2

I'm writing a PHP website that is accessing an encrypted MySQL database. The database is currently a back end to a VB.Net Windows forms program. This is all working fine, but I want to the PHP website to access some of the data and be able to decrypt/encrypt it. The fields are encrypted using Blowfish code originally written by David Ireland in VB6 and converted by Todd Acheson with a few tweaks from myself.

With the PHP Blowfish examples I've seen, the $iv is set at random, but I need it to be set to the same as that created in VB, so I'm attempting to convert the VB code to PHP.

I've started converting the code line by line, and from a technical perspective, it seems OK, but testing the first part of it doesn't provide the same results as with VB

Setting the key:


    Dim aKey() as Byte = cv_BytesFromHex(MySecretKey)


    Public Function cv_BytesFromHex(ByVal sInputHex As String) As Object
        ' Returns array of bytes from hex string in big-endian order
        ' E.g. sHex="FEDC80" will return array {&HFE, &HDC, &H80}
        Dim i As Long
        Dim M As Long
        Dim aBytes() As Byte
        If Len(sInputHex) Mod 2 <> 0 Then
            sInputHex = "0" & sInputHex
        End If

        M = Len(sInputHex) \ 2
        ReDim aBytes(M - 1)

        For i = 0 To M - 1
            Dim x = "&H" & Mid(sInputHex, i * 2 + 1, 2)

            Debug.Print(x + " " + Val(x).ToString)

            aBytes(i) = Val(x)
        Next

        cv_BytesFromHex = aBytes 'CopyArray(aBytes)
        Return cv_BytesFromHex
    End Function

Converting this function to PHP5.

public function cv_BytesFromHex($inputstring)
{
    // Returns array of bytes from hex string in big-endian order
    // e.g. shex="fedc80" will return array {&hfe, &hdc, &h80}
    $i=0;
    $m=0;
    if (strlen($inputstring)/2 <> (int)(strlen($inputstring)/2)) {
        $inputstring = "0".$inputstring;
    }
    $m = strlen($inputstring)/2;
    echo 'Length '.strlen($inputstring).' = '.$m." elements</br>";
    $abytes=array_fill(0,$m-1,0) ;
    for ($i=0; $i<=$m-1;$i++) {
        $raw=substr($inputstring, $i * 2 , 2);
        $hexed=hexdec($raw);
        echo 'Raw ='.$raw.' = '.$hexed.'</br>';
        $abytes[$i]=$hexed;
    }
    return $abytes;
}

Testing with the key "1check".

VB output:

&H1C 28
&Hhe 0
&Hck 12

PHP output:

Length 6 = 3 elements
Raw =1c = 28
Raw =he = 14
Raw =ck = 12

So.. in this example, "1C" and "ck" give me the same values, but "he" doesn't

another example:

key =10stack

vb

&H01 1
&H0s 0
&Hta 0
&Hck 12

php

Length 8 = 4 elements
Raw =01 = 1
Raw =0s = 0
Raw =ta = 10
Raw =ck = 12

This one works: key =1234wxyz

vb

&H12 18
&H34 52
&Hwx 0
&Hyz 0

php

Raw =12 = 18
Raw =34 = 52
Raw =wx = 0
Raw =yz = 0

Does anyone know why?

Improve this question
3
  • Can you provide a couple more example inputs/outputs for the vb and PHP versions Commented Aug 16, 2019 at 12:30
  • 1
    Brett: Key "10stack" added Commented Aug 16, 2019 at 12:42
  • Original key was quoted wrongly too, sorry. That's been corrected as well. Commented Aug 16, 2019 at 12:48

1 Answer 1

Reset to default
1

so, there is no errors here. h is ignored by hexdec and only e is decoded. cause... https://en.wikipedia.org/wiki/Hexadecimal there is no h :)

and in VBA Val function returns 0, cause he is not valid hex-combination

<?php
function myHex($str)
{
  if ($str === dechex(hexdec($str))) {
    return hexdec($str);
  }

  return 0;
}

var_dump(myHex("he"));  // returns 0
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hi. Aware there's nothing above H :-) So, I'm assuming that in relation to &Hta - VB is converting the whole thing to zero as TA is not a valida HEX value, but PHP is ignoring the T and converting the A to 10? Going to have to write my own function to have it do hexdec the VB way... :-(
nope, there is nothing above F. &H part is given specially for Val function could recognize the string is a HEX-string :) that's why it's not needed in PHP implementation. added simple VBA hex :)
Sorry - yes, I meant F... head buried in other stuff at the moment... thanks for your help :-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.