Jump to content

RC4 Encryption (New, Proper)


Valik
 Share

Recommended Posts

Since the original posting of RC4 by bcording found here was broken and I also wanted to learn the algorithm for myself (The main reason), I wrote my own version. In doing so, I discovered the problem with bcording's version as explained in that thread. My version is based off information found here and implemented using the C code found here.

Of notable interest in this function is it kind-of handles NULL characters (Chr(0) or \0 In C/C++). When performing the algorithm, my function detects when \0 is to be part of the encrypted string. Instead of inserting it, it instead leaves that character unchanged. This has the unfortunate side effect of making the string no longer decryptable by any RC4 implementation not supporting this. However, it can be decrypted by this function. In all other cases where \0 does not appear, then encrypted string is completely RC4 compliant*. When \0 is detect, @error will be set (Even though the function still returns an encrypted/decrypted string).

The code can be found http://www.autoitscript.com/fileman/users/Valik/Library/encryption.au3.

Example usage:

#include "Encryption.au3"

Main()

Func Main()
    Local $sText = "This script performs 'RC4' Stream Encryption"
    Local $sKey = "password"
    
    Local $sEncrypted = _RC4Encrypt($sText, $sKey); My Function
    If @error Then MsgBox(4096+48, "Warning", "Non RC4 string produced")
    MsgBox(4096, "Encrypted", $sEncrypted)
    Local $sDecrypted = _RC4Decrypt($sEncrypted, $sKey)
    MsgBox(4096, "Decrypted", $sDecrypted)
    
    $sText = "This shouldn't generate a warning."
    $sKey = "Another Key"
    
    $sEncrypted = _RC4Encrypt($sText, $sKey); My Function
    If @error Then MsgBox(4096+48, "Warning", "Non RC4 string produced")
    MsgBox(4096, "Encrypted", $sEncrypted)
    $sDecrypted = _RC4Decrypt($sEncrypted, $sKey)
    MsgBox(4096, "Decrypted", $sDecrypted)
EndFunc; Main()

* "RC4 compliant" in this case means, anything which implements the original RC4 algorithm can decrypt the string (or encrypt it, so long as the result doesn't contain \0, which AutoIt can't handle).

Edit: Changed file suffix.

Edited by Valik
Link to comment
Share on other sites

Since the original posting of RC4 by bcording found here was broken and I also wanted to learn the algorithm for myself (The main reason), I wrote my own version.  In doing so, I discovered the problem with bcording's version as explained in that thread.  My version is based off information found here and implemented using the C code found here

Of notable interest in this function is it kind-of handles NULL characters (Chr(0) or \0 In C/C++).  When performing the algorithm, my function detects when \0 is to be part of the encrypted string.  Instead of inserting it, it instead leaves that character unchanged.  This has the unfortunate side effect of making the string no longer decryptable by any RC4 implementation not supporting this.  However, it can be decrypted by this function.  In all other cases where \0 does not appear, then encrypted string is completely RC4 compliant*.  When \0 is detect, @error will be set (Even though the function still returns an encrypted/decrypted string).

The code can be found http://www.autoitscript.com/fileman/users/Valik/Library/encryption.au3.

Example usage:

#include "Encryption.au3"

Main()

Func Main()
    Local $sText = "This script performs 'RC4' Stream Encryption"
    Local $sKey = "password"
    
    Local $sEncrypted = _RC4Encrypt($sText, $sKey); My Function
    If @error Then MsgBox(4096+48, "Warning", "Non RC4 string produced")
    MsgBox(4096, "Encrypted", $sEncrypted)
    Local $sDecrypted = _RC4Decrypt($sEncrypted, $sKey)
    MsgBox(4096, "Decrypted", $sDecrypted)
    
    $sText = "This shouldn't generate a warning."
    $sKey = "Another Key"
    
    $sEncrypted = _RC4Encrypt($sText, $sKey); My Function
    If @error Then MsgBox(4096+48, "Warning", "Non RC4 string produced")
    MsgBox(4096, "Encrypted", $sEncrypted)
    $sDecrypted = _RC4Decrypt($sEncrypted, $sKey)
    MsgBox(4096, "Decrypted", $sDecrypted)
EndFunc; Main()

* "RC4 compliant" in this case means, anything which implements the original RC4 algorithm can decrypt the string (or encrypt it, so long as the result doesn't contain \0, which AutoIt can't handle).

Edit: Changed file suffix.

<{POST_SNAPBACK}>

Hi valik thx you i like the Rc4 Stream Encryption " o:):lmao:

good job :)

Link to comment
Share on other sites

...encrypt things.

Let's say you wanted to encrypt a password that is to be used in one of your AutoIT scripts, this would be a good way to save it.

Instead of someone just dissasembling your script and finding the password it'd be a bunch of jumbled characters.

"I thoroughly disapprove of duels. If a man should challenge me, I would take him kindly and forgivingly by the hand and lead him to a quiet place and kill him." - Mark TwainPatient: "It hurts when I do $var_"Doctor: "Don't do $var_" - Lar.
Link to comment
Share on other sites

You can use this if you use his functions...

"I thoroughly disapprove of duels. If a man should challenge me, I would take him kindly and forgivingly by the hand and lead him to a quiet place and kill him." - Mark TwainPatient: "It hurts when I do $var_"Doctor: "Don't do $var_" - Lar.
Link to comment
Share on other sites

If you want to replace the current _StringEncrypt() feel free to use the existing example.

Offering any help to anyone (to my capabilities of course)Want to say thanks? Click here! [quote name='Albert Einstein']Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.[/quote][quote name='Wolvereness' date='7:35PM Central, Jan 11, 2005']I'm NEVER wrong, I call it something else[/quote]

Link to comment
Share on other sites

  • 1 year later...

I know that this is an ancient post, but can anyone provide the missing au3 source for Valik's script? I am having problems interfacing with 'true RC4' algorithm in both ASP and PHP+mcrypt with _StringEncrypt and _StringEncryptRC4.

Thanks

Link to comment
Share on other sites

Be aware that this code requires 3.2.0.1 or later. It can produce strings with embedded Chr(0)'s as part of the RC4 encryption.

#Region Public Members

#Region _RC4Encrypt()
; ===================================================================
; _RC4Encrypt($sData, $sKey)
;
; Encrypts a string using the RC4 algorithm.
; Parameters:
;    $sData - IN - The data to encrypt.
;    $sKey - IN - The key to use for encryption.
; Returns:
;    The encrypted string.
; ===================================================================
Func _RC4Encrypt($sData, $sKey)
    Local $sResult = __RC4Impl($sData, $sKey)
    SetError(@error, @extended)    ; Propagate up
    Return $sResult
EndFunc    ; _RC4Encrypt()
#EndRegion _RC4Encrypt()

#Region _RC4Decrypt()
; ===================================================================
; _RC4Decrypt($sData, $sKey)
;
; Decrypts an RC4 encrypted string.
; Parameters:
;    $sData - IN - The data to decrypt.
;    $sKey - IN - The key to used during encryption.
; Returns:
;    The decrypted string.
; ===================================================================
Func _RC4Decrypt($sData, $sKey)
    Local $sResult = __RC4Impl($sData, $sKey)
    SetError(@error, @extended)    ; Propagate up
    Return $sResult
EndFunc    ; _RC4Decrypt()
#EndRegion _RC4Decrypt()

#EndRegion Public Members

#Region Private Members

#Region __RC4Impl()
; ===================================================================
; __RC4Impl($sData, $sKey)
;
; Implementation of the RC4 encryption algorithm.
; Parameters:
;    $sData - IN - Either plain text or an encrypted string.
;    $sKey - IN - The key to encrypt with or used during a previous encryption.
; Returns:
;    The string after being processed by the RC4 algorithm.
; ===================================================================
Func __RC4Impl($sData, $sKey)
    Local $aState[256]
    Local $nKeyLength = StringLen($sKey), $nDataLength = StringLen($sData)
    Local $c, $index, $x = 0, $y = 0, $sResult = ""

    For $counter = 0 To 255
        $aState[$counter] = $counter
    Next

    For $counter = 0 To 255
        $c = StringMid($sKey, Mod($counter, $nKeyLength)+1, 1)
        $index = Mod(Asc($c) + $aState[$counter] + $index, 256)
        __RC4Swap($aState[$counter], $aState[$index])
    Next

    For $counter = 1 To $nDataLength
        $x = Mod($x+1, 256)
        $y = Mod($aState[$x]+$y, 256)
        __RC4Swap($aState[$x], $aState[$y])
        $index = Mod($aState[$x]+$aState[$y], 256)
        $c = BitXOR(Asc(StringMid($sData, $counter, 1)), $aState[$index])
        $sResult &= Chr($c)
    Next
    Return $sResult
EndFunc    ; __RC4Impl()
#EndRegion __RC4Impl()

#Region __RC4Swap()
; ===================================================================
; __RC4Swap(ByRef $a, ByRef $B)
;
; Swap function provided only for convience.
; Parameters:
;    $a - IN/OUT - First argument to swap.
;    $b - IN/OUT - Second argument to swap.
; Returns:
;    None.
; ===================================================================
Func __RC4Swap(ByRef $a, ByRef $B)
    Local $t = $a
    $a = $b
    $b = $t
EndFunc    ; __RC4Swap()
#EndRegion __RC4Swap()

#EndRegion Private Members
Link to comment
Share on other sites

... Am I just completely wrong or the _RC4Encrypt and _RC4Decrypt functions are totally the same?

[quote name='Valik' post='301213' date='Jan 31 2007, 10:36 PM']You seem to have a habit of putting things in the wrong place. I feel sorry for any female you attempt to have sex with.[/quote][font="Lucida Sans Unicode"][/font]

Link to comment
Share on other sites

RC4 uses the same algorithm to encrypt and decrypt.

Edit:

@Valik

If you take out the StringToHex and HexToString functions from my UDF, my function produces the same result as yours (without Chr(0) support)

^^That doesn't have a point :)

Edited by RazerM
My Programs:AInstall - Create a standalone installer for your programUnit Converter - Converts Length, Area, Volume, Weight, Temperature and Pressure to different unitsBinary Clock - Hours, minutes and seconds have 10 columns each to display timeAutoIt Editor - Code Editor with Syntax Highlighting.Laserix Editor & Player - Create, Edit and Play Laserix LevelsLyric Syncer - Create and use Synchronised Lyrics.Connect 4 - 2 Player Connect 4 Game (Local or Online!, Formatted Chat!!)MD5, SHA-1, SHA-256, Tiger and Whirlpool Hash Finder - Dictionary and Brute Force FindCool Text Client - Create Rendered ImageMy UDF's:GUI Enhance - Enhance your GUIs visually.IDEA File Encryption - Encrypt and decrypt files easily! File Rename - Rename files easilyRC4 Text Encryption - Encrypt text using the RC4 AlgorithmPrime Number - Check if a number is primeString Remove - remove lots of strings at onceProgress Bar - made easySound UDF - Play, Pause, Resume, Seek and Stop.
Link to comment
Share on other sites

  • 1 year later...
  • 8 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...