0

I am trying to adapt the following functions in PowerShell to PHP:

function EncryptDES
{
Param(
    [String] $plainText,
    [byte[]] $Key,
    [byte[]] $Iv
)

    $tdsAlg = New-Object System.Security.Cryptography.DESCryptoServiceProvider
    $tdsAlg.Key = $Key
    $tdsAlg.IV = $Iv
    $encrypt = $tdsAlg.CreateEncryptor($tdsAlg.Key, $tdsAlg.IV)
    $msEncrypt = New-Object System.IO.MemoryStream
    $csEncrypt = New-Object System.Security.Cryptography.CryptoStream $msEncrypt, $encrypt, "Write"
    $swEncrypt = New-Object System.IO.StreamWriter $csEncrypt
    $swEncrypt.Write($plainText)
    $swEncrypt.Close()
    $csEncrypt.Close()
    $msEncrypt.Close()
    $encrypt.Clear()
    $encrypted = $msEncrypt.ToArray()
    $result = [Convert]::ToBase64String($encrypted)
    return $result;        
}

function DecryptDES
{
Param(
    [String] $encrypted,
    [byte[]] $Key,
    [byte[]] $Iv
)
    [byte[]]$NewStr = [System.Convert]::FromBase64String($encrypted)
    $tdsAlg = New-Object System.Security.Cryptography.DESCryptoServiceProvider
    $tdsAlg.Key = $Key
    $tdsAlg.IV = $Iv
    $encrypt = $tdsAlg.CreateDecryptor($tdsAlg.Key, $tdsAlg.IV)
    $msEncrypt = New-Object System.IO.MemoryStream @(,$NewStr)
    $csEncrypt = New-Object System.Security.Cryptography.CryptoStream $msEncrypt, $encrypt, "Read"
    $swEncrypt = New-Object System.IO.StreamReader $csEncrypt
    [String]$result = $swEncrypt.ReadToEnd()
    $swEncrypt.Close()
    $csEncrypt.Close()
    $msEncrypt.Close()
    $encrypt.Clear()

    return $result;     
}

I am trying to convert this code to an equivalent in PHP using the openssl_decrypt and openssl_encrpyt function, I tried with the following code but I do not get anything:

function encrypt_decrypt($action, $string) {
    $output = false;
    $encrypt_method = "AES-256-CBC";
    $secret_key = 'This is my secret key';
    $secret_iv = 'This is my secret iv';
    // hash
    $key = hash('sha256', $secret_key);

    // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
    $iv = substr(hash('sha256', $secret_iv), 0, 16);
    if ( $action == 'encrypt' ) {
        $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
        $output = base64_encode($output);
    } else if( $action == 'decrypt' ) {
        $output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
    }
    return $output;
}

If someone could guide me, I would appreciate your help, thank you

Victor
  • 1
  • 3

1 Answers1

0

This was the solution that I developed and it works perfect:

<?php
$txt = 'ciphertext';
$key = '12345678';
$iv = '12345678';
$method = 'des-cbc';
// cipher_text
$code = openssl_encrypt($txt, $method, $key, true, $iv);

// ciper_text with base64_encode();
echo base64_encode($code);

// decrypt method
$result = openssl_decrypt($code, $method, $key, 1, $iv);
echo $result;
?>
Victor
  • 1
  • 3
  • 1
    Please stop using DES. DES have way too short a key length and have been broken for > 20 years. – Ebbe M. Pedersen Dec 18 '18 at 21:53
  • That's right, but I can not ask the malware authors to modify their encryption, my mission is to analyze the malware not to give recommendations to the cyber criminals, anyway, thank you very much for the advice, I will keep it in mind – Victor Dec 19 '18 at 23:04