0

I am making a HTTP POST request to my server from my C++ application via sockets, I will be XORing the POST values from my C++ application before they are sent to my server. Once these XORed POST values are sent to my server I am going to need to be able to 'decrypt' them before processing the values on my server.

My C++ application currently is XORing strings like so

char *XOR(char *string)
{
    //key = 0x10
    char buffer[1000] = { 0 };
    for (int i = 0; i < strlen(string); i++)
        buffer[i] = string[i] ^ 0x10;
    buffer[strlen(string)] = 0x00;
    return buffer;
    //yes I know, this function could be written much better. But that is not the point of this question...
}

Now in PHP I am using this function to XOR a string

function XOR($string, $key)
{
    for($i = 0; $i < strlen($string); $i++) 
        $string[$i] = ($string[$i] ^ $key[$i % strlen($key)]);
    return $string;
}

I have tried calling it like this

$decryptedValue = XOR($_POST['postParam1'], "16");

And like this

$decryptedValue = XOR($_POST['postParam1'], 16);

But the value stored in $decryptedValue never matches up with the XORed value sent from C++ application

For example if I XOR "test" in my C++ application with key as 0x10 the return value is

0x64, 0x75, 0x63, 0x64

But If I XOR "test" on my server the return value is

0x45, 0x53, 0x42, 0x42
Improve this question

1 Answer 1

Reset to default
1

You need to convert your character to an integer with ord, then XOR it with $key (not using key as a string), then convert it back to a character with chr. Otherwise, it XOR's the string value with a string containing "16", which clearly doesn't achieve the same result.

function encrypt($string, $key)
{
    for($i = 0; $i < strlen($string); $i++) 
            $string[$i] = chr(ord($string[$i]) ^ $key);
    return $string;
}

(My version of PHP thinks XOR is a keyword, so I renamed the function to encrypt).

To test:

encrypt("test", 16);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.