AutoIt <--> PHP Encryption and Base64

[BinaryBrother]

Alright, so I'm finally in the production stages of a program that I've been working on for quite a while. Now, before I can actually take it online to the public, I need to secure it.

I'm trying to encrypt data and then Base64 encode that data for transmission and communication. While the base64, I've finally got to match up, the AES is somehow different.

http://screencast.com/t/JjvovS3v <----- Screenshot with cool arrows and whatnot.

I know things in both the PHP and AutoIt are completely crap right now, they got pretty bent out of shape during my debug process, so I'm not really as bad of a coder as it might look like!! haha. I'll clean everything up, beautifully, once I get it working.

Here is the AES encryption class [with Base64 encoding removed from the encryption phase, for testing]
http://pastebin.com/Quy2xfxV

Here is my PHP example using the AES class, above.
http://pastebin.com/dZAZAFp3

And lastly, here is my AutoIt script
 

expandcollapse popup

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Change2CUI=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <Constants.au3>
#include <Crypt.au3>
#include <ComboConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WinAPI.au3>
#include <WindowsConstants.au3>
#include <MsgBoxConstants.au3>

Example()

Func Example()
    _Crypt_Startup() ; To optimize performance start the crypt library.

    Local $bAlgorithm = $CALG_AES_256
    $hKey = _Crypt_DeriveKey("key", $bAlgorithm)   ; Declare a password string and algorithm to create a cryptographic key.
    Local $sRead = "test"
    ConsoleWrite("Original text: " & $sRead & @CRLF)
    Local $bEncrypted = _Crypt_EncryptData($sRead, $hKey, $CALG_USERKEY)
    ConsoleWrite("Encrypted text: " & BinaryToString($bEncrypted) & @CRLF)
    $bEncoded = _B64Encode($bEncrypted)
    ConsoleWrite("Encoded data after encryption: " & $bEncoded & @CRLF)
    ConsoleWrite("Just encoded, no encryption: " & _B64Encode($sRead) & @CRLF)
    ;Local $bDecrypted = _Crypt_DecryptData(_B64Decode($bEncrypted), $hKey, $CALG_USERKEY)
    ;ConsoleWrite("Encrypted Data: " & $bEncrypted & @CRLF)
    ;ConsoleWrite("Decrypted Data: " & BinaryToString($bDecrypted) & @CRLF)
    _Crypt_DestroyKey($hKey) ; Destroy the cryptographic key.
    _Crypt_Shutdown() ; Shutdown the crypt library.
EndFunc   ;==>Example

Func _B64Decode($sSource)

    Local Static $Opcode, $tMem, $tRevIndex, $fStartup = True

    If $fStartup Then
        If @AutoItX64 Then
            $Opcode = '0xC800000053574D89C74C89C74889D64889CB4C89C89948C7C10400000048F7F148C7C10300000048F7E14989C242807C0EFF3D750E49FFCA42807C0EFE3D750349FFCA4C89C89948C7C10800000048F7F14889C148FFC1488B064989CD48C7C108000000D7C0C0024188C349C1E30648C1E808E2EF49C1E308490FCB4C891F4883C7064883C6084C89E9E2CB4C89D05F5BC9C3'
        Else
            $Opcode = '0xC8080000FF75108B7D108B5D088B750C8B4D148B06D7C0C00288C2C1E808C1E206D7C0C00288C2C1E808C1E206D7C0C00288C2C1E808C1E206D7C0C00288C2C1E808C1E2060FCA891783C70383C604E2C2807EFF3D75084F807EFE3D75014FC6070089F85B29D8C9C21000'
        EndIf

        Local $aMemBuff = DllCall("kernel32.dll", "ptr", "VirtualAlloc", "ptr", 0, "ulong_ptr", BinaryLen($Opcode), "dword", 4096, "dword", 64)
        $tMem = DllStructCreate('byte[' & BinaryLen($Opcode) & ']', $aMemBuff[0])
        DllStructSetData($tMem, 1, $Opcode)

        Local $aRevIndex[128]
        Local $aTable = StringToASCIIArray('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')
        For $i = 0 To UBound($aTable) - 1
            $aRevIndex[$aTable[$i]] = $i
        Next
        $tRevIndex = DllStructCreate('byte[' & 128 & ']')
        DllStructSetData($tRevIndex, 1, StringToBinary(StringFromASCIIArray($aRevIndex)))

        $fStartup = False
    EndIf

    Local $iLen = StringLen($sSource)
    Local $tOutput = DllStructCreate('byte[' & $iLen + 8 & ']')
    DllCall("kernel32.dll", "bool", "VirtualProtect", "struct*", $tOutput, "dword_ptr", DllStructGetSize($tOutput), "dword", 0x00000004, "dword*", 0)

    Local $tSource = DllStructCreate('char[' & $iLen + 8 & ']')
    DllStructSetData($tSource, 1, $sSource)

    Local $aRet = DllCallAddress('uint', DllStructGetPtr($tMem), 'struct*', $tRevIndex, 'struct*', $tSource, 'struct*', $tOutput, 'uint', (@AutoItX64 ? $iLen : $iLen / 4))

    Return BinaryMid(DllStructGetData($tOutput, 1), 1, $aRet[0])

EndFunc   ;==>_B64Decode


Func _B64Encode($sSource)

    Local Static $Opcode, $tMem, $fStartup = True

    If $fStartup Then
        If @AutoItX64 Then
            $Opcode = '0xC810000053574889CE4889D74C89C34C89C89948C7C10600000048F7F14889C14883FA00740348FFC1488B06480FC848C1E80EC0E802D788470748C1E806C0E802D788470648C1E806C0E802D788470548C1E806C0E802D788470448C1E806C0E802D788470348C1E806C0E802D788470248C1E806C0E802D788470148C1E806C0E802D788074883C6064883C708E2994883FA00743B49C7C5060000004929D54883FA03770349FFC54C29EF4883FA03741F4883FA01740E4883FA047408C6073D48FFC7EB0BC6073DC647013D4883C702C607005F5BC9C3'
        Else
            $Opcode = '0xC80800008B451499B903000000F7F189C1528B5D108B75088B7D0C83FA007401418B160FCAC1EA0888D0243FD7884703C1EA0688D0243FD7884702C1EA0688D0243FD7884701C1EA0688D0243FD7880783C60383C704E2C95A83FA00740DC647FF3D83FA027404C647FE3DC60700C9C21000'
        EndIf

        Local $aMemBuff = DllCall("kernel32.dll", "ptr", "VirtualAlloc", "ptr", 0, "ulong_ptr", BinaryLen($Opcode), "dword", 4096, "dword", 64)
        $tMem = DllStructCreate('byte[' & BinaryLen($Opcode) & ']', $aMemBuff[0])
        DllStructSetData($tMem, 1, $Opcode)

        $fStartup = False
    EndIf

    $sSource = Binary($sSource)
    Local $iLen = BinaryLen($sSource)

    $tSource = DllStructCreate('byte[' & $iLen & ']')
    DllStructSetData($tSource, 1, $sSource)

    Local $tOutput = DllStructCreate('char[' & Ceiling($iLen * (4 / 3) + 3) & ']')
    DllCall("kernel32.dll", "bool", "VirtualProtect", "struct*", $tOutput, "dword_ptr", DllStructGetSize($tOutput), "dword", 0x00000004, "dword*", 0)

    Local $sTable = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'

    DllCallAddress('none', DllStructGetPtr($tMem), 'struct*', $tSource, 'struct*', $tOutput, 'str', $sTable, 'uint', $iLen)

    Return DllStructGetData($tOutput, 1)

EndFunc   ;==>_B64Encode

Edited February 1, 2014 by BinaryBrother

[DatMCEyeBall]

http://stackoverflow.com/questions/11818684/why-is-aes-encrypted-cipher-of-the-same-string-with-the-same-key-always-differen

In short:

You need to disable the "salt" used to encrypt the string, or make it a constant value.

Edited February 1, 2014 by DatMCEyeBall

[BinaryBrother]

My encrypted text remains the same after each iteration. I tested just to see.

But, you're probably onto something so I'll do some reading.

Edit: 20 some-odd mins later...
Bah! Whoever created this class didn't fully understand it. Your not suppose to be able to use IVs with ECB mode.
http://stackoverflow.com/questions/1789709/is-it-possible-to-use-aes-with-an-iv-in-ecb-mode

And that class tries. So I'm going to pick up another class. [Yes, I know the IV should be ignored, but it also shouldn't be there.]

Edited February 1, 2014 by BinaryBrother

[BinaryBrother]

I cleaned the code and minimized it as much as possible, the IV nor salt is the issue. [i don't think].
http://screencast.com/t/ncXHANt3

I'm honestly not good enough in mathematics to understand the algorithms, so all I can do is shotgun solutions and Google. I have read several sources that say that Rijndael-128 is what is needed in PHP's mcrypt functions to match AES 256 bit encryption, because Rijndael-128 is referring to the the blocksize, where as AES256 has a 128 blocksize, but 256bit key.

I'm fried on this one. I just can't get it.

Just to clarify, I've tried both the mcrypt modes "rijndael-128" & "rijndael-256". The script above only reflects one, but I've tested both with fail.

I figured it out. https://www.autoitscript.com/forum/topic/170488-yet-another-php-autoit-encryption-example/?do=findComment&comment=1246447

 

Edited May 19, 2015 by BinaryBrother