the message exchange: http://imgur.com/ShWCSxL

[moxie0]

@SevenFactors Does it seem plausible to you that the messages you exchanged after upgrading to 2.0 were sent near simultaneously?

[ghoff]

Same error and possibly for the same reason when sending a message to yourself. First one works, successive messages fail.

[mischla]

Hi, same for me (in german "Fehlerhaft verschlüsselte Nachricht"). I can confirm the scenario moxie0 described above. We were both "first timers" and now can't see each others messages.

[virtualritz]

@moxie0 Is there are workaround in the meantime? It seems for the contact in question, neither of us can get any messages through that don't turn up bad on the other end.

Otherwise: what is the estimated arrival for a fix?

[SevenFactors]

@moxie0 yes they were. All 3 messages were sent one right after the other. Mere seconds in time of arrival.

I like to add that the same bad encrypted message is still manifesting on v2.0.3. The difference now is that it looks/seems like the bad encrypted message was automatically re-sent by the push service OR the app was later able to decrypt the message and present it to me on a new text-box, as a new SMS arrival.

It went like this at 9:07 I got an emoji and then the bad encrypted message. At 9:08 I got a readable but sent securely message. I discussed the behavior with my friend and for what I was told, from her end only 2 messages were sent.

If this is the expected behavior than great.Though, It would by nice if the recovered message is presented on the same text-box to eliminate/signal that the bad encrypted message was recovered. With that said, bad encrypted messages shouldn't be recoverable, right?

PS: grrr too bad I can't edit posts via the github app.

[virtualritz]

I send my 1st message to the contact at 17:11:50, the contact send hers to me at 9:58:43, aka many hours before. But I did never receive this message. The next message was sent by the contact at 17:13:16. That is the 1st message I received and it was fine. So was the next one. All messages afterwards where bad.

[moxie0]

@SevenFactors Not sure I understand. Are you suggesting that you uninstalled the app, reinstalled the app, and then got a message that was left in flight from a session belonging to your first install?

[SevenFactors]

@moxie0 There has been no re-installations of TextSecure. Those I use TextSecure with have installed and exchanged keys with me before the release/installation of TextSecure v2.0.

--From my previews post. The part which I think confused you.-- "I like to add that the same bad encrypted message is still manifesting on v2.0.3. The difference now is that it looks/seems like the bad encrypted message was automatically re-sent by the push service OR the app was later able to decrypt the message and present it to me in a new text-box, as a new SMS arrival."

Example: Ongoing SMS conversation. Me: then she said: Right in two! LOL Jean: Bad encrypted message... Jean: Bad encrypted message... Jean: LMAO I wish I had been there. Me: huh?

Wen I asked my friend to see if she had sent me 3 different messages, I was told she only sent one. I was sent one message yet I got 2 "Bad encrypted messages..." before finally getting a message in a readable form. Isn't that odd? It sure is to me.

I didn't know what to call each new message. They now seem to be inside a speech bubble. I honestly don't know why I decided to refer to them as "text-box." Sorry for the confusion.

To make things simpler: http://hastebin.com/nosimodida

I hope it helps.

[lablans]

I don't know if this is related, but I am currently facing a similar issue:

Me (Sent: 13:00): blue bubble with readable text She (Sent: 15:21 / Rcvd: 16:02:12): Bad encrypted message ("Fehlerhaft verschlüsselte Nachricht...") She (Sent: 15:23 / Rcvd: 16:02:13): Bad encrypted message ("Fehlerhaft verschlüsselte Nachricht...") Me (Sent 16:05): blue bubble with readable text

(I'll add more info here once I have access to her phone)

This is NOT a new session. The session started yesterday afternoon, successfully served some messages and has not been interrupted.

I had the idea that maybe the messages arrived in the wrong order, and this lead to some forward secrecy conflict - but they didn't, the timestamps are in order.

Log from MY phone, taken via settings menu at 17:05: http://hastebin.com/posoferiqa.vhdl (phone numbers obfuscated; do you have to put them in the debug log?)

[lablans]

Got more info.

There is a message from yesterday 22:39 which is stuck as "Sending..." ("Wird gesendet...") Hours later (the message still stuck), I sent a picture, which the rcpt. has received just fine. Then I received two messages: one of it was sent a minute ago, the other one (displayed below!) was dated ("Sent") 17 hours ago. Both were decrypted correctly.

After that, the "bad encrypted messages" began.

Also noteworthy: I kept receiving a notification as described in bug #814. This has now vanished.

I'm sorry I can't give more precise info. But I'm quite sure there is a bug, and it is probably related to stuck messages and/or receipt in wrong order. Maybe someone can reproduce.

[rfugger]

I am also experiencing this issue on 2.0.3. I sent one "bad encrypted message" on a newly-encrypted session, and received two on an older session begun on an older version. Both were push transport.

[monreal]

I get "bad encrypted message..." with the contacts I text a lot with at least once a day. In most cases we later found out that nothing was lost, the "bad encrypted message..." just seems to show up randomly.

[SevenFactors]

Just as @monreal has mentioned, it is now happening to me. It started as a casual "Bad encrypted message..." Now each successfully decrypted received message is accompanied by one or two "Bad encrypted message..." which "arrive" either before or after it but

I placed "arrive" between quotes because there has been a few times in which the following scenario has taken place.

-I receive a SMS. TS has the phone notify me once [1x] -Once I pull up TS, my phones starts signaling the arrival of several new messages. All of these messages have the same time stamp [I've the in-thread notification enabled]

Then I'm presented with the arrival of the successfully decrypted message accompanied by the bad encrypted messages.

Example 1:

Friend: Buen dia Friend: Bad encrypted message... Me: Buen morning =)

Example 2: Friend: Bad encrypted message... Friend: Bad encrypted message... Friend: Bad encrypted message... Friend: Dark Souls II

Ending & Reestablishing the encrypted transport does not fix the issue.

[moxie0]

Sounds like duplicate messages. Debug logs would be helpful.

[SevenFactors]

Here is another log http://hastebin.com/dakopadono --Early on this thread is a link to one of my previous TS debug logs.

Last exchange of messages went as follows. All my messages were delivered over Push: Me [13:02]: Did you get a dog pic from me? Friend [13:08]: No Me [13:25]: Not even yesterday? mmhmmm Me [13:26]: Sent picture. Friend [14:09]: lol nice eyebrows Friend [14:09]: Bad encrypted message... Friend [14:09]: Bad encrypted message...

As previously mentioned. I was notified once for the arrival of the message. As soon as I opened said conversation the phone went off twice, as if two new messages had arrived.

[fd0]

I had a similar issue #972, closing the session (via the padlock icon) and reestablishing it by sending a message fixed it.

[SevenFactors]

We have reestablished the the encrypted transport several times without any permanent solution. Reestablishing the encrypted transport results in a temporary fix to the issue at hand.

[jocelynthode]

I've got the same problem without identifying from what it's coming though it happened in the conversation at a random moment. Android 4.3.1 CyanogenMod 10.2 on Samsung galaxy i9300

[lablans]

Hi all,

please pay attention to the timestamps: on several occasions, the first "bad encrypted" message carries the same sent timestamp as the one before. The sender states they haven't sent it. It seems to be an "echo message", maybe double delivery caused by gcm?

Just a theory...

On 3. März 2014 22:26:39 MEZ, jocelynthode notifications@github.com wrote:

I've got the same problem without identifying from what it's coming though it happened in the conversation at a random moment. Android 4.3.1 CyanogenMod 10.2 on Samsung galaxy i9300

---

Reply to this email directly or view it on GitHub: https://github.com/WhisperSystems/TextSecure/issues/763#issuecomment-36561728

[jocelynthode]

Yeah @vascorppor , you're right I just checked both of the messages have exactly the same timestamp.

[lablans]

Moxie seems to be on this trail as well in #951.

[monreal]

I checked as well and I got this:

good message: sent 02:36:56 rec 02:36:53 bad message: send 02:36:56 rec 02:39:30

So, same sent times, but different received times...

[moxie0]

Thanks @SevenFactors. It's definitely a duplicate message problem, as indicated by the line org.whispersystems.textsecure.crypto.InvalidMessageException: Received message with old counter!

What's weird though is that I only see one message come in through GCM in this log. There might be some changes in the pending release that could help with this.

[SevenFactors]

@moxie0 It is the least I can do to help TextSecure become better & better & better. =)

[tjharman]

I saw a bunch of these today with a contact. I've been trying to get people to adopt TextSecure but after the user saw 3-4 messages all with "Bad Encrypted Message..." you can beat they uninstalled pretty quickly.

http://hastebin.com/tumigenere

[tinloaf]

If I read that correctly, @tjharman 's issue is not a "duplicate message" problem.. there's a prekey bundle not coming through because it isn't correctly signed? Could we be looking at two distinct problems here?

[tjharman]

I've just been speaking to the guy I tried to get it to work for.

He installed it, sent me a bunch of PUSH messages that all worked fine. I didn't reply quickly enough, he got annoyed and then uninstalled.

When I spoke to him later, he re-installed. I got a message that I had the wrong key for him, so I selected the option that said "Yup I'm happy this isn't MITM attack, OK"

Then we got the errors. I had to end the secure session, re-establish it then it worked.

I hope this helps, sorry, I should have added this detail to my original report.

[moxie0]

@tjharman is it possible that when he reinstalled, you and him both sent each other a message at virtually the exact same time? That they passed each-other in flight?

[tjharman]

That is a possibility, yeah. But we kept getting the error, message after message. But certainly that could have happened.

[tinloaf]

@moxie0 So, two friends and me, we've had the problem that (I think) our sessions got out of sync. That happened because I imported a backup (with old message-counters or session keys?), but that can also happen if GCM drops a message or whatever.

Wouldn't it be wise if we ended the session automatically if we receive a bad encrypted message? This way, we would have "auto-recovery"..?

[moxie0]

@tinloaf I'm just going to fix the protocol bug and fix the way encrypted backups work.

[tinloaf]

@moxie0 I just read through the protocol handling code, it looks like we currently accept up to 500 messages into "the future" (i.e. unexpectedly increased counters). So, my concern from above (dropped messages mess up the counter) should not be a problem...

[jocelynthode]

Thanks for your hard work @moxie0 :) By the way is there an easy way to start helping other than translating ? I have to say that I prefer programming, but I'm still a beginner and the code looks huge.

[midi]

i had the "Bad encrypted message..." message with two different contacts. one contact also received bad messages.

had those errors for successive messages that weren't sent at the same time and verified, that they each had different content. this last happened with 2.0.4 (verified on my side) - can't say for sure for the other party's side - on tuesday.

i uploaded the log, sadly hastebin 404's the link, sorry. i'd be happy to give more logs, if i get these bad messages again. also would be willing to do some debugging with my contacts, just tell me what you need.

[maboxx]

I had also the "Bad encrypted message ..." with one of my contact :-( My phone is a Nexus 5, the contact phone is a S3 mini.

[tjharman]

(Copied from another ticket - sorry for the dupe)

Hi,

Just encountered this again. My contact got a bad message from me (we're using PUSH)

His Debug Log: http://hastebin.com/lisesenere

My Debug Log (Note: I saw no errors): http://hastebin.com/vuyinodahu

It was only one bad message - otherwise the conversation has been fine. We are getting it on a semi-regular basis though.

[Natanji]

Just want to chime in here. What's interesting is that I never got a "bad encrypted message", but my contacts do. One of the differences between us is that they are often on mobile data while I am on a WLAN at home most of the time, so I have a very stable connection while they don't. Perhaps this is something that could help find this bug?

More info: -Communication was running over PUSH -This was the only message I sent in like half an hour, so I don't think it is a duplicate message bug. -It was also the last message that I sent, so it's not about messages being delays (which is unlikely over PUSH anyway) -The message was sent 3 minutes after receiving the previous message of my contact, so quite a while passed in between. -The first reply from my contact immediately after my badly received message immediately referenced the fact that it was incorrectly received. So no delays there either.

Sadly I cannot get any adb logcat output from the people that I'm talking with, and to my own TextSecure nothing seems wrong; I don't have a way of telling that the messages were not correctly received. (Actually: should we not inform the sender about this by sending a "message could not be decrypted" receipt?)

[tjharman]

When this happens, ask the reciever of the bad message to take a debug log.

Settings -> "Submit debug log"

Then get them to copy/paste the resulting hastebin URL.

They do seem to be duplicate message issues though - look at my debug log pasted above. You see "Received message with old counter!"

Pure speculation: Maybe duplicate Google push messages are quite common and most apps just deal with them?

[hynz]

In my case it helped to hit the "end secure session" button. From that on the connection worked perfect.

[hughobrien]

I've encountered this twice with a contact of mine, got them to install 2.something, I believe they've been tracking auto-updates and I'm sure I have. I haven't received a 'bad encrypted message' but they've told me they have. In both cases I end the session and it seems to recover, we're using PUSH. It happened today with me on 2.0.5, not sure about their version (> 2 though).

I'll try and get a debug log, but is it possible it's related to / triggered by version upgrades? Thanks for the work Moxie!

[lablans]

We seem to deal with several different causes for the same symptom here. I believe some structure would help and would like to propose the following categorization:

1. The first-ever message. To my knowledge, this should be fixed, so I'll not go into detail here.
2. The broken message. These messages show up in a broken conversation - i.e. you have to hit the "End secure session" button to restore communication. These are actual messages with different SENT timestamps.
3. The echo message: 1 or more (usually 1-2) "bad encrypted messages" bearing the same SENT timestamp as a message received directly before. These are not actual messages - the sending user didn't compose them - they are just "echos" of the first one. Subsequent messages are sent fine. Also discussed in #951. A quick-and-dirty workaround would be to deduplicate incoming messages based on their SENT timestamp, which seems to be millisecond-precise according to @moxie0.
4. The single message: 1 singular message that cannot be decrypted by the recipient. An actual message with its own SENT timestamp. Subsequent messages are sent fine. (ADDED; thanks @Natanji)

Do you concur with these namings and descriptions? Did I miss a number 5 or 6?

[Natanji]

Where would the case that I have witnessed fit? My contacts occasionally get "bad encrypted message" from me, but I do not have to end the conversation to proceed so it is not case 2. But it is also NOT an echo of a well-received message because the correct message never shows up at the recipient, and I have to manually resend it. So it is also not case 3.

The reliability of TextSecure is really not top-notch here at the moment. I have this problem with at least 3-5 of my contacts, spontaneously and occasionally. I never received bad messages myself but again, that might be caused by my stable connection at home here. Not sure.

On Sonntag, 16. März 2014 13:18:59, vascorppor wrote:

We seem to deal with several different causes for the same symptom here. I believe some structure would help and would like to propose the following categorization:

1. The /first-ever message/. To my knowledge, this should be fixed, so I'll not go into detail here.
2. The /broken message/. These messages show up in a broken conversation - i.e. you have to hit the "End secure session" button to restore communication. These are actual messages with different SENT timestamps.
3. The /echo message/: 1 or more (usually 1-2) "bad encrypted messages" bearing the same SENT timestamp as a message received directly before. These are not actual messages - the sending user didn't compose them - they are just "echos" of the first one. Subsequent messages are sent fine. Also discussed in #951 https://github.com/WhisperSystems/TextSecure/issues/951. A quick-and-dirty workaround would be to deduplicate incoming messages based on their SENT timestamp, which seems to be millisecond-precise according to @moxie0 https://github.com/moxie0.

Do you concur with these namings and descriptions? Did I miss a number 4 or 5?

— Reply to this email directly or view it on GitHub https://github.com/WhisperSystems/TextSecure/issues/763#issuecomment-37755611.

[lablans]

@Natanji thanks - I've added this as an extra case.

[lablans]

Steps to reproduce cases 3 and 4 are described in #1182. Can someone double-check? Thanks!

[MPSMPS]

@vascorppor Is it possible that case 3 and 4 occurs at the same time?

I never had problems with encrypted messages but my chat partner has. I investigated his log and found that sometimes case 3 occurs: Message A: content Message A: (bad encrypted, same sent timestamp as Message A) Message A: (bad encrypted, same sent timestamp as Message A)

But sometimes it happens that case 3 and case 4 occur at the same time. Message B: (bad encrypted, same sent timestamp as Message B) Message B: (bad encrypted, same sent timestamp as Message B) Message B: (bad encrypted, same sent timestamp as Message B)