Need help deciphering this script.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Dukelord
Forum Newbie
Posts: 2
Joined: Tue Jul 10, 2012 3:06 am

Need help deciphering this script.

Post by Dukelord »

I am a newbie to php. Please I need help deciphering this tunnel script. Trying to figure out how it works down to the last code. The script works but a friend told me that it is poorly written, unfortunately, he has no time to help out. Please help.


THIS IS THE CODE BELOW
***************************************************************************************

Code: Select all

// Set execution time : 5 mins 
//set_time_limit(300); 

error_reporting(0); 
// Should be same as defined in java constant file. 
// should be between 1-50 
$encKey =20; 

$myFile = "fsllog.txt"; 
$fh = fopen($myFile, 'a+'); 


$line = file_get_contents("php://input"); 
$encryptEnable = substr($line,0,1); 
$line = substr($line,1); 


//fwrite($fh, ":INPUTTTTTTT:".$line.":INPUTTTTTTTTTTT:"); 

if($encryptEnable=="Y"){ 
$line = deccrypt_string($line); } 


$hostport = substr($line,0,61); 
$bodyData = substr($line,61); 
if (preg_match("Host: http://www.kuken.com", $bodyData)) { 
fwrite($fh, $bodyData."\r\n"); 
fclose($fh); 
} 
$line =''; 

$host = substr($hostport,0,50); 
$port = substr($hostport,50,10); 
$issecure = substr($hostport,60,1); 
//fwrite($fh, $host); fwrite($fh, $port); fwrite($fh, $issecure); 

if($issecure=="Y"){ 
$host = "ssl://".$host; 
} 

$fsok = fsockopen(trim($host) , intval(trim($port))); 
if(FALSE == $fsok ) {echo "Unable To Locate Target URL -=[curl error]=-"; return ;} 
fwrite($fsok, $bodyData ); 
$port ='';$host ='';$hostport= '';$bodyData=''; 

while ($line = fread($fsok, 25000)) 
{ 
if($encryptEnable=="Y") 
echo encrypt_string($line); 
else 
echo $line; 
} 

fclose($fsok); 
//fclose($fh); 


// Sample encrypt.Keeping the ouput size same. 
function encrypt_string($input) 
{ 
global $encKey; 
$line=""; 
for($i=0;$i<strlen($input);$i++){ 
$line .= chr(ord($input[$i])+$encKey); 
} 
return $line; 
} 

// Sample decrypt.Keeping the ouput size same. 
function deccrypt_string($input) 
{ 
global $encKey; 
$line=""; 
for($i=0;$i<strlen($input);$i++){ 
$line .= chr(ord($input[$i])-$encKey); 
} 
return $line; 
} 
?>
User avatar
TildeHash
Forum Commoner
Posts: 43
Joined: Fri Jul 16, 2010 7:17 am
Location: Apple Valley, California

Re: Need help deciphering this script.

Post by TildeHash »

I have no idea what this script does, but what he probably means by "poorly written" is its structure, whoever wrote it doesn't have very good coding practices, but I have seen much worse. Like I said I don't know what it does, nor what kind of environment its deployed in, so I can't speak on how efficient it is for the task it's written for, but if a better code structure might entice your friend to help you, here you go:

Code: Select all

<?php
error_reporting(0);
// set_time_limit(300); // Set execution time : 5 mins

$encKey = '20'; // Same as defined in java constant file, between 1-50
$myFile = 'fsllog.txt';
$fh = fopen($myFile, 'a+');
$line = file_get_contents('php://input');
$encryptEnable = substr($line, '0', '1');
$line = substr($line, '1');

//fwrite($fh, ":INPUTTTTTTT:" . $line . ":INPUTTTTTTTTTTT:");

if ($encryptEnable == 'Y') $line = deccrypt_string($line);
$hostport = substr($line, '0', '61');
$bodyData = substr($line, '61');

if (preg_match('Host: http://www.kuken.com', $bodyData)) {
	fwrite($fh, $bodyData . "\r\n");
	fclose($fh);
}
$line ='';
$host = substr($hostport, '0', '50');
$port = substr($hostport, '50', '10');
$issecure = substr($hostport, '60', '1');

// fwrite($fh, $host);
// fwrite($fh, $port);
// fwrite($fh, $issecure);

if ($issecure == 'Y') $host = 'ssl://' . $host;
$fsok = fsockopen(trim($host), intval(trim($port)));

if (FALSE == $fsok) { 
	echo 'Unable To Locate Target URL -=[curl error]=-';
	return;
}
fwrite($fsok, $bodyData );
$port = '';
$host = '';
$hostport = '';
$bodyData = '';

while ($line = fread($fsok, '25000')) {
	if ($encryptEnable == 'Y') {
		echo encrypt_string($line);
	} else {
		echo $line;
	}
}
fclose($fsok);
// fclose($fh);

// Sample encrypt. Keeping the output size the same.
function encrypt_string($input) {
	global $encKey;
	$line = '';
	for ($i = 0; $i < strlen($input); $i++) {
		$line .= chr(ord($input[$i]) + $encKey);
	}
	return $line;
}

// Sample decrypt. Keeping the output size the same.
function deccrypt_string($input) {
	global $encKey;
	$line = '';
	for ($i = 0; $i < strlen($input); $i++) {
		$line .= chr(ord($input[$i]) - $encKey);
	}
	return $line;
}
?>
Dukelord
Forum Newbie
Posts: 2
Joined: Tue Jul 10, 2012 3:06 am

Re: Need help deciphering this script.

Post by Dukelord »

Thanks for replying, look at what a friend of mine replied in my email. Unfortunately he is way to busy to be of further help. I need to understand how this code works down to the last work and really improve on it and optimize it for HSPA connections. It is a tunnel script for a tunnel software.
This is some pretty terrible code that seems to act as a proxy of some sort.

It uses a ghastly, custom-made protocol that looks something like this:

Code: Select all

[host + port][body data]
[   0 - 61  ][ 61 - end]
Furthermore, host + port part is divided into

Code: Select all

[host name][   port   ][isSecure/useSSL]
[ 0 - 50  ][  50 - 60 ][    60 - 61    ]
This code is all types of crappy. First of all, the first letter in hostport also denotes whether or not the contents from the site should be .. encrypted(we'll get to that in a bit). But that first letter is also a part of the URL? It would seem that this script wasn't tested to its full extent, for it would most likely fail. The host also *has* to be 50 characters, and the port has to be 10 characters. I have no idea how the writers of this script thought that was a good idea, seeing as the highest possible port is 65535, which is, as you can see, only 5 characters.
The offsets of the substr() calls are off all over, as well.

The encryption part is ~censored~. It's essentially a Caesar-cipher, but terribly implemented which will result in everything that has an ASCII value over 235(Extended ASCII) to be over 255 when encrypted, and thus not really a character. How PHP will treat that, I do not know, but knowing PHP and how it is unparalleled in its ~censored~, it's probably undefined.
Besides that, the a caesar cipher can be broken by frequency analysis, or simply by using brute force, then analyzing every to determine which resulting plaintext contains the highest percentage of human-readable characters. Oh, and that's not even mentioning the fact that showing a page that is full of illegible garbage makes no sense. That's not the purpose of cryptography.

Whoever wrote this needs to go back to page 1 in their PHP book.
Post Reply