Sign in to follow this  
Followers 0
bcording

Rc4 Encryption

16 posts in this topic

#1 ·  Posted (edited)

I do not take credit for this, I simply ported it into AutoIt script.

;This script performs 'RC4' Stream Encryption (Based on what is widely thought to be RSA's
;RC4 algorithm. It produces output streams that are identical to the commercial products)

;To ENcrypt and to DEcrypt your data.
Func EnDeCrypt($plaintxt, $psw)
    Local $a, $b, $i, $j, $k, $cipherby, $cipher
    Local $tempSwap, $temp, $intLength
    Local $sbox[256]
    Local $key[256]

    $intLength = StringLen($psw)
    For $a = 0 To 255
        $key[$a] = asc(Stringmid($psw, Mod($a ,$intLength)+1, 1))
        $sbox[$a] = $a
    Next

    $b = 0
    For $a = 0 To 255
        $b = Mod(($b + $sbox[$a] + $key[$a]),256)
        $tempSwap = $sbox[$a]
        $sbox[$a] = $sbox[$b]
        $sbox[$b] = $tempSwap
    Next

    For $a = 1 To StringLen($plaintxt)
        $i = Mod(($i + 1) ,256)
        $j = Mod(($j + $sbox[$i]) ,256)
        $k = $sbox[Mod(($sbox[$i] + $sbox[$j]) , 256)]

        $cipherby = BitXOR(Asc(StringMid($plaintxt, $a, 1)) , $k)
        $cipher = $cipher & Chr($cipherby)
    Next

    Return $cipher
EndFunc
Edited by bcording

Share this post


Link to post
Share on other sites



i don't get it ... y is there no response to this script... i've just checked it and its really good and very useful.

great work bcording, and thanx for sharing!

Share this post


Link to post
Share on other sites

Good work, but unfortunately this not working. It seems because algorithm outputs null characters, that does not supported by Autoit. So output stream is correct only before first null char.

$text = "This script performs 'RC4' Stream Encryption"
$key = "password"

$encoded = EnDeCrypt($text, $key)
$decoded = EnDeCrypt($encoded, $key)

MsgBox (0, "Result", $decoded)

Share this post


Link to post
Share on other sites

there are three useless lines in the code, remove them from the 3rd loop:

$temp = $sbox[$i]

$sbox[$i] = $sbox[$j]

$sbox[$j] = $temp

then the code works.

Share this post


Link to post
Share on other sites

Thanks for the feedback guys. Like I said, I didn't write this, I just ported it. I've remove the offending lines from the original post.

Share this post


Link to post
Share on other sites

Digging up an old thread...

There's something just a bit off about this port. It doesn't produce true RC4 encrypted strings for me. Using the C implementation found here and my own AutoIt implementation of the same code, I get a different encrypted result than bcordings port. My results are identical to the C version's results, so much so that I can paste an encrypted string generated by my AutoIt code into the C version and it'll spit out the proper decrypted string.

I'm unable to actually see the issue, though. bcording's version made a few changes to the C implementation due to how AutoIt works, but beyond that, it seems identical, except for it not producing real RC4 compatible results.

I'll post more later and my version as well. I want to run some more tests on mine first.

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Digging up an old thread... 

There's something just a bit off about this port.  It doesn't produce true RC4 encrypted strings for me.  Using the C implementation found here and my own AutoIt implementation of the same code, I get a different encrypted result than bcordings port.  My results are identical to the C version's results, so much so that I can paste an encrypted string generated by my AutoIt code into the C version and it'll spit out the proper decrypted string.

I'm unable to actually see the issue, though.  bcording's version made a few changes to the C implementation due to how AutoIt works, but beyond that, it seems identical, except for it not producing real RC4 compatible results.

I'll post more later and my version as well.  I want to run some more tests on mine first.

<{POST_SNAPBACK}>

I get the same feelling that the bcording was not the same as my AutoIt version

I include both in the include file

Can you check which is right?

Edited by jpm

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

I get the same feelling that the bcording was not the same as my AutoIt version

I include both in the include file

Can you check which is right?

<{POST_SNAPBACK}>

Are you talking about _StringEncrypt() in String.au3? Using the default level of encryption, which should be just one pass, I don't get an RC4 encrypted string back. I get an encrypted string alright, but I can't decrypt it with my AutoIt version or the C version I linked to; I have to use _StringEncrypt() again.

In fairness, it does say it's based on RC4, not a direct implementation of it.

Edit: Saw your attachment. Ignore that. I'll post back in a bit.

Why do you encode the result into Hex? Is it to avoid having a NULL character? If so, there's an easier way. Just check to see if the character is 0 before adding it to the string, if it is, leave it in its original state. This produces a non-RC4 string, but it will still decrypt okay and be almost compatible.

Edited by Valik

Share this post


Link to post
Share on other sites

Are you talking about _StringEncrypt() in String.au3?  Using the default level of encryption, which should be just one pass, I don't get an RC4 encrypted string back.  I get an encrypted string alright, but I can't decrypt it with my AutoIt version or the C version I linked to; I have to use _StringEncrypt() again.

In fairness, it does say it's based on RC4, not a direct implementation of it.

Edit: Saw your attachment.  Ignore that.  I'll post back in a bit.

Why do you encode the result into Hex?  Is it to avoid having a NULL character?  If so, there's an easier way.  Just check to see if the character is 0 before adding it to the string, if it is, leave it in its original state.  This produces a non-RC4 string, but it will still decrypt okay and be almost compatible.

<{POST_SNAPBACK}>

right hex for handling NULL Character. If my code fit the C implementation just update it

Share this post


Link to post
Share on other sites

right hex for handling NULL Character. If my code fit the C implementation just update it

<{POST_SNAPBACK}>

Function RC4() is identical to bcording's. Removing the hex encoding stuff, the two are completly interchangeable. I haven't had a go at the other function yet.

Share this post


Link to post
Share on other sites

Function RC4() is identical to bcording's.  Removing the hex encoding stuff, the two are completly interchangeable.  I haven't had a go at the other function yet.

<{POST_SNAPBACK}>

mine is RC4_() the one of bcording is rc4(). You can see in the uploaded example differences starting in the hex string above the OK on the first line

Share this post


Link to post
Share on other sites

mine is RC4_() the one of bcording is rc4(). You can see in the uploaded example differences starting in the hex string above the OK on the first line

<{POST_SNAPBACK}>

Yours is RC4, JP. And guess what, I finally spotted why bcording's doesn't work. rathore broke it! He said to remove these lines:

$temp = $sbox[$i]
$sbox[$i] = $sbox[$j]
$sbox[$j] = $temp

The problem is, those lines are necessary, its part of the algorithm. The swapping is required, its not like the state table isn't accessed again or something, those values have to be swapped both for future iterations across the data and for the XOR call which comes next. When I noticed this and added a swap back in, bcording's started producing the correct result, too. I don't know why rathore said to remove it in the first place, but it hosed RC4 compatibility when it did so.

Share this post


Link to post
Share on other sites

Yours is RC4, JP.  And guess what, I finally spotted why bcording's doesn't work.  rathore broke it!  He said to remove these lines:

$temp = $sbox[$i]
$sbox[$i] = $sbox[$j]
$sbox[$j] = $temp

The problem is, those lines are necessary, its part of the algorithm.  The swapping is required, its not like the state table isn't accessed again or something, those values have to be swapped both for future iterations across the data and for the XOR call which comes next.  When I noticed this and added a swap back in, bcording's started producing the correct result, too.  I don't know why rathore said to remove it in the first place, but it hosed RC4 compatibility when it did so.

<{POST_SNAPBACK}>

Thanks,

I was almost sure mine was rc4_(). I need to allocate more budget to my glasses buying. Once again ... :lmao:

Share this post


Link to post
Share on other sites

I do not take credit for this, I simply ported it into AutoIt script.

;This script performs 'RC4' Stream Encryption (Based on what is widely thought to be RSA's
;RC4 algorithm. It produces output streams that are identical to the commercial products)

;To ENcrypt and to DEcrypt your data.
Func EnDeCrypt($plaintxt, $psw)
    Local $a, $b, $i, $j, $k, $cipherby, $cipher
    Local $tempSwap, $temp, $intLength
    Local $sbox[256]
    Local $key[256]

    $intLength = StringLen($psw)
    For $a = 0 To 255
        $key[$a] = asc(Stringmid($psw, Mod($a ,$intLength)+1, 1))
        $sbox[$a] = $a
    Next

    $b = 0
    For $a = 0 To 255
        $b = Mod(($b + $sbox[$a] + $key[$a]),256)
        $tempSwap = $sbox[$a]
        $sbox[$a] = $sbox[$b]
        $sbox[$b] = $tempSwap
    Next

    For $a = 1 To StringLen($plaintxt)
        $i = Mod(($i + 1) ,256)
        $j = Mod(($j + $sbox[$i]) ,256)
        $k = $sbox[Mod(($sbox[$i] + $sbox[$j]) , 256)]

        $cipherby = BitXOR(Asc(StringMid($plaintxt, $a, 1)) , $k)
        $cipher = $cipher & Chr($cipherby)
    Next

    Return $cipher
EndFunc

<{POST_SNAPBACK}>

Hi Great job dude :lmao: <Thx you)

Share this post


Link to post
Share on other sites

My implementation is posted here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0