Jump to content
Sign in to follow this  
sc4ry

(Blow)Fish Encryption

Recommended Posts

sc4ry

Hello Everybody,

i want to decrypt some text from mIRC, which uses FiSH (http://fish.secure.la/). FiSH is using the Blowfish-Algo. I tried the blowfish.au3 from here (http://www.autoitscript.com/forum/index.php?showtopic=44581&st=0&p=332160&#entry332160), but it seems not so easy to use the key and the text to decrypt.

I receive the following code, which is crypted with password "1234" (without "") -> +OK XyYxV1HYaF.1

Now i want to find the way, to decrypt this msg with the key to receive -> Blubb

I think there must be 2 ways: 1. Using blowfish.au3; 2. Using FiSH.dll

At this time, i have no idea, how to use the blowfish.au3 for that, but maybe, if i/we understand, how Fish works?

What i find in the mrc, is the follwing (but because i´m a dll and decryption noob, this does not really helps me ;-))

int decrypt_string(char *key, char *str, char *dest, int len);

int encrypt_string(char *key, char *str, char *dest, int len);

$dll(%FiSH_dll,DH1024_comp, %FiSH.prv_key $2)

If i take a look in the dll (with dependency walker), i also find the functions FiSH_decrypt_msg und FiSH_encrypt_msg. But both together does not show me, how to use it.

could anybody help me?

thanks very much.

Share this post


Link to post
Share on other sites
PsaltyDS

I receive the following code, which is crypted with password "1234" (without "") -> +OK XyYxV1HYaF.1

Now i want to find the way, to decrypt this msg with the key to receive -> Blubb

That sounds like you want an asymmetric algorithm. Blowfish is a symmetric algorithm, which means the same key must be used to decrypt that was used to encrypt. You want to encrypt with one key ("1234") and decrypt with a different one ("Blubb"), sort of like with RSA.

I don't know anything about "FiSH". Maybe it puts an asymmetric wrapper of some kind around a Blowfish encrypted block of data. You would have to take that up with them.

:(


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
DoubleMcLovin

That sounds like you want an asymmetric algorithm. Blowfish is a symmetric algorithm, which means the same key must be used to decrypt that was used to encrypt. You want to encrypt with one key ("1234") and decrypt with a different one ("Blubb"), sort of like with RSA.

I don't know how to help with this problem, but after reading the question, he does not want to decrypt with a different key, "Blubb" id the decrypted text. 1234 remains the key throughout.

Share this post


Link to post
Share on other sites
PsaltyDS

I don't know how to help with this problem, but after reading the question, he does not want to decrypt with a different key, "Blubb" id the decrypted text. 1234 remains the key throughout.

I see what you mean. I may have misunderstood the question.

As for the FiSH DLL, is there documentation available for it?

:(

Edited by PsaltyDS

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
evilertoaster

Blowfish keys should be a multiple of 8, otherwise different implementations might pad them differently (and give you different results). Here's an exmaple for enc/dec for the AutoIt version:

#include "Blowfish.au3"
$text="Blubb"
$key="12345678"
$cipher=Blowfish($key,$text,0)
MsgBox(0,"This encrypted text is",$cipher)
$decrypted=Blowfish($key,$cipher,1)
MsgBox(0,"There and back agian:",$decrypted)

This matches a 2nd implementations results (http://webnet77.com/cgi-bin/helpers/blowfish.pl) so I'd assume it's correct. Now you just to verify the encrypted text given to you by the FiSH algo...

Share this post


Link to post
Share on other sites
PsaltyDS

Nice catch. I was comparing to this site: http://www.oclib.com/library/com/oclib/javascript/security/encryption/blowfish/20070210/demo.html, and it came up different from SkinnyWhiteGuy's function every time. Using the one you found, it matches (after conversion with "StringToBinary($cipher)").

:(


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
evilertoaster
http://www.oclib.com/library/com/oclib/javascript/security/encryption/blowfish/20070210/demo.html is most likely wrong or it expects input differently, or has an implementation quirk (maybe a different block mode). Skinny's and http://webnet77.com/cgi-bin/helpers/blowfish.pl match the values expected by the text vectors- http://www.schneier.com/code/vectors.txt Edited by evilertoaster

Share this post


Link to post
Share on other sites
sc4ry

Hey,

thank you for your help. Cause i´m german, i don´t understand all what you wrote. sorry for that ;-)

using the blowfish.au3 isn´t that hard, but the result is not that, what i want or expect. i don´t know, what the fish.dll really does ... but i want to build that back. and the only thing i know already is, that it also uses blowfish ... but in what way?

maybe i have to use directly the dll and not the blowfish.au3 ... but how?

something i know found is, how the call should be done:

FiSH_encrypt_msg(HWND mWnd, HWND aWnd, char *theData, char *params, BOOL show, BOOL nopause)

know i have to do this in autoit (with nearly no dll-expirience). if anyone have a tip ... please let me know =)

Share this post


Link to post
Share on other sites
sc4ry

and a BIG, GREAT THANKS goes tooooo ... BugFix =)

He did the following:

Func _FiSH_encrypt_msg($mWnd, $aWnd, $sData, $show, $nopause)     Local $tData = DllStructCreate('char[900]')     DllStructSetData($tData, 1, $sData)     Local $tParams = DllStructCreate('char[900]')     Local $ret = DllCall('Fish.dll', 'int', 'FiSH_encrypt_msg', 'hwnd', $mWnd, 'hwnd', $aWnd, 'ptr', DllStructGetPtr($tData), _                 'ptr', DllStructGetPtr($tParams), 'BOOLEAN', $show, 'BOOLEAN', $nopause)     If @error Then Return SetError(@error,0,-1)     Switch $ret[0]         Case 0, 1             Return $ret[0]         Case 2             Local $aOut[2] = [DllStructGetData($tData,1), DllStructGetData($tParams,1)]             Return $aOut         Case 3             Return DllStructGetData($tData,1)     EndSwitch EndFunc

which works fine with following settings:

$mWnd = WinGetHandle("[Class:SciTEWindow]") $aWnd = ControlGetHandle("[Class:SciTEWindow]", "", "Scintilla2") $sData = "1234 Blubb" $show = True $nopause = True

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.