Rc4 Encryption

[bcording]

I do not take credit for this, I simply ported it into AutoIt script.

;This script performs 'RC4' Stream Encryption (Based on what is widely thought to be RSA's
;RC4 algorithm. It produces output streams that are identical to the commercial products)

;To ENcrypt and to DEcrypt your data.
Func EnDeCrypt($plaintxt, $psw)
    Local $a, $b, $i, $j, $k, $cipherby, $cipher
    Local $tempSwap, $temp, $intLength
    Local $sbox[256]
    Local $key[256]

    $intLength = StringLen($psw)
    For $a = 0 To 255
        $key[$a] = asc(Stringmid($psw, Mod($a ,$intLength)+1, 1))
        $sbox[$a] = $a
    Next

    $b = 0
    For $a = 0 To 255
        $b = Mod(($b + $sbox[$a] + $key[$a]),256)
        $tempSwap = $sbox[$a]
        $sbox[$a] = $sbox[$b]
        $sbox[$b] = $tempSwap
    Next

    For $a = 1 To StringLen($plaintxt)
        $i = Mod(($i + 1) ,256)
        $j = Mod(($j + $sbox[$i]) ,256)
        $k = $sbox[Mod(($sbox[$i] + $sbox[$j]) , 256)]

        $cipherby = BitXOR(Asc(StringMid($plaintxt, $a, 1)) , $k)
        $cipher = $cipher & Chr($cipherby)
    Next

    Return $cipher
EndFunc

Edited May 24, 2004 by bcording

[Guest rathore]

i don't get it ... y is there no response to this script... i've just checked it and its really good and very useful.

great work bcording, and thanx for sharing!

[Josbe]

Thank you for sharing another Encryption function, bcording!

It's useful.

[Lazycat]

Good work, but unfortunately this not working. It seems because algorithm outputs null characters, that does not supported by Autoit. So output stream is correct only before first null char.

$text = "This script performs 'RC4' Stream Encryption"
$key = "password"

$encoded = EnDeCrypt($text, $key)
$decoded = EnDeCrypt($encoded, $key)

MsgBox (0, "Result", $decoded)

[Guest rathore]

there are three useless lines in the code, remove them from the 3rd loop:

$temp = $sbox[$i]

$sbox[$i] = $sbox[$j]

$sbox[$j] = $temp

then the code works.

[bcording]

Thanks for the feedback guys. Like I said, I didn't write this, I just ported it. I've remove the offending lines from the original post.

[Valik]

Digging up an old thread...

There's something just a bit off about this port. It doesn't produce true RC4 encrypted strings for me. Using the C implementation found here and my own AutoIt implementation of the same code, I get a different encrypted result than bcordings port. My results are identical to the C version's results, so much so that I can paste an encrypted string generated by my AutoIt code into the C version and it'll spit out the proper decrypted string.

I'm unable to actually see the issue, though. bcording's version made a few changes to the C implementation due to how AutoIt works, but beyond that, it seems identical, except for it not producing real RC4 compatible results.

I'll post more later and my version as well. I want to run some more tests on mine first.

[jpm]

Digging up an old thread... 

There's something just a bit off about this port.  It doesn't produce true RC4 encrypted strings for me.  Using the C implementation found here and my own AutoIt implementation of the same code, I get a different encrypted result than bcordings port.  My results are identical to the C version's results, so much so that I can paste an encrypted string generated by my AutoIt code into the C version and it'll spit out the proper decrypted string.

I'm unable to actually see the issue, though.  bcording's version made a few changes to the C implementation due to how AutoIt works, but beyond that, it seems identical, except for it not producing real RC4 compatible results.

I'll post more later and my version as well.  I want to run some more tests on mine first.

<{POST_SNAPBACK}>

I get the same feelling that the bcording was not the same as my AutoIt version

I include both in the include file

Can you check which is right?

Edited January 28, 2005 by jpm

[Valik]

I get the same feelling that the bcording was not the same as my AutoIt version

I include both in the include file

Can you check which is right?

<{POST_SNAPBACK}>

Are you talking about _StringEncrypt() in String.au3? Using the default level of encryption, which should be just one pass, I don't get an RC4 encrypted string back. I get an encrypted string alright, but I can't decrypt it with my AutoIt version or the C version I linked to; I have to use _StringEncrypt() again.

In fairness, it does say it's based on RC4, not a direct implementation of it.

Edit: Saw your attachment. Ignore that. I'll post back in a bit.

Why do you encode the result into Hex? Is it to avoid having a NULL character? If so, there's an easier way. Just check to see if the character is 0 before adding it to the string, if it is, leave it in its original state. This produces a non-RC4 string, but it will still decrypt okay and be almost compatible.

Edited January 28, 2005 by Valik

[jpm]

Are you talking about _StringEncrypt() in String.au3?  Using the default level of encryption, which should be just one pass, I don't get an RC4 encrypted string back.  I get an encrypted string alright, but I can't decrypt it with my AutoIt version or the C version I linked to; I have to use _StringEncrypt() again.

In fairness, it does say it's based on RC4, not a direct implementation of it.

Edit: Saw your attachment.  Ignore that.  I'll post back in a bit.

Why do you encode the result into Hex?  Is it to avoid having a NULL character?  If so, there's an easier way.  Just check to see if the character is 0 before adding it to the string, if it is, leave it in its original state.  This produces a non-RC4 string, but it will still decrypt okay and be almost compatible.

<{POST_SNAPBACK}>

right hex for handling NULL Character. If my code fit the C implementation just update it

[Valik]

right hex for handling NULL Character. If my code fit the C implementation just update it

<{POST_SNAPBACK}>

Function RC4() is identical to bcording's. Removing the hex encoding stuff, the two are completly interchangeable. I haven't had a go at the other function yet.

[jpm]

Function RC4() is identical to bcording's.  Removing the hex encoding stuff, the two are completly interchangeable.  I haven't had a go at the other function yet.

<{POST_SNAPBACK}>

mine is RC4_() the one of bcording is rc4(). You can see in the uploaded example differences starting in the hex string above the OK on the first line

[Valik]

mine is RC4_() the one of bcording is rc4(). You can see in the uploaded example differences starting in the hex string above the OK on the first line

<{POST_SNAPBACK}>

Yours is RC4, JP. And guess what, I finally spotted why bcording's doesn't work. rathore broke it! He said to remove these lines:

$temp = $sbox[$i]
$sbox[$i] = $sbox[$j]
$sbox[$j] = $temp

The problem is, those lines are necessary, its part of the algorithm. The swapping is required, its not like the state table isn't accessed again or something, those values have to be swapped both for future iterations across the data and for the XOR call which comes next. When I noticed this and added a swap back in, bcording's started producing the correct result, too. I don't know why rathore said to remove it in the first place, but it hosed RC4 compatibility when it did so.

[jpm]

Yours is RC4, JP.  And guess what, I finally spotted why bcording's doesn't work.  rathore broke it!  He said to remove these lines:

$temp = $sbox[$i]
$sbox[$i] = $sbox[$j]
$sbox[$j] = $temp

The problem is, those lines are necessary, its part of the algorithm.  The swapping is required, its not like the state table isn't accessed again or something, those values have to be swapped both for future iterations across the data and for the XOR call which comes next.  When I noticed this and added a swap back in, bcording's started producing the correct result, too.  I don't know why rathore said to remove it in the first place, but it hosed RC4 compatibility when it did so.

<{POST_SNAPBACK}>

Thanks,

I was almost sure mine was rc4_(). I need to allocate more budget to my glasses buying. Once again ...

[DirtyBanditos]

I do not take credit for this, I simply ported it into AutoIt script.

;This script performs 'RC4' Stream Encryption (Based on what is widely thought to be RSA's
;RC4 algorithm. It produces output streams that are identical to the commercial products)

;To ENcrypt and to DEcrypt your data.
Func EnDeCrypt($plaintxt, $psw)
    Local $a, $b, $i, $j, $k, $cipherby, $cipher
    Local $tempSwap, $temp, $intLength
    Local $sbox[256]
    Local $key[256]

    $intLength = StringLen($psw)
    For $a = 0 To 255
        $key[$a] = asc(Stringmid($psw, Mod($a ,$intLength)+1, 1))
        $sbox[$a] = $a
    Next

    $b = 0
    For $a = 0 To 255
        $b = Mod(($b + $sbox[$a] + $key[$a]),256)
        $tempSwap = $sbox[$a]
        $sbox[$a] = $sbox[$b]
        $sbox[$b] = $tempSwap
    Next

    For $a = 1 To StringLen($plaintxt)
        $i = Mod(($i + 1) ,256)
        $j = Mod(($j + $sbox[$i]) ,256)
        $k = $sbox[Mod(($sbox[$i] + $sbox[$j]) , 256)]

        $cipherby = BitXOR(Asc(StringMid($plaintxt, $a, 1)) , $k)
        $cipher = $cipher & Chr($cipherby)
    Next

    Return $cipher
EndFunc

<{POST_SNAPBACK}>

Hi Great job dude <Thx you)

[Valik]

My implementation is posted here.