Can not decipher BASE64(AES256()) data from web

[roleg]

In general there are two pieces of code:

PHP (http://r0.by/crypt.php):

Code: Select all

<?php


    $Pass = "password";
    $Clear = "text_text_text_text_text_text_text_text_text_text_text_text";


    $crypted = fnEncrypt($Clear, $Pass);
    echo $crypted;


    function fnEncrypt($sValue, $sSecretKey)
    {
        return trim(
            base64_encode(
                mcrypt_encrypt(
                    MCRYPT_RIJNDAEL_256,
                    $sSecretKey, $sValue, 
                    MCRYPT_MODE_ECB
                    )
                )
            );
    }


    ?>

and PB code:

Code: Select all

Procedure.s do_request(host.s, page.s="", post_data.s="",  cookie.s="", is_secure.b=#False, user_agent.s="", referer.s="", proxy.s="", timeout.l=1000, redirect.b=#True)
  result.s=""
  If Not proxy="" : access_type.i=3 : Else : access_type.i=1 : EndIf
  open_handle = InternetOpen_(user_agent,access_type,proxy,"",0)
  InternetSetOption_(open_handle, 2,timeout,4)
  If is_secure
    port.i=443
    flag.l=$00800000|$00001000|$00002000|$00080000|$00000100|$04000000
  Else
    port.i=80
    flag.l=$00080000|$00000100|$04000000
  EndIf
  If Not redirect : flag|$00200000 : EndIf
  If Not post_data="" : verb.s="POST" : Else : verb.s="GET" : EndIf
  If page="" : page="/" : EndIf
  If user_agent="" : user_agent="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" : EndIf
  connect_handle = InternetConnect_(open_handle,host,port,"","",3,0,0)
  request_handle = HttpOpenRequest_(connect_handle,verb,page,"",referer,0,flag,0)
  If verb="POST"
    headers.s = "Content-Type: application/x-www-form-urlencoded" +Chr(13)+Chr(10)
    HttpAddRequestHeaders_(request_handle,headers,Len(headers), $80000000|$20000000)
  EndIf
  If Not cookie=""
    headers.s = "Cookie: "+cookie+Chr(13)+Chr(10)
    HttpAddRequestHeaders_(request_handle,headers,Len(headers), $80000000|$20000000)
  EndIf
  send_handle = HttpSendRequest_(request_handle,"",0,post_data,Len(post_data))
  buffer.s = Space(1024)
  Repeat
    InternetReadFile_(request_handle,@buffer,1024,@bytes_read.l)
    result.s + Left(buffer,bytes_read)
    buffer = Space(1024)
  Until bytes_read=0
  InternetCloseHandle_(open_handle)
  InternetCloseHandle_(connect_handle)
  InternetCloseHandle_(request_handle)
  InternetCloseHandle_(send_handle)
  ProcedureReturn result
EndProcedure

aes.s=do_request("r0.by","/crypt.php")
Debug aes
InputString.s = aes
InputSize.l = Len(InputString)
*OutputBuffer = AllocateMemory(InputSize.l)
len = Base64Decoder(@InputString.s, InputSize.l, *OutputBuffer, InputSize.l)
Debug len
*out=AllocateMemory(len)
password.s="password"
AESDecoder(*OutputBuffer, *out, len, @password, 256, 0, #PB_Cipher_ECB)
ShowMemoryViewer(*out,len)

Why I can not get decrypted text?

[nospam]

Why I can not get decrypted text?

What exactly does "I can not get decrypted text" mean?

[roleg]

Why I can not get decrypted text?

What exactly does "I can not get decrypted text" mean?

from bucPvFRk+NToJwhqvWjk6K+TTBKhTymywXwYn9PG02u/21wLx2hrAwenWHwI1vwpcgEQEgD+ZN5aBK0oMOYMuQ==
to text_text_text_text_text_text_text_text_text_text_text_text

"bucPvFRk+NToJwhqvWjk6K+TTBKhTymywXwYn9PG02u/21wLx2hrAwenWHwI1vwpcgEQEgD+ZN5aBK0oMOYMuQ==" = BASE64(AES256("text_text_text_text_text_text_text_text_text_text_text_text","password"))

[Num3]

Have you tried enconding using PureBasic ?

Purebasic AES produces a different result each time it runs and if PHP is producing always the same result, then that is an evidence they are using different internal algorithms, and they are not compatible.

Code: Select all

input.s = "text_text_text_text_text_text_text_text_text_text_text_text"
pass.s = "password"
output_aes.s = Space(4096)

If AESEncoder(@input,@output_aes,Len(Input),@pass,256,0, #PB_Cipher_ECB)
  output_b64.s = Space(Len(output_aes)*3)
  Debug output_aes
  Base64Encoder(@output_aes,Len(output_aes),@output_b64,Len(output_aes)*3)
  Debug output_b64
EndIf

[infratec]

Hi together,

Num3 is wrong.
PB generates always the same ....

If the function is used correct.
If you use 256 bit, the key have to be 32 bytes long.

So you need something like:

Code: Select all

pass = LSet(pass, 32)

According to http://php.net/manual/de/function.mcrypt-encrypt.php

You need

Code: Select all

pass = LSet(pass, 32, Chr(0))

But still than it is not working

Bernd

[roleg]

Hi together,

Num3 is wrong.
PB generates always the same ....

If the function is used correct.
If you use 256 bit, the key have to be 32 bytes long.

So you need something like:

Code: Select all

pass = LSet(pass, 32)

According to http://php.net/manual/de/function.mcrypt-encrypt.php

You need

Code: Select all

pass = LSet(pass, 32, Chr(0))

But still than it is not working

Bernd

Hi Bernd.

Code: Select all

password.s=LSet("password",32,Chr(0))

Not work
I got the same thing using CBC with same initialization vector from both sides filled with zeros. =(

[Fred]

You can't use LSet() with '0' char, as in PB a string ends at the very first zero. You have to use AllocateMemory(32) for your IV (it will be automatically zero'ed, so you just have to pass the pointer and it should be ok.

[roleg]

You can't use LSet() with '0' char, as in PB a string ends at the very first zero. You have to use AllocateMemory(32) for your IV (it will be automatically zero'ed, so you just have to pass the pointer and it should be ok.

Hi

Already tried.

[infratec]

You can't use LSet() with '0' char, as in PB a string ends at the very first zero. You have to use AllocateMemory(32) for your IV (it will be automatically zero'ed, so you just have to pass the pointer and it should be ok.

But it works.
I tested this.
debug or peeks() will fail, that's clear, but the length of the variable is extended to the size which is used in LSet(),
and the filled values are 0.
And AESDecoder uses not a string, it uses a buffer.

But I'm guilty
This code is better:

Code: Select all

If Len(password) < 32
  *Key = AllocateMemory(32)
Else
  *Key = AllocateMemory(Len(password))
EndIf
PokeS(*Key, password)

But as roleg told us, it is not working.

The fault is not inside Base64Decoder()
I compared the result to some online decoders.

Bernd

[infratec]

@roleg,

one other question:

Have you tried to rebuild the text via php ?

Maybe this fails too, than is the fault somewhere else.

Bernd

[roleg]

@roleg,

one other question:

Have you tried to rebuild the text via php ?

Maybe this fails too, than is the fault somewhere else.

Bernd

it's work good

Code: Select all

<?php

    $Pass = "password";
    $Clear = "text_text_text_text_text_text_text_text_text_text_text_text";


    $crypted = fnEncrypt($Clear, $Pass);
    echo $crypted;

    $newClear = fnDecrypt($crypted, $Pass);
    echo $newClear;



    function fnEncrypt($sValue, $sSecretKey)
    {
        return trim(
            base64_encode(
                mcrypt_encrypt(
                    MCRYPT_RIJNDAEL_256,
                    $sSecretKey, $sValue, 
                    MCRYPT_MODE_ECB
                    )
                )
            );
    }

    function fnDecrypt($sValue, $sSecretKey)
    {
        return trim(
            mcrypt_decrypt(
                MCRYPT_RIJNDAEL_256, 
                $sSecretKey, 
                base64_decode($sValue), 
                MCRYPT_MODE_ECB
            )
        );
    }
    ?>

bucPvFRk+NToJwhqvWjk6K+TTBKhTymywXwYn9PG02u/21wLx2hrAwenWHwI1vwpcgEQEgD+ZN5aBK0oMOYMuQ==
text_text_text_text_text_text_text_text_text_text_text_text

[infratec]

Found an explanation:

PHP’s mcrypt should have a “AES-128″ “AES-192″ and “AES-256″ but it doesn’t.

Rijndael-192 and Rijndael-256 are not identical to AES-192 and AES-256 (block sizes and number of rounds differ).

AES/Rijndael 128bit are identical however.

So if you use MCRYPT_RIJNDAEL_128 and change the PB program to 128 it should work.

Bernd

[infratec]

It should work with 256 (32byte key)

also with MCRYPT_RIJNDAEL_128

But than your key length decide if 128 or 256
read here:

http://www.chilkatsoft.com/p/php_aes.asp

Bernd

[roleg]

It should work with 256 (32byte key)

also with MCRYPT_RIJNDAEL_128

But than your key length decide if 128 or 256
read here:

http://www.chilkatsoft.com/p/php_aes.asp

Bernd

to Bernd

Thank you man!
You're the best!
I never would have found this without u
Thanks.

P.S. work perfect, but 128 bit only

USE 128 BIT AES

[infratec]

Hi roleg,

thanks for the flowers
You're welcome.

If I read the description correct, you can use 256bit.
You have only to ensure that your key is 32 byte long.

In PB I would do this with

Code: Select all

Left("password", 32)

Something like this is also possible in PHP.

Bernd