Sign in to follow this  
Followers 0
0000

PHP -> AutoIt

6 posts in this topic

Hello.

I'm trying to make .exe which is working with web-based script. So I need to send secret information like id/pw to www, so I took some php script for encoding/decoding info. But I can't convert it to autoit. Could somebody try to help?

<?php
// String EnCrypt + DeCrypt function
// Author: halojoy, July 2006
function convert($str,$ky=''){
if($ky=='')return $str;
$ky=str_replace(chr(32),'',$ky);
if(strlen($ky)<8)exit('key error');
$kl=strlen($ky)<32?strlen($ky):32;
$k=array();for($i=0;$i<$kl;$i++){
$k[$i]=ord($ky{$i})&0x1F;}
$j=0;for($i=0;$i<strlen($str);$i++){
$e=ord($str{$i});
$str{$i}=$e&0xE0?chr($e^$k[$j]):chr($e);
$j++;$j=$j==$kl?0:$j;}
return $str;
}
///////////////////////////////////
// Secret key to encrypt/decrypt with
$key='mysecretkey'; // 8-32 characters without spaces
// String to encrypt
$string1='To be or not to be, that is the question';
// EnCrypt string
$string2=convert($string1,$key);
// DeCrypt back
$string3=convert($string2,$key);
// Test output
echo '<span style="font-family:Courier">'."\n";
echo 'Key: '.$key.'<br>'."\n";
echo $string1.'<br>'."\n";
echo $string2.'<br>'."\n";
echo $string3.'<br>'."\n";
echo '</span>'."\n";
?> 
[/PHP]

Test:

Key: mysecretkey
To be or not to be, that is the question
Yv3gf2jf+kvy9gj#p`8+qqlm3lp2q|n%hx|`qj}k
To be or not to be, that is the question

Thank you, 0000.

Share this post


Link to post
Share on other sites



Instead of reinventing the wheel better use something allready serving that purpose...

For AES a combo of these two might work:

http://phpseclib.sourceforge.net/documentation/crypt.html#crypt_aes_benchmarks

_Crypt_EncryptData()

And if it's only about authentication, md5() pw&id locally and compare the hash on the server-side.

Share this post


Link to post
Share on other sites

MD5 isn't quite good, because I will have to send information which should be decoded at .exe or .php and I dont want to get sniffed packets.

Share this post


Link to post
Share on other sites

MD5 isn't quite good, because I will have to send information which should be decoded at .exe or .php and I dont want to get sniffed packets.

MD5 is brilliant because the only way to decode it is to rainbow table/dictionary, which can take billions of years.

Good luck with the packet sniffing stopping...

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Yeah MD5 is pretty good to return Login success answer (Critical error) from PHP -> .exe and try to bruteforce it, because normal string should be shown for User :unsure:

Edited by 0000

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0