Can not decipher BASE64(AES256()) data from web

[netmaestro]

I had to do this for a project recently, here is a PHP code that produces a 256bit AES CBC ciphered text (purified with Base64 to be printable) and the PureBasic code that reads and deciphers the encryption. If you don't have PHP to test with, you can load the PHP page in your browser from here: http://lloydsplace.com/encrypt.php and copy/paste the ciphered string to the PB code:

PHP

Code: Select all

<!DOCTYPE html>
<html>

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Untitled 1</title>
</head>

<body>
<?php
    /* Open the cipher */
    $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');

    // Create the IV and determine the keysize length
    $iv = 'always6teenbytes';
 
    // Create key: 16 bytes for 128bit strength, 24 for 192, 32 for 256
    $key = substr(md5('secretpassword'), 0, 32);

    /* Intialize encryption */
    mcrypt_generic_init($td, $key, $iv);

    /* Encrypt data */
    $bb = mcrypt_generic($td, 'Some remarkably sensitive data...');
    $encrypted = base64_encode($bb);

    /* Terminate encryption handler */
    mcrypt_generic_deinit($td);

    /* Initialize encryption module for decryption */
    mcrypt_generic_init($td, $key, $iv);

    /* Decrypt encrypted string */
    $decrypted = mdecrypt_generic($td, base64_decode($encrypted));

    /* Terminate decryption handle and close module */
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);

    /* Show string */
    echo $key . "<br>";
    echo $encrypted . "<br>";
    echo trim($decrypted) . "\n";
?>
</body>

</html>

PureBasic

Code: Select all

pwd$ = "secretpassword"

key$ = Left(MD5Fingerprint(@pwd$, StringByteLength(pwd$)), 32) ; it's 32 bytes anyway, only reason for Left() is for smaller key sizes

iv$ = "always6teenbytes" ; iv is always 16 bytes for AES

OpenWindow(0, 0, 0, 540, 100, "DECRYPT CIPHER", #PB_Window_ScreenCentered|#PB_Window_SystemMenu)
TextGadget(0, 15, 23, 50, 20, "  Cipher:")
StringGadget(1, 60, 20, 460, 20, "")
TextGadget(2, 15, 58, 50, 20, "Plaintext:")
StringGadget(3, 60, 55, 320, 20, "")
ButtonGadget(4, 385, 55, 40, 20, "copy")
SetActiveGadget(1)

Repeat
  ev=WaitWindowEvent()
  Select ev
    Case #PB_Event_Gadget
      Select EventGadget()
        Case 1
          If EventType() = #PB_EventType_Change
            encrypted$ = GetGadgetText(1)
            *enc = @encrypted$
            
            ; decode base 64 first
            *unbase = AllocateMemory(StringByteLength(encrypted$))
            size = Base64Decoder(*enc, MemorySize(*unbase), *unbase, MemorySize(*unbase))
            
            ; now decode AES encryption
            If size < 16 : size = 16 : EndIf
            *decrypt = AllocateMemory(size)
            AESDecoder(*unbase, *decrypt, size, @key$, 256, @iv$, #PB_Cipher_CBC) 
            SetGadgetText(3, PeekS(*decrypt))
            SendMessage_(GadgetID(3), #EM_SETSEL, 0, -1)
            SetActiveGadget(3)
          ElseIf EventType() = #PB_EventType_Focus
            SendMessage_(GadgetID(1), #EM_SETSEL, 0, -1)
          EndIf
          
        Case 4
          SetClipboardText(GetGadgetText(3))
          
      EndSelect
  EndSelect
Until ev=#PB_Event_CloseWindow

[digital]

Hi netmastro your code work fine expect in Unicode :/
Someone here know how make it work fine in Unicode ?

Thanks,

[IdeasVacuum]

Another possibility roleg is to decipher with PHP, via PB. You can run a web page in a non-displayed web gadget......

[digital]

@IdeaVaccum

Yeah but it's a crap solution :/
I could even build a EXE and run with parameter though my Program in Unicode... but well very bad.


I don't even need unicode support you know but be able to run this code in Unicode in PureBasic :/
And of course since now #PB_SWITCH is removed i'm kind blocked.

Still thanks bro for the idea

[infratec]

You have to pokes() the string in a buffer with #PB_ASCII before you use Base64Decoder()

[digital]

@infratec

I got partial work, by compiling into DLL and using into my project unicode and calling the Function by PeekS and #PB_Ascii.
Even if i would prefer to no use DLL well he work so.

Thanks btw$

[netmaestro]

Should be no need for a dll. I've updated my sample code to be functional with both Ascii and Unicode compilations. (and also to be compatible with latest PB). lloydsplace.com/cipher.php is reupped and available, but I did put its output in comments at the top of the code. Here's the code:

Code: Select all

; Cipher to decode: dOtZvmidM4MV2VChAZf2LGrEYOIW9liX5tbvI2Ys9yehA3401iP7xiWjB276IyMq
; Desired output: "Some remarkably sensitive data..."

*pwd = AllocateMemory(StringByteLength("secretpassword",#PB_Ascii)+1)
PokeS(*pwd, "secretpassword", -1, #PB_Ascii)

UseMD5Fingerprint()
*key = AllocateMemory(32+1)
PokeS(*key, Left(StringFingerprint(PeekS(*pwd, 32, #PB_Ascii), #PB_Cipher_MD5), 32), 32, #PB_Ascii) ; it's 32 bytes anyway, only reason for Left() is for smaller key sizes

*iv = AllocateMemory(16+1)
PokeS(*iv, "always6teenbytes", 16, #PB_Ascii)

OpenWindow(0, 0, 0, 540, 100, "DECRYPT CIPHER", #PB_Window_ScreenCentered|#PB_Window_SystemMenu)
TextGadget(0, 15, 23, 50, 20, "  Cipher:")
StringGadget(1, 60, 20, 460, 20, "Paste cipher from lloydsplace.com/encrypt.php only ;)")
TextGadget(2, 15, 58, 50, 20, "Plaintext:")
StringGadget(3, 60, 55, 320, 20, "")
ButtonGadget(4, 385, 55, 40, 20, "copy")
SetActiveGadget(1)

Repeat
  ev=WaitWindowEvent()
  Select ev
    Case #PB_Event_Gadget
      Select EventGadget()
        Case 1
          If EventType() = #PB_EventType_Change
            *enc = AllocateMemory(StringByteLength(GetGadgetText(1), #PB_Ascii)+1)
            PokeS(*enc, GetGadgetText(1), -1, #PB_Ascii)
 
            ; decode base 64 first
            *unbase = AllocateMemory(MemorySize(*enc))
            size = Base64Decoder(*enc, MemorySize(*enc)-1, *unbase, MemorySize(*unbase))

            ; now decode AES encryption
            If size < 16 : size = 16 : EndIf
            *decrypt = AllocateMemory(size)
            AESDecoder(*unbase, *decrypt, size, *key, 256, *iv, #PB_Cipher_CBC) 
            SetGadgetText(3, PeekS(*decrypt, -1, #PB_Ascii))
            SendMessage_(GadgetID(3), #EM_SETSEL, 0, -1)
            SetActiveGadget(3)
          ElseIf EventType() = #PB_EventType_Focus
            SendMessage_(GadgetID(1), #EM_SETSEL, 0, -1)
          EndIf
          
        Case 4
          SetClipboardText(GetGadgetText(3))
          
      EndSelect
  EndSelect
Until ev=#PB_Event_CloseWindow

The method for handling Ascii in a unicode executable is pretty straightforward. You just don't store anything Ascii in a string variable. Use AllocateMemory with StringByteLength for storage and PokeS/PeekS everything to and from with the #PB_Ascii flag.

[digital]

@netmaestro

Well big thanks.
Make two mistake when i try to convert into unicode.

About *key & *iv

So that's why i was using PokeS and calling my DLL in my unicode project.



Anyway big thanks you bro, you make my day