Page 1 of 2
Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 10:19 am
by roleg
In general there are two pieces of code:
PHP (
http://r0.by/crypt.php):
Code: Select all
<?php
$Pass = "password";
$Clear = "text_text_text_text_text_text_text_text_text_text_text_text";
$crypted = fnEncrypt($Clear, $Pass);
echo $crypted;
function fnEncrypt($sValue, $sSecretKey)
{
return trim(
base64_encode(
mcrypt_encrypt(
MCRYPT_RIJNDAEL_256,
$sSecretKey, $sValue,
MCRYPT_MODE_ECB
)
)
);
}
?>
and PB code:
Code: Select all
Procedure.s do_request(host.s, page.s="", post_data.s="", cookie.s="", is_secure.b=#False, user_agent.s="", referer.s="", proxy.s="", timeout.l=1000, redirect.b=#True)
result.s=""
If Not proxy="" : access_type.i=3 : Else : access_type.i=1 : EndIf
open_handle = InternetOpen_(user_agent,access_type,proxy,"",0)
InternetSetOption_(open_handle, 2,timeout,4)
If is_secure
port.i=443
flag.l=$00800000|$00001000|$00002000|$00080000|$00000100|$04000000
Else
port.i=80
flag.l=$00080000|$00000100|$04000000
EndIf
If Not redirect : flag|$00200000 : EndIf
If Not post_data="" : verb.s="POST" : Else : verb.s="GET" : EndIf
If page="" : page="/" : EndIf
If user_agent="" : user_agent="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" : EndIf
connect_handle = InternetConnect_(open_handle,host,port,"","",3,0,0)
request_handle = HttpOpenRequest_(connect_handle,verb,page,"",referer,0,flag,0)
If verb="POST"
headers.s = "Content-Type: application/x-www-form-urlencoded" +Chr(13)+Chr(10)
HttpAddRequestHeaders_(request_handle,headers,Len(headers), $80000000|$20000000)
EndIf
If Not cookie=""
headers.s = "Cookie: "+cookie+Chr(13)+Chr(10)
HttpAddRequestHeaders_(request_handle,headers,Len(headers), $80000000|$20000000)
EndIf
send_handle = HttpSendRequest_(request_handle,"",0,post_data,Len(post_data))
buffer.s = Space(1024)
Repeat
InternetReadFile_(request_handle,@buffer,1024,@bytes_read.l)
result.s + Left(buffer,bytes_read)
buffer = Space(1024)
Until bytes_read=0
InternetCloseHandle_(open_handle)
InternetCloseHandle_(connect_handle)
InternetCloseHandle_(request_handle)
InternetCloseHandle_(send_handle)
ProcedureReturn result
EndProcedure
aes.s=do_request("r0.by","/crypt.php")
Debug aes
InputString.s = aes
InputSize.l = Len(InputString)
*OutputBuffer = AllocateMemory(InputSize.l)
len = Base64Decoder(@InputString.s, InputSize.l, *OutputBuffer, InputSize.l)
Debug len
*out=AllocateMemory(len)
password.s="password"
AESDecoder(*OutputBuffer, *out, len, @password, 256, 0, #PB_Cipher_ECB)
ShowMemoryViewer(*out,len)
Why I can not get decrypted text?
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 10:59 am
by nospam
roleg wrote:Why I can not get decrypted text?
What exactly does "I can not get decrypted text" mean?
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 11:04 am
by roleg
nospam wrote:roleg wrote:Why I can not get decrypted text?
What exactly does "I can not get decrypted text" mean?
from
bucPvFRk+NToJwhqvWjk6K+TTBKhTymywXwYn9PG02u/21wLx2hrAwenWHwI1vwpcgEQEgD+ZN5aBK0oMOYMuQ==
to
text_text_text_text_text_text_text_text_text_text_text_text
"bucPvFRk+NToJwhqvWjk6K+TTBKhTymywXwYn9PG02u/21wLx2hrAwenWHwI1vwpcgEQEgD+ZN5aBK0oMOYMuQ==" = BASE64(AES256("text_text_text_text_text_text_text_text_text_text_text_text","password"))
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 11:34 am
by Num3
Have you tried enconding using PureBasic ?
Purebasic AES produces a different result each time it runs and if PHP is producing always the same result, then that is an evidence they are using different internal algorithms, and they are not compatible.
Code: Select all
input.s = "text_text_text_text_text_text_text_text_text_text_text_text"
pass.s = "password"
output_aes.s = Space(4096)
If AESEncoder(@input,@output_aes,Len(Input),@pass,256,0, #PB_Cipher_ECB)
output_b64.s = Space(Len(output_aes)*3)
Debug output_aes
Base64Encoder(@output_aes,Len(output_aes),@output_b64,Len(output_aes)*3)
Debug output_b64
EndIf
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 11:52 am
by infratec
Hi together,
Num3 is wrong.
PB generates always the same ....
If the function is used correct.
If you use 256 bit, the key have to be 32 bytes long.
So you need something like:
According to
http://php.net/manual/de/function.mcrypt-encrypt.php
You need
But still than it is not working
Bernd
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 12:42 pm
by roleg
infratec wrote:Hi together,
Num3 is wrong.
PB generates always the same ....
If the function is used correct.
If you use 256 bit, the key have to be 32 bytes long.
So you need something like:
According to
http://php.net/manual/de/function.mcrypt-encrypt.php
You need
But still than it is not working
Bernd
Hi Bernd.
Code: Select all
password.s=LSet("password",32,Chr(0))
Not work
I got the same thing using CBC with same initialization vector from both sides filled with zeros. =(
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 12:54 pm
by Fred
You can't use LSet() with '0' char, as in PB a string ends at the very first zero. You have to use AllocateMemory(32) for your IV (it will be automatically zero'ed, so you just have to pass the pointer and it should be ok.
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 1:03 pm
by roleg
Fred wrote:You can't use LSet() with '0' char, as in PB a string ends at the very first zero. You have to use AllocateMemory(32) for your IV (it will be automatically zero'ed, so you just have to pass the pointer and it should be ok.
Hi
Already tried.
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 1:54 pm
by infratec
Fred wrote:You can't use LSet() with '0' char, as in PB a string ends at the very first zero. You have to use AllocateMemory(32) for your IV (it will be automatically zero'ed, so you just have to pass the pointer and it should be ok.
But it works.
I tested this.
debug or peeks() will fail, that's clear, but the length of the variable is extended to the size which is used in LSet(),
and the filled values are 0.
And AESDecoder uses not a string, it uses a buffer.
But I'm guilty
This code is better:
Code: Select all
If Len(password) < 32
*Key = AllocateMemory(32)
Else
*Key = AllocateMemory(Len(password))
EndIf
PokeS(*Key, password)
But as roleg told us, it is not working.
The fault is not inside Base64Decoder()
I compared the result to some online decoders.
Bernd
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 1:58 pm
by infratec
@roleg,
one other question:
Have you tried to rebuild the text via php ?
Maybe this fails too, than is the fault somewhere else.
Bernd
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 2:01 pm
by roleg
infratec wrote:@roleg,
one other question:
Have you tried to rebuild the text via php ?
Maybe this fails too, than is the fault somewhere else.
Bernd
it's work good
Code: Select all
<?php
$Pass = "password";
$Clear = "text_text_text_text_text_text_text_text_text_text_text_text";
$crypted = fnEncrypt($Clear, $Pass);
echo $crypted;
$newClear = fnDecrypt($crypted, $Pass);
echo $newClear;
function fnEncrypt($sValue, $sSecretKey)
{
return trim(
base64_encode(
mcrypt_encrypt(
MCRYPT_RIJNDAEL_256,
$sSecretKey, $sValue,
MCRYPT_MODE_ECB
)
)
);
}
function fnDecrypt($sValue, $sSecretKey)
{
return trim(
mcrypt_decrypt(
MCRYPT_RIJNDAEL_256,
$sSecretKey,
base64_decode($sValue),
MCRYPT_MODE_ECB
)
);
}
?>
bucPvFRk+NToJwhqvWjk6K+TTBKhTymywXwYn9PG02u/21wLx2hrAwenWHwI1vwpcgEQEgD+ZN5aBK0oMOYMuQ==
text_text_text_text_text_text_text_text_text_text_text_text
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 4:12 pm
by infratec
Found an explanation:
PHP’s mcrypt should have a “AES-128″ “AES-192″ and “AES-256″ but it doesn’t.
Rijndael-192 and Rijndael-256 are not identical to AES-192 and AES-256 (block sizes and number of rounds differ).
AES/Rijndael 128bit are identical however.
So if you use MCRYPT_RIJNDAEL_128 and change the PB program to 128 it should work.
Bernd
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 4:19 pm
by infratec
It should work with 256 (32byte key)
also with MCRYPT_RIJNDAEL_128
But than your key length decide if 128 or 256
read here:
http://www.chilkatsoft.com/p/php_aes.asp
Bernd
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 5:54 pm
by roleg
to Bernd
Thank you man!
You're the best!
I never would have found this without u
Thanks.
P.S. work perfect, but 128 bit only
USE 128 BIT AES
Re: Can not decipher BASE64(AES256()) data from web
Posted: Wed Dec 05, 2012 7:45 pm
by infratec
Hi roleg,
thanks for the flowers
You're welcome.
If I read the description correct, you can use 256bit.
You have only to ensure that your key is 32 byte long.
In PB I would do this with
Something like this is also possible in PHP.
Bernd