Jump to content

AutoIt <--> PHP Encryption and Base64


Recommended Posts

Alright, so I'm finally in the production stages of a program that I've been working on for quite a while. Now, before I can actually take it online to the public, I need to secure it.

I'm trying to encrypt data and then Base64 encode that data for transmission and communication. While the base64, I've finally got to match up, the AES is somehow different.

http://screencast.com/t/JjvovS3v <----- Screenshot with cool arrows and whatnot.

I know things in both the PHP and AutoIt are completely crap right now, they got pretty bent out of shape during my debug process, so I'm not really as bad of a coder as it might look like!! haha. I'll clean everything up, beautifully, once I get it working.

Here is the AES encryption class [with Base64 encoding removed from the encryption phase, for testing]
http://pastebin.com/Quy2xfxV

Here is my PHP example using the AES class, above.
http://pastebin.com/dZAZAFp3

And lastly, here is my AutoIt script
 

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Change2CUI=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <Constants.au3>
#include <Crypt.au3>
#include <ComboConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WinAPI.au3>
#include <WindowsConstants.au3>
#include <MsgBoxConstants.au3>

Example()

Func Example()
    _Crypt_Startup() ; To optimize performance start the crypt library.

    Local $bAlgorithm = $CALG_AES_256
    $hKey = _Crypt_DeriveKey("key", $bAlgorithm)   ; Declare a password string and algorithm to create a cryptographic key.
    Local $sRead = "test"
    ConsoleWrite("Original text: " & $sRead & @CRLF)
    Local $bEncrypted = _Crypt_EncryptData($sRead, $hKey, $CALG_USERKEY)
    ConsoleWrite("Encrypted text: " & BinaryToString($bEncrypted) & @CRLF)
    $bEncoded = _B64Encode($bEncrypted)
    ConsoleWrite("Encoded data after encryption: " & $bEncoded & @CRLF)
    ConsoleWrite("Just encoded, no encryption: " & _B64Encode($sRead) & @CRLF)
    ;Local $bDecrypted = _Crypt_DecryptData(_B64Decode($bEncrypted), $hKey, $CALG_USERKEY)
    ;ConsoleWrite("Encrypted Data: " & $bEncrypted & @CRLF)
    ;ConsoleWrite("Decrypted Data: " & BinaryToString($bDecrypted) & @CRLF)
    _Crypt_DestroyKey($hKey) ; Destroy the cryptographic key.
    _Crypt_Shutdown() ; Shutdown the crypt library.
EndFunc   ;==>Example

Func _B64Decode($sSource)

    Local Static $Opcode, $tMem, $tRevIndex, $fStartup = True

    If $fStartup Then
        If @AutoItX64 Then
            $Opcode = '0xC800000053574D89C74C89C74889D64889CB4C89C89948C7C10400000048F7F148C7C10300000048F7E14989C242807C0EFF3D750E49FFCA42807C0EFE3D750349FFCA4C89C89948C7C10800000048F7F14889C148FFC1488B064989CD48C7C108000000D7C0C0024188C349C1E30648C1E808E2EF49C1E308490FCB4C891F4883C7064883C6084C89E9E2CB4C89D05F5BC9C3'
        Else
            $Opcode = '0xC8080000FF75108B7D108B5D088B750C8B4D148B06D7C0C00288C2C1E808C1E206D7C0C00288C2C1E808C1E206D7C0C00288C2C1E808C1E206D7C0C00288C2C1E808C1E2060FCA891783C70383C604E2C2807EFF3D75084F807EFE3D75014FC6070089F85B29D8C9C21000'
        EndIf

        Local $aMemBuff = DllCall("kernel32.dll", "ptr", "VirtualAlloc", "ptr", 0, "ulong_ptr", BinaryLen($Opcode), "dword", 4096, "dword", 64)
        $tMem = DllStructCreate('byte[' & BinaryLen($Opcode) & ']', $aMemBuff[0])
        DllStructSetData($tMem, 1, $Opcode)

        Local $aRevIndex[128]
        Local $aTable = StringToASCIIArray('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')
        For $i = 0 To UBound($aTable) - 1
            $aRevIndex[$aTable[$i]] = $i
        Next
        $tRevIndex = DllStructCreate('byte[' & 128 & ']')
        DllStructSetData($tRevIndex, 1, StringToBinary(StringFromASCIIArray($aRevIndex)))

        $fStartup = False
    EndIf

    Local $iLen = StringLen($sSource)
    Local $tOutput = DllStructCreate('byte[' & $iLen + 8 & ']')
    DllCall("kernel32.dll", "bool", "VirtualProtect", "struct*", $tOutput, "dword_ptr", DllStructGetSize($tOutput), "dword", 0x00000004, "dword*", 0)

    Local $tSource = DllStructCreate('char[' & $iLen + 8 & ']')
    DllStructSetData($tSource, 1, $sSource)

    Local $aRet = DllCallAddress('uint', DllStructGetPtr($tMem), 'struct*', $tRevIndex, 'struct*', $tSource, 'struct*', $tOutput, 'uint', (@AutoItX64 ? $iLen : $iLen / 4))

    Return BinaryMid(DllStructGetData($tOutput, 1), 1, $aRet[0])

EndFunc   ;==>_B64Decode


Func _B64Encode($sSource)

    Local Static $Opcode, $tMem, $fStartup = True

    If $fStartup Then
        If @AutoItX64 Then
            $Opcode = '0xC810000053574889CE4889D74C89C34C89C89948C7C10600000048F7F14889C14883FA00740348FFC1488B06480FC848C1E80EC0E802D788470748C1E806C0E802D788470648C1E806C0E802D788470548C1E806C0E802D788470448C1E806C0E802D788470348C1E806C0E802D788470248C1E806C0E802D788470148C1E806C0E802D788074883C6064883C708E2994883FA00743B49C7C5060000004929D54883FA03770349FFC54C29EF4883FA03741F4883FA01740E4883FA047408C6073D48FFC7EB0BC6073DC647013D4883C702C607005F5BC9C3'
        Else
            $Opcode = '0xC80800008B451499B903000000F7F189C1528B5D108B75088B7D0C83FA007401418B160FCAC1EA0888D0243FD7884703C1EA0688D0243FD7884702C1EA0688D0243FD7884701C1EA0688D0243FD7880783C60383C704E2C95A83FA00740DC647FF3D83FA027404C647FE3DC60700C9C21000'
        EndIf

        Local $aMemBuff = DllCall("kernel32.dll", "ptr", "VirtualAlloc", "ptr", 0, "ulong_ptr", BinaryLen($Opcode), "dword", 4096, "dword", 64)
        $tMem = DllStructCreate('byte[' & BinaryLen($Opcode) & ']', $aMemBuff[0])
        DllStructSetData($tMem, 1, $Opcode)

        $fStartup = False
    EndIf

    $sSource = Binary($sSource)
    Local $iLen = BinaryLen($sSource)

    $tSource = DllStructCreate('byte[' & $iLen & ']')
    DllStructSetData($tSource, 1, $sSource)

    Local $tOutput = DllStructCreate('char[' & Ceiling($iLen * (4 / 3) + 3) & ']')
    DllCall("kernel32.dll", "bool", "VirtualProtect", "struct*", $tOutput, "dword_ptr", DllStructGetSize($tOutput), "dword", 0x00000004, "dword*", 0)

    Local $sTable = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'

    DllCallAddress('none', DllStructGetPtr($tMem), 'struct*', $tSource, 'struct*', $tOutput, 'str', $sTable, 'uint', $iLen)

    Return DllStructGetData($tOutput, 1)

EndFunc   ;==>_B64Encode
Edited by BinaryBrother

SIGNATURE_0X800007D NOT FOUND

Link to comment
Share on other sites

http://stackoverflow.com/questions/11818684/why-is-aes-encrypted-cipher-of-the-same-string-with-the-same-key-always-differen

In short:

You need to disable the "salt" used to encrypt the string, or make it a constant value.

Edited by DatMCEyeBall

"Just be fred, all we gotta do, just be fred."  -Vocaliod

"That is a Hadouken. A KAMEHAMEHA would have taken him 13 days and 54 episodes to form." - Roden Hoxha

@tabhooked

Clock made of cursors ♣ Desktop Widgets ♣ Water Simulation

Link to comment
Share on other sites

My encrypted text remains the same after each iteration. I tested just to see.

But, you're probably onto something so I'll do some reading.

Edit: 20 some-odd mins later...
Bah! Whoever created this class didn't fully understand it. Your not suppose to be able to use IVs with ECB mode.
http://stackoverflow.com/questions/1789709/is-it-possible-to-use-aes-with-an-iv-in-ecb-mode

And that class tries. So I'm going to pick up another class. [Yes, I know the IV should be ignored, but it also shouldn't be there.]

Edited by BinaryBrother

SIGNATURE_0X800007D NOT FOUND

Link to comment
Share on other sites

I cleaned the code and minimized it as much as possible, the IV nor salt is the issue. [i don't think].
http://screencast.com/t/ncXHANt3

I'm honestly not good enough in mathematics to understand the algorithms, so all I can do is shotgun solutions and Google. I have read several sources that say that Rijndael-128 is what is needed in PHP's mcrypt functions to match AES 256 bit encryption, because Rijndael-128 is referring to the the blocksize, where as AES256 has a 128 blocksize, but 256bit key.

I'm fried on this one. I just can't get it. :x

Just to clarify, I've tried both the mcrypt modes "rijndael-128" & "rijndael-256". The script above only reflects one, but I've tested both with fail.

I figured it out. https://www.autoitscript.com/forum/topic/170488-yet-another-php-autoit-encryption-example/?do=findComment&comment=1246447

 

Edited by BinaryBrother

SIGNATURE_0X800007D NOT FOUND

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...