1

I'm writing a Vb.Net application that reads an encrypted XML file from a PHP server. I'm using the code snippets found here:

PHP Encryption & VB.net Decryption

specifically Richard Varno's answer and code. I can compare the original XML file on the PHP server to the decrypted version on VB.Net and they are identical.

The problem is that when I load the decrypted version into an XML document in Vb.Net I just get an empty document.

If I load the unencrypted version from the PHP server it's fine. I can't see any obvious difference between the two other than that one has been encrypted and then de-encrypted. Both are strings, and both have been Gzipped so why would this not work ?

Here's my code to read in the unencrypted string:

Dim request As System.Net.HttpWebRequest = System.Net.HttpWebRequest.Create(lookupUrl)

' Tell the server that we want it compressed
request.AutomaticDecompression = DecompressionMethods.GZip
request.Timeout = 3000 ' Set 3 second timeout

' Parse the contents from the response to a stream object
stream = response.GetResponseStream()

' Create a reader for the stream object
Dim reader As New StreamReader(stream)

' Read from the stream object using the reader, put the encrypted contents in a string
Dim contents As String = reader.ReadToEnd()
' Put de-encrypted contents into another string
Dim decrypted As String = ""

' Create a new, empty XML document
Dim document As New System.Xml.XmlDocument()
Console.WriteLine("Received: " & contents)

' De-encrypt the data from the response from the server
decrypted = DecryptRJ256(Globals.sKy, Globals.sIV, contents)
Console.WriteLine("Decrypted: " & decrypted)

' Load the contents into the XML document
document.LoadXml(contents)

Dim nodes As XmlNodeList =     document.DocumentElement.SelectNodes("//results/Node1")

Now the above works but if I replace

document.LoadXml(contents)

with:

document.LoadXml(decrypted)

my XML document is empty.

Community
  • 1
  • 1
Philip Lee
  • 157
  • 3
  • 16
  • 1
    Based on this info, I would have to guess your xml is not actually encrypted. What is the output where you write `"Received: " & contents)`? – Crowcoder Sep 29 '16 at 12:42
  • It is encrypted. I can't post it all as it's too long for a comment but it starts : l4QiwAAs9m/ZEetl4fsXTvBC2Y/PFtI4WEteGADcHlGHcqlr5C5N5AuVAv97bWvAqVAvLBWVDMXg6dDMNJAdDZg95soIZ/hAVkYGV4IvQHZo2emg+TVz160p6ZiW26mL3uvZOTuT722CbECIm3y4u/ and decrypting it gives me the XML that the server generated. – Philip Lee Sep 29 '16 at 13:01
  • I'm not familiar with `DecryptRJ256`. It must mutate the third parameter (`contents`), that is the only way `LoadXml(contents)` would work. What is the return value from `DecryptRJ256` ? – Crowcoder Sep 29 '16 at 13:05
  • It is exactly as I would expect e.g. 43E907 51.7536 -1.3534 262 etc ... – Philip Lee Sep 29 '16 at 13:09
  • 1
    ok, then the only advice I have left is to trap and inspect exceptions. If the document is empty it is most likely throwing an exception. – Crowcoder Sep 29 '16 at 13:12
  • I do that already - I just didn't show them to aid ease of reading. No exceptions are thrown. I've checked the line endings in a text editor and they appear to be the the same so I'm stumped ! – Philip Lee Sep 29 '16 at 13:19

1 Answers1

1

It turns out that the decryption function was padding out the end of the decrypted string with null characters. When viewed as hex these appeared as 00 but the output I had via console.writeline wasn't showing these at all.

Null characters are not valid XML which is why I wasn't getting any output.

The solution was to write a function which walked the decrypted string and stripped these using (in my case on .Net 4.0) the XmlConvert.IsXmlChar(ch) function.

Once stripped of null characters I got the expected decrypted output.

Philip Lee
  • 157
  • 3
  • 16
  • invalid padding should have thrown an exception – Crowcoder Sep 29 '16 at 14:25
  • You're right - it did but my code wasn't trapping it for some reason but it was appearing in Events tab of the Diagnostic tools. I had the Memory Usage tab selected so didn't see them. Doh ! – Philip Lee Sep 30 '16 at 05:32