0

I have some encryption code that works fine. In order to make it a bit sneakier, I wanted to tweak the byte array after its encrypted and un-tweak it on the other side before decryption. This way if somebody gets my encryption key, just maybe they won't figure out why its not working.

However whenever I manipulate the bytes it breaks things, which to me means I am not correctly modifying the string byte array. Here is my implementation as suggested below. Its doing the encrypt and decrypt directly after each other for testing purposes.

$string = "My Test String";
$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_RAND);
$key = pack('H*', encryptKey());
$result = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, addpadding($string), MCRYPT_MODE_CBC, $iv);

$ordVal = ord($result[5]);
if($ordVal == 0)
{
    $ordVal = 255;
}
else
{
    $ordVal--;
}
//$result[5] = $ordVal;
$data = base64_encode($iv . $result);

$str = base64_decode($data);
if(!str)
{
    dieEncrypted("Unable to base64 decode string");
}
$ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = substr($str,0,$ivSize);
$str = substr($str,$ivSize);
$ordVal = ord($str[5]);
if($ordVal == 255)
{
    $ordVal = 0;
}
else
{
    $ordVal++;
}
//$str[5] = $ordVal;
$key = pack('H*', encryptKey());
$result = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $str, MCRYPT_MODE_CBC, $iv);
if(!$result)
{
    dieEncrypted("Unable to unencrypt string");
}
$result = strippadding($result);
echo "The result is: $result|";
Improve this question

3 Answers 3

Reset to default
0

If $iv[5] is really a numeric character(0-9), it should work. But otherwise, it wont because php will cast the letter / character to a numeric so that adding 1 to it makes sense. Letters numerically cast to 0, so the result will always be 0 + 1 = 1, which isn't what you want.

If you want to increment the ascii code by one, try this.

$iv[5] = ord($iv[5]) + 1;
// undo it
$iv[5] = chr($iv[5]) - 1;
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

@ImplexOne makes a good point about the boundaries 0 and 255. Make sure to check for this and roll the ascii code over.
This didn't seem to work either. I noticed that mucking with the IV didn't actually do much for security so I changed it to mucking with the actual encrypted data. Same result though. I have updated the question with the full example code. I also tried ord and chr like your example, and both ord.
0

Let's disregard the fact that security by obscurity doesn't work and answer your question.

Guess: 255 + 1 = 256 (or 0 for single-byte-characters). That would change zero-terminated string length.

Try base64 encoding actual byte array, and then decode it, so you don't loose anything.

Improve this answer

1 Comment

In this case, the character I am manipulating is not the last character. I did update the code to handle 0\255 roll over
0

Ok I figured this out. It looks like the string format of this data is such that you can't manipulate a single character. Perhaps its multi byte characters or something. Anyhow the solution was to encode to base64 as suggested above, then perform the byte manipulation using a rollover logic since base64 is not linear. This combines the ord\chr solution mentioned in the 2nd answer. So both answers put together in this manner seemed to do the trick. Thanks all!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.