Return to forum

noreferrer · July 19, 2022 at 7:35 AM

your using md5, so yes.

this method would be acceptable if it were 2007

Look into hashing algorithms like Bcrypt. Pretty sure php has built in implementations for it

jesuslovesu · July 21, 2022 at 1:13 AM

(July 18, 2022, 09:46 PM)hesburger Wrote:
(July 18, 2022, 04:45 PM)jesuslovesu Wrote:
(July 15, 2022, 03:04 PM)yuppie Wrote: hey guys! I found an encryption algorithm in a website source which is written by PHP code.
Here is it

[php]
function encode($string, $type = 0, $key = '', $expiry = 0) {
if(is_array($string)) $string = json_encode($string);
if($type == 1) $string = str_replace('-','+',$string);
$ckey_length = 4;
$key = md5($key);
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc = $ckey_length ? ($type == 1 ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
$string = $type == 1 ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
for($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]); //$key_length = 64
}
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($type == 1) {
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
$result = substr($result, 26);
$json = json_decode($result,1);
if(!is_numeric($result) && $json){
return $json;
}else{
return $result;
}
}
return '';
}
return str_replace('+', '-', $keyc.str_replace('=', '', base64_encode($result)));[/php]

when $type is '0', it means to encrypt $string with $key,when $type is '1',it means to decrypt $string with $key.The fourth argument is usually 0.

For example

[php]<?php
$string = '2';
$key = 'mjDZLqSNJEzxg9W';
$encrypt = encode($string,0,$key);
echo "$encrypt -> ".$encrypt;
echo '
';
$decrypt = encode($encrypt,1,$key);
echo "$decrypt -> ".$decrypt;
echo '
';
?>[/php]

So I want to know, in the case of knowing plaintext and ciphertext, can i decrypt the key?
Or, can I forge ciphertext that can be decrypted without knowing the key?

I'd be grateful if you could help me solve this problem!!!!

md5 is cracked but only on paper, the computing power required for this is impractical, unless there is something you can epxloit.

I don't really agree that it'd be impractical to bruteforce MD5 hashes. Yeah it might not be instant, but it's still extremely fast and definitely doable if it makes any sense to do. I don't know why anyone would use it as there's many better alternatives available (e.g. bcrypt and other "slow hash" functions) and they're just as easy to use.

brute force is impossible unless the password is short basically

MESSI888899 · July 21, 2022 at 6:37 AM

the algorithm you use is md5 which is very easy to break, regarding the implementation (which I think is what your question refers to) I did not analyze it, but I would tell you that I most likely have several bugs, it is always better to use known implementations and with many eyes on it to have more guarantees.

MESSI888899 · July 21, 2022 at 10:39 AM

There's no need to over engineer things, go with a simple sha512 or some blowfish hash and you will be ok

yuppie · July 22, 2022 at 10:35 AM

OK. I'm brute force cracking it right now, and I don't know when I'll get it. So, wish me luck. Thanks

xiong · July 26, 2022 at 11:24 AM

(July 21, 2022, 01:13 AM)jesuslovesu Wrote:
(July 18, 2022, 09:46 PM)hesburger Wrote:
(July 18, 2022, 04:45 PM)jesuslovesu Wrote:
(July 15, 2022, 03:04 PM)yuppie Wrote: hey guys! I found an encryption algorithm in a website source which is written by PHP code.
Here is it

[php]
function encode($string, $type = 0, $key = '', $expiry = 0) {
if(is_array($string)) $string = json_encode($string);
if($type == 1) $string = str_replace('-','+',$string);
$ckey_length = 4;
$key = md5($key);
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc = $ckey_length ? ($type == 1 ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
$string = $type == 1 ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
for($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]); //$key_length = 64
}
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($type == 1) {
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
$result = substr($result, 26);
$json = json_decode($result,1);
if(!is_numeric($result) && $json){
return $json;
}else{
return $result;
}
}
return '';
}
return str_replace('+', '-', $keyc.str_replace('=', '', base64_encode($result)));[/php]

when $type is '0', it means to encrypt $string with $key,when $type is '1',it means to decrypt $string with $key.The fourth argument is usually 0.

For example

[php]<?php
$string = '2';
$key = 'mjDZLqSNJEzxg9W';
$encrypt = encode($string,0,$key);
echo "$encrypt -> ".$encrypt;
echo '
';
$decrypt = encode($encrypt,1,$key);
echo "$decrypt -> ".$decrypt;
echo '
';
?>[/php]

So I want to know, in the case of knowing plaintext and ciphertext, can i decrypt the key?
Or, can I forge ciphertext that can be decrypted without knowing the key?

I'd be grateful if you could help me solve this problem!!!!

md5 is cracked but only on paper, the computing power required for this is impractical, unless there is something you can epxloit.

I don't really agree that it'd be impractical to bruteforce MD5 hashes. Yeah it might not be instant, but it's still extremely fast and definitely doable if it makes any sense to do. I don't know why anyone would use it as there's many better alternatives available (e.g. bcrypt and other "slow hash" functions) and they're just as easy to use.

brute force is impossible unless the password is short basically

Not impossible, just really expensive (e.g. renting AWS cluster). And even besides that you really shouldn't use code that requires it's users to be smart and use safe passwords, that's really bad practice. Of course you could require the user to have a strong password by checking it, but the code above doesn't do that.

untilknow9 · September 2, 2022 at 7:24 PM

thank you

trollinator321 · September 7, 2022 at 1:24 PM

Do not know, but I would suggest that there is some flaw as there is no need to implement crypto themselves..if they are not sticking to any standard protocol (and even if, they have to implement it correctly) I expect there to be some bugs as said before

niggasisfatasf · September 7, 2022 at 7:14 PM

(July 15, 2022, 03:04 PM)yuppie Wrote: hey guys! I found an encryption algorithm in a website source which is written by PHP code.
Here is it

[php]
function encode($string, $type = 0, $key = '', $expiry = 0) {
if(is_array($string)) $string = json_encode($string);
if($type == 1) $string = str_replace('-','+',$string);
$ckey_length = 4;
$key = md5($key);
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc = $ckey_length ? ($type == 1 ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
$string = $type == 1 ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
for($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]); //$key_length = 64
}
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($type == 1) {
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
$result = substr($result, 26);
$json = json_decode($result,1);
if(!is_numeric($result) && $json){
return $json;
}else{
return $result;
}
}
return '';
}
return str_replace('+', '-', $keyc.str_replace('=', '', base64_encode($result)));[/php]

when $type is '0', it means to encrypt $string with $key,when $type is '1',it means to decrypt $string with $key.The fourth argument is usually 0.

For example

[php]<?php
$string = '2';
$key = 'mjDZLqSNJEzxg9W';
$encrypt = encode($string,0,$key);
echo "$encrypt -> ".$encrypt;
echo '
';
$decrypt = encode($encrypt,1,$key);
echo "$decrypt -> ".$decrypt;
echo '
';
?>[/php]

So I want to know, in the case of knowing plaintext and ciphertext, can i decrypt the key?
Or, can I forge ciphertext that can be decrypted without knowing the key?

I'd be grateful if you could help me solve this problem!!!!

Yes it can be cracked.

druka0102 · September 8, 2022 at 3:24 AM

search for md5 encryption on wikipedia, that is a good point to start