0

I'm trying to decrypt a Rijndael-128 encrypted cipher, these are the values:

Cipher: "QfJzZ9V6Jm43jYPiVaXP9mu+f88S/JC24saHbOMxxC8="
Key: "45744855535472525844494538555934",
Mode: CBC

Result should be: "abcd@1234"

This website seems to decrypt the cipher just fine: https://codebeautify.org/encrypt-decrypt

I'm trying to do the same thing in C# with absolutely no luck, what am I missing here?

class Program
{
    static void Main(string[] args)
    {
        var text = Decrypt("QfJzZ9V6Jm43jYPiVaXP9mu+f88S/JC24saHbOMxxC8=", Convert.FromBase64String("45744855535472525844494538555934"));
    }

    public static string Decrypt(string Text, byte[] keyBytes)
    {
        var textBytes = Convert.FromBase64String(Text);

        var rijKey = new RijndaelManaged();

        rijKey.IV = textBytes.Take(rijKey.BlockSize / 8).ToArray(); 

        rijKey.Padding = PaddingMode.None;

        rijKey.Mode = CipherMode.CBC;

        var  decryptor = rijKey.CreateDecryptor(keyBytes, rijKey.IV);

        var memoryStream = new MemoryStream(textBytes);

        var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);

        var pTextBytes = new byte[textBytes.Length];

        var decryptedByteCount = cryptoStream.Read(pTextBytes, 0, pTextBytes.Length);

        memoryStream.Close();

        cryptoStream.Close();

        string plainText = Encoding.UTF8.GetString(pTextBytes, 0, decryptedByteCount);

        return plainText;
    }
}
mahmoudmh
  • 51
  • 1
  • 7
  • Can you elaborate on what your end goal here? Is it to decrypt Rijndael encrypted data? If so, perhaps it would be more useful to look at the source of that data, how it arrives at those things. If your goal is to decrypt data encrypted by that website, I'm pretty sure you need to know how that website is doing it. – Lasse V. Karlsen Nov 23 '20 at 12:14
  • my end goal is to know how to decrypt this string, I have many more strings that I need to decrypt and I only have the cipher and the key, I want to know how this website does it without the iv (or how it's extracting it) and replicate that in my code so I can decrypt all values. the number of values is huge (hundreds of thousands), hence, I can't use the website to decrypt them one by one. – mahmoudmh Nov 24 '20 at 07:44

1 Answers1

0

The problem with your code is this line:

rijKey.GenerateIV();

You need the original IV. You can't just use a random one.

If you go to the site you linked to, each time you press encrypt with the key and text you have given, you get a different encrypted text (because a random IV is used). The web page must be prepending the random IV used to encrypt to the encrypted text (or less likely, the web page is storing it), which is why it can then decrypt the encrypted text.

[Your code also needs using statements.]

Is it possible to NOT use the IV when implementing Rijndael decryption?

How to Use Rijndael ManagedEncryption with C#

Sabrina
  • 2,531
  • 1
  • 32
  • 30
Mitch Wheat
  • 295,962
  • 43
  • 465
  • 541
  • Still it is able to decrypt the input given in the question so clearly there has to be a way to get the "right" IV for that particular example at least. I tried a 16-byte 0-array, but that was not it. – Lasse V. Karlsen Nov 23 '20 at 08:09
  • @LasseV.Karlsen: I believe the IV is either prepended or appended to the encrypted text, but as the OP doesn't seem to be present, I haven't put in any more effort. – Mitch Wheat Nov 23 '20 at 08:37
  • I tried just grabbing the first 16 bytes from the "textBytes" as the IV, but that also produces corrupt output, so it's not as simple as that at least. I think OP won't know so I guess the real question is how that website is doing it. IV is not the last 16 bytes either. – Lasse V. Karlsen Nov 23 '20 at 08:40
  • and I just tested; 99.9% sure the IV is present in the encrypted text. I encrypted "abcd@1234" using OP's key, closed web site, re-opened web site, entered the encrypted text and key and it decrypted fine. – Mitch Wheat Nov 23 '20 at 08:45
  • I tried `rijKey.IV = textBytes.Take(rijKey.BlockSize / 8).ToArray(); textBytes = textBytes.Skip(rijKey.BlockSize / 8).ToArray();` – Lasse V. Karlsen Nov 23 '20 at 08:48
  • @LasseV.Karlsen yes, this is what's confusing me, the website seems to decrypt it just fine so I'm pretty sure the iv is somewhere in the cipher text, the question is where? I tried also taking the first 16 bytes and the last 16 bytes as IV and it still didn't return me the expected result. – mahmoudmh Nov 23 '20 at 10:43
  • @MitchWheat: Looks like straight CBC to me with the first 16 bytes as the IV. The website does use zero padding (bytes of 0x00) for the last block however. And of course the output is base64 encoded. – President James K. Polk Nov 23 '20 at 17:34
  • @MahmoudMh: "so I'm pretty sure the iv is somewhere in the cipher text" - and yet your code snippet does not attempt to retrieve the IV, instead generates a random IV. – Mitch Wheat Nov 24 '20 at 00:41
  • @MahmoudMh: altering teh code in place is somewhat frowned upon, as it tends to invalidate existing answers. – Mitch Wheat Nov 24 '20 at 07:57