kolad

_Crypt_EncryptData issues

5 posts in this topic

Hello All,

I have the following issue with using the _Crypt_EncryptData autoit function which I understand is merely a wrapper around the advapi dll's CryptEncrypt function. Part of the functionality of my script is to read a file in chunks(I cannot avoid that) encrypt the data and write it into a separate file on the disk. To read and write I use the _WinAPI_ReadFile and _WinAPI_WriteFile function. The buffer size usually is 1MB. Sometimes it's smaller, but never more than that. In order to verify the integrity of the resulting file I decrypt it with the sample script in the help for the _Crypt_DecryptFile function. I'm using a hex editor to compare the source and target files. For the most part they are the same, but It looks like there are discrepancies always with a size of 16 bytes in the files.

For example: the original will be F0 FF FF FF 48 2F 0F 00 C0 2F 0F 00 00 00 00 00 68 62 69 6E 00 10 0F 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

the decrypted will be                   F0 FF FF FF 48 2F 0F 00 C0 2F 0F 00 00 00 00 00 2C 34 F4 B2 D7 2C 9C 62 DF 54 3C 50 63 04 52 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

The code I'm using is below. What am I doing wrong? Please help. I think I've tried almost everything and I still can't figure out what is causing this.I've read that the CryptEncrypt win32 api function is not thread safe, but my script isn't multithreaded. Is it possible that it's feeding in the write buffer with data taken from somewhere else

_WinAPI_ReadFile($hFile, DllStructGetPtr($readbuffer), DllStructGetSize($readbuffer), $nBytes)

if $final Then

$varEncrypted = _Crypt_EncryptData(DllStructGetData($readbuffer, 1), "pass", $CALG_AES_128, True)
$writebuffer = DllStructCreate("byte["& BinaryLen($varEncrypted) &"]")
DllStructSetData($writebuffer, 1, $varEncrypted)
_WinAPI_WriteFile($targetFile, DllStructGetPtr($writebuffer), DllStructGetSize($writebuffer), $nBytes)
else
$varEncrypted = _Crypt_EncryptData(DllStructGetData($readbuffer, 1), "pass", $CALG_AES_128, False)
$writebuffer = DllStructCreate("byte["& BinaryLen($varEncrypted) &"]")
DllStructSetData(writebuffer, 1, $varEncrypted)
_WinAPI_WriteFile($targetFile, DllStructGetPtr($writebuffer), DllStructGetSize($writebuffer), $nBytes)
endif

 

Share this post


Link to post
Share on other sites



Anyone has a suggestion?

Share this post


Link to post
Share on other sites

Is the $final flag correctly setup?


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

It should be. I'm checking whether I'm at the very last piece of the file and without the encryption routine it works flawlesly. I guess it has to do with a buffer size or alignment, but nothing obvious seems to catch my eye.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

I've tried to narrow down the possibilities so I've created a sample code that has nothing to do with my original code and still produces the very same tampered output.

The source file I've created is 8192 bytes in size filled with zeroes. At the start of the second part instead of zeroes there's some gibberish data with a length of 16 bytes. I've also checked with the Crypt.au3 file for the _Crypt_EncryptData function and saw that in its declaration the $bFinal variable is set to True "Func _Crypt_EncryptData($vData, $vCryptKey, $iAlgID, $bFinal = True)". That seemed a bit odd, but even removing the assignment of True to it it still produces the same gibberish data at the end of the first part.

 

Local $nBytes
$targetFile = _WinAPI_CreateFile(@ScriptDir & "\destination.bin", 1)
$hFile = _WinAPI_CreateFile(@ScriptDir & "\source.bin", 2, 6, 6)
$sBuffer = DllStructCreate("byte[4096]")
_WinAPI_SetFilePointerEx($hFile, 0, $FILE_BEGIN)


for $i = 1 to 2
    _WinAPI_ReadFile($hFile, DllStructGetPtr($sBuffer), DllStructGetSize($sBuffer), $nBytes)
    if $i = 1 Then
        $encryptedvar = _Crypt_EncryptData(DllStructGetData($sBuffer, 1), "pass", $CALG_AES_128, False)
        $targetbuffer = DllStructCreate("byte["& BinaryLen($encryptedvar) &"]")
        DllStructSetData($targetbuffer, 1, $encryptedvar)
        _WinAPI_WriteFile($targetFile, DllStructGetPtr($targetbuffer), DllStructGetSize($targetbuffer), $nBytes)
    Else
        $encryptedvar = _Crypt_EncryptData(DllStructGetData($sBuffer, 1), "pass", $CALG_AES_128, True)
        $targetbuffer = DllStructCreate("byte["& BinaryLen($encryptedvar) &"]")
        DllStructSetData($targetbuffer, 1, $encryptedvar)
        _WinAPI_WriteFile($targetFile, DllStructGetPtr($targetbuffer), DllStructGetSize($targetbuffer), $nBytes)
    EndIf
Next

_WinAPI_FlushFileBuffers($targetFile)
_WinAPI_CloseHandle($hFile)
_WinAPI_CloseHandle($targetFile)

 

Edited by kolad

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now