1

I'm having issue to convert following javascript encryption logic to PHP, this javascript library cannot be found on internet so there is no documentation or clue where to start.

It seem the encryption is using AES method but it weird because AES only accept input string and secret, the iv didn't match the variable s on the javascript (not 16bits)

function doCheckR() {
  var string= "10000395351475";
  console.log("this is plain processing of string :  "+string);
  var a = ManualJS.jun.Des.parse("79540e250fdb16afac03e19c46dbdeb3"),
    s = ManualJS.jun.Des.parse("eb2bb9425e81ffa942522e4414e95bd0"),
    result = ManualJS.MDX.goinstring(string, a, {
        ii: s
    });
    console.log("this is a :  "+a);
    console.log("this is s :  "+s);
    console.log("this is result :  "+result);
  result = result.rabbittext.toString(ManualJS.jun.Text21);
  console.log("final result for urlencoded :  "+encodeURIComponent(result));
}

https://jsfiddle.net/8swegkv6/3/

Thanks

Improve this question
4
  • 1
    Is this some kind of (bad) obfuscated CryptoJS? At least the syntax reminds of CryptoJS. Seems to be AES-128 in CBC mode with PKCS7 padding (key and IV are both hex-encoded and therefore 16 bytes in size), whose ciphertext was first Base64 encoded and then URL encoded, here. You can use e.g. openssl_encrypt in PHP. Commented Aug 17, 2020 at 10:40
  • It says "Des" in the text, why you would assume AES or CryptoJS is beyond me. I assume that a is the first key and s is the second key (`ii is 2 in roman numerals) for two-key triple DES. But anything is guesswork, and I don't think the problem can be solved here on SO because of that. Commented Aug 17, 2020 at 10:46
  • 1
    Presumably Des does not mean DES/3DES here. It seems to be a kind of CryptoJS with changed class/method names. Anyway, the ciphertext of the posted code can be reproduced with AES-128, CBC (a is the key, s the IV), which you can verify by comparing the ciphertexts provided in the posted links (in your question and in my 1st comment). Commented Aug 17, 2020 at 11:09
  • Hi @Topaco you've just open a new door for me, after digging more the JS was CryptoJS!, now I need to create same functionality matched encryption created by CryptoJS by PHP, Thanks! Commented Aug 17, 2020 at 12:04

1 Answer 1

Reset to default
1

The following code is simple AES CBC en-/decryption without any proper exception handling and for educational purposes only.

All credits go to @Topaco who examined the algorithm & mode, key and iv.

Please don't use this code in production as it uses static key & iv!

result:

* * * encryption * * *
ciphertext:      lOv3As5iF/wk/1LYB+68gw==
result urlencod: lOv3As5iF%2Fwk%2F1LYB%2B68gw%3D%3D
result expected: lOv3As5iF%2Fwk%2F1LYB%2B68gw%3D%3D
* * * decryption * * *
decryptedtext: 10000395351475
string       : 10000395351475

code:

<?php
echo 'https://stackoverflow.com/questions/63447664/convert-javascript-encryption-logic-to-php-probably-aes-method' . PHP_EOL;
$string = "10000395351475";
$aKey = "79540e250fdb16afac03e19c46dbdeb3";
$sIv = "eb2bb9425e81ffa942522e4414e95bd0";
// encryption
echo '* * * encryption * * *' . PHP_EOL;
$ciphertext = openssl_encrypt($string, "aes-128-cbc", hex2bin($aKey), 0, hex2bin($sIv));
echo 'ciphertext:      ' . $ciphertext . PHP_EOL;
$ciphertextUrlencoded = urlencode($ciphertext);
echo 'result urlencod: ' . $ciphertextUrlencoded . PHP_EOL;
echo 'result expected: ' . 'lOv3As5iF%2Fwk%2F1LYB%2B68gw%3D%3D' . PHP_EOL;
// decryption
echo '* * * decryption * * *' . PHP_EOL;
$decryptedtext = openssl_decrypt(urldecode($ciphertextUrlencoded), "aes-128-cbc", hex2bin($aKey), 0, hex2bin($sIv));
echo 'decryptedtext: ' . $decryptedtext . PHP_EOL;
echo 'string       : ' . $string . PHP_EOL;
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.