1

So i've been working at this function and i'm not sure what's wrong.

I get encrypted data and key:

$key = 'aaaaaaaabbbbbbbbccccccccdddddddd';
$data = 'b5057bbc04b842a96144a0f617f2820e';

I've gone and converted them into binary:

$key = pack('H*',$key);
$data = pack('H*',$data);

And ran the decryption function:

echo bin2hex(mcrypt_decrypt(Mcrypt_3des, $key, $data, MCRYPT_MODE_ECB));

However what I get returned is this : e2119b734b5050e3fa8717ee17f3a548

But if I run the same decryption on http://tripledes.online-domain-tools.com/ or http://www.emvlab.org/descalc/?key=aaaaaaaabbbbbbbbccccccccdddddddd&iv=0000000000000000&input=b5057bbc04b842a96144a0f617f2820e&mode=ecb&action=Decrypt&output=54657374313233313233000000000000

It actually decrpyts to 54 65 73 74 31 32 33 31 32 33 00 00 00 00 00 00

which is actually Test123123

Any suggestions of what could be the problem?

EDIT:

I have tried switching to openssl_decrypt

However I keep getting a false returned.

Code:

$result = openssl_decrypt($data,'des-ede3', $key);
result = bool(false)
jww
  • 97,681
  • 90
  • 411
  • 885
Derek
  • 2,927
  • 3
  • 20
  • 33
  • 2
    Just as an FYI, [mcrypt is a dead project](https://blog.remirepo.net/post/2015/07/07/About-libmcrypt-and-php-mcrypt) and might be removed from a future version of PHP – Machavity Dec 06 '16 at 17:36
  • @Machavity Good to know, would there be any newer functions that I could have used instead? – Derek Dec 06 '16 at 17:37
  • https://secure.php.net/openssl_decrypt – Narf Dec 06 '16 at 17:41
  • Where do people keep getting this mcrypt code from? – Luke Joshua Park Dec 06 '16 at 22:07
  • @LukePark on this website – Derek Dec 06 '16 at 22:11
  • 1
    Do you see the countless warnings underneath that say not to use it? I feel like no one ever does! – Luke Joshua Park Dec 06 '16 at 22:12
  • @LukePark I do see the warning however the hardware that I am working with only does that. – Derek Dec 06 '16 at 22:13
  • I'm fairly sure your hardware will support the equivalent OpenSSL functions. – Luke Joshua Park Dec 06 '16 at 22:14
  • @LukePark As you can see on the question I have tried that too. – Derek Dec 06 '16 at 22:16
  • @LukePark And your responses have not helped with the question. – Derek Dec 06 '16 at 22:21
  • Well don't get bitter. It's likely a padding problem. Mcrypt doesn't support pkcs7 padding. Another reason to use OpenSSL. Also DES should not be used, it's 2016. This isn't for production right? – Luke Joshua Park Dec 06 '16 at 22:23
  • 1
    It is best not to use mcrypt, it is abandonware, has not been updated in years and does not support standard PKCS#7 (née PKCS#5) padding, only non-standard null padding that can't even be used with binary data. mcrypt has many outstanding [bugs](https://sourceforge.net/p/mcrypt/bugs/) dating back to 2003. Instead consider using [defuse](https://github.com/defuse/php-encryption) or [RNCryptor](https://github.com/RNCryptor), they provide a complete solution and are being maintained and is correct. – zaph Mar 22 '17 at 17:03

1 Answers1

0

I was able to get it working using open SSLs decryption function:

$key = 'aaaaaaaabbbbbbbbccccccccdddddddd';
$key = pack('H*',$key);

// DATA
$data = 'b5057bbc04b842a96144a0f617f2820e';
$data = pack('H'.strlen($key),$data);

// DECRYPT OPEN SSL
$result = openssl_decrypt($data,'des-ede', $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING);
Tony
  • 2,890
  • 1
  • 24
  • 35