.net php decryption

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Wootah
Forum Newbie
Posts: 13
Joined: Wed Jul 14, 2010 7:08 pm

.net php decryption

Post by Wootah »

H all,

My first post is a big one. It is highly specific and yes I would appreciate a solution. So a big thank you in advance to any assistance. Basically I can't decrypt this data and I don't know why I am failing at it.

Here is the key and iv provided by .net encryption:
Key() As Byte = {66, 121, 101, 79, 117, 110, 88, 115, 107, 71, 118, 119, 73, 70, 115, 80, 74, 50, 50, 74, 121, 81, 61, 61}
IV() As Byte = {85, 86, 99, 113, 106, 84, 55, 49, 77, 87, 77, 61}

Here is my conversion of that into a string and then base64 decoded:
$key = base64_decode("ByeOunXskGvwIFsPJ22JyQ==");
$iv = base64_decode("UVcqjT71MWM=");

Here is some sample data and what it is meant to be:
$encrypteddata = base64_decode("5yMPJMpC1WeFtziiB4WrMmErqSMx8yny");
//actual data 14253647testuser

Key values and encrypted data are encoded in Base64. It is tripledes encryption.

$decrypteddata = mcrypt_decrypt(MCRYPT_TRIPLEDES, $key, $encypteddata, MCRYPT_MODE_CBC, $iv);

Now any/all of the above steps might be wrong .... Drinks are on me. :drunk:
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: .net php decryption

Post by Apollo »

Wootah wrote:Here is the key and iv provided by .net encryption:
Key() As Byte = {66, 121, 101, 79, 117, 110, 88, 115, 107, 71, 118, 119, 73, 70, 115, 80, 74, 50, 50, 74, 121, 81, 61, 61}
IV() As Byte = {85, 86, 99, 113, 106, 84, 55, 49, 77, 87, 77, 61}

Here is my conversion of that into a string and then base64 decoded:
$key = base64_decode("ByeOunXskGvwIFsPJ22JyQ==");
$iv = base64_decode("UVcqjT71MWM=");
Note sure if this is supposed to be this way, but the arrays above seem to be these same strings - NOT base64decoded! (e.g. Key: 66=B, 121=t, 101=e, etc)

Which seems strange to me because if you're defining a key as byte array, I wouldn't expect that to be base64encoded.
Wootah
Forum Newbie
Posts: 13
Joined: Wed Jul 14, 2010 7:08 pm

Re: .net php decryption

Post by Wootah »

Apollo wrote:
Wootah wrote:Here is the key and iv provided by .net encryption:
Key() As Byte = {66, 121, 101, 79, 117, 110, 88, 115, 107, 71, 118, 119, 73, 70, 115, 80, 74, 50, 50, 74, 121, 81, 61, 61}
IV() As Byte = {85, 86, 99, 113, 106, 84, 55, 49, 77, 87, 77, 61}

Here is my conversion of that into a string and then base64 decoded:
$key = base64_decode("ByeOunXskGvwIFsPJ22JyQ==");
$iv = base64_decode("UVcqjT71MWM=");
Note sure if this is supposed to be this way, but the arrays above seem to be these same strings - NOT base64decoded! (e.g. Key: 66=B, 121=t, 101=e, etc)

Which seems strange to me because if you're defining a key as byte array, I wouldn't expect that to be base64encoded.
It seems to fail either way for me... decoded or not
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: .net php decryption

Post by Apollo »

Look into the .net part and see how it's being encrypted there. Do the opposite in php.
Post Reply