2

I have to decrypt data in PHP that was encrypted IN VB. When I decrypt numbers I have no problem, but when I decrypt text I only get the first 8 characters and then random. This is the key "a1R@f7D$" This is what I am trying to decrypt:

LwEe+sQCn63m9kjtqiy67ul5R1Ng7SZPVO4YYxQvZtUZBwNTb+Ey0qCNsrczI4jN

And I get this:

{Preinsc]hn��m�ȕ�!��^߇� $!  �E&;�e^#S�)6Ui�4�

I tried with MCRYPT_RIJNDAEL_256 and ecb but none worked to me.

function decrypt($data ){
   $encryption_key = "a1R@f7D$";
    $data = urldecode($data);
    $key = md5(utf8_encode($encryption_key), true);
    //Take first 8 bytes of $key and append them to the end of $key.
    $key .= substr($key, 0, 8);
    $data = base64_decode($data);
    $data = mcrypt_decrypt('tripledes', $key, $data, 'ecb');
    $block = mcrypt_get_block_size('tripledes', 'ecb');
    $len = strlen($data);
    $pad = ord($data[$len-1]);
    return substr($data, 0, strlen($data) - $pad);
}

This is the function that encrypted this:


Public Shared Function tryingTripleDes (ByVal value As String, ByVal key As String) As String

        Dim des As New Security.Cryptography.TripleDESCryptoServiceProvider

        des.IV des.IV = New Byte(7) {}

        Dim pdb As New Security.Cryptography.PasswordDeriveBytes(key, New Byte(-1) {})

        des.Key = pdb.CryptDeriveKey("RC2", "MD5", 128, New Byte(7) {})

        Dim ms As New IO.MemoryStream((value.Length * 2) - 1)

        Dim encStream As New Security.Cryptography.CryptoStream(ms, des.CreateEncryptor(), Security.Cryptography.CryptoStreamMode.Write)

        Dim plainBytes As Byte() = Text.Encoding.UTF8.GetBytes(value)

        encStream.Write(plainBytes, 0, plainBytes.Length)

        encStream.FlushFinalBlock()

        Dim encryptedBytes(CInt(ms.Length - 1)) As Byte

        ms.Position = 0

        ms.Read(encryptedBytes, 0, CInt(ms.Length))

        encStream.Close()

        Return Convert.ToBase64String(encryptedBytes)

    End Function
BrianS
  • 57
  • 5
  • Is `{Preinsc` the correct string? I guess you could use `substr`. I'd prefer to decrypt correctly though. Don't use the `utf8_encode`, that string isn't `ISO-8859-1`. .... or mayb I've misread `Is there a reason to just get the first 8 characters?` and you didn't mean `a way`? – user3783243 May 15 '19 at 14:18
  • The string is supossed to be like {table.field}=44444 but I am only getting the first 8 characters – BrianS May 15 '19 at 14:22
  • How was the string encrypted? Were its bytes obtained with `Encoding.UTF8.GetBytes()` or was it some other encoding? – Andrew Morton May 15 '19 at 17:50
  • Yes, It was I`ve added the function – BrianS May 20 '19 at 10:29

1 Answers1

0

This would typically happen if the ciphertext is CBC encrypted with an all zero byte IV. Other modes may also work, but CBC is by far the most likely. Your key and cipher are correct, otherwise you will only get garbage in return - certainly not legible text.

Note that MCRYPT_RIJNDAEL_256 is not even AES, so trying that is kind of useless, you should use MCRYPT_RIJNDAEL_128 with a correctly sized key to get AES.

I won't go into the security of CBC with a zero byte IV and deprecated cipher like 3DES. It's not a good idea, especially not for transport security.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263