Jump to content

Changing decrypt php to autoit


Recommended Posts

Hey guys. I am stuck again.

I have a website that takes orders and, of course, encrypts the card numbers.

I have been trying to rewrite the PHP decryption to work in Autoit, but I have been having difficulties.

Here is my PHP Function:

function cc_decrypt($string,$key) {
   $key = md5($key); //to improve variance
  /* Open module, and create IV */
  $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '','cfb', '');
  $key = substr($key, 0, mcrypt_enc_get_key_size($td));
  $iv_size = mcrypt_enc_get_iv_size($td);
  $iv = substr($string,0,$iv_size);
  $string = substr($string,$iv_size);
  /* Initialize encryption handle */
   if (mcrypt_generic_init($td, $key, $iv) != -1) {

     /* Encrypt data */
     $c_t = mdecrypt_generic($td, $string);
     mcrypt_generic_deinit($td);
     mcrypt_module_close($td);
       return $c_t;
   } else {
    trigger_error("cc_decrypt(C): Unable to decrypt input", E_USER_NOTICE);
   } 
}

I looked at Crypt but I could not find that it would work with a Rijndael encryption. I also need to be able to determine the IV.

Does anyone have any ideas for me? Thanks.

Link to comment
Share on other sites

Thanks JohnOne. I had thought so as well, which should mean that the proper way to decrypt this using autoit is the following:

$CC = _Crypt_DecryptData($CC,$KEY,$CALG_AES_256)

With the credit card number being $CC, the preset key as $KEY and as this is a 256bit Rijndael $CALG_AES_256 should be the correct hash id.

However using this I get an error of 2, failed to decrypt.

Am I doing something wrong?

Link to comment
Share on other sites

you may simply InetGet(site.com/cc_decrypt.php?key=xxx&session=uniquecodefortempbypass) but it wont be secure :mellow:

Btw, good luck with it, im trying to install that mcrypt plugin to my server atm, it sucks.

:alien: ~ Every Living Thing is a Code Snippet of World Application ~ :alien:

Link to comment
Share on other sites

you may simply InetGet(site.com/cc_decrypt.php?key=xxx&session=uniquecodefortempbypass) but it wont be secure :mellow:

I could do that or just pull the card number from the invoice. I am hoping to avoid that though.

I wish I understood encryptions better. Though I have been coding for 6 years now I have never worked with encryptions before.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...