Shinzan Posted April 11, 2013 Share Posted April 11, 2013 Hi everyone first time poster here wOOt! Question is about encryption in Visual Basic then dercrypted on PHP Here are my encryption decryption functions they work fine. The problem is when I pass the base64_encode(encryptedstring) to my web app via parameter string the decryption works mostly well on several smaller strings but longer strings only decrypt halfway! PHP Decrypt: function php_DecryptValue($cypher,$key){ // Our output text $outText = ''; // Iterate through each character for($i=0;$i<strlen($cypher) // Dont need to increment here { for($j=0;$j<strlen($key);$j++,$i++) { $outText .= $key{$j} ^ $cypher{$i}; } } return $outText; } VB6/VBA Encrypt Public Function php_EncryptValue(strText As String, strKey As String) As String 'strText length should match strkey length for maximum strength Dim i As Integer 'Loop counter Dim intKeyChar As Integer 'Character within the key that we'll use to encrypt Dim strTemp As String 'Store the encrypted string as it grows Dim strChar1 As String * 1 'The first character to XOR Dim strChar2 As String * 1 'The second character to XOR Dim s 'Loop through each character in the text For i = 1 To Len(strText) 'Get the next character from the text strChar1 = Mid(strText, i, 1) 'Find the current "frame" within the key intKeyChar = ((i - 1) Mod Len(strKey)) + 1 'Get the next character from the key strChar2 = Mid(strKey, intKeyChar, 1) 'Convert the charaters to ASCII, XOR them, and convert to a character again strTemp = strTemp & Chr(Asc(strChar1) Xor Asc(strChar2)) Next i 'Display the resultant encrypted string php_EncryptValue = strTemp End Function So theses algorithms match up fine I encrypt a string in VBA then base64encode it, then urlencode it and pass it to my webapp like this: http://www.MyWebApp.com/index.php?Hash=sdjafkjlsflsaklfjlasjdlfblahblahblah if the string is 300 or so characters it works, when the string is 700-2000 I have issues but I really feel like its a php encoding issue and not with the encryption algorithms. If I encrypt a string and base encode it my vba app and then paste that value into the decrypt php function i get the string I want. But when I pass it via URL it goes straight to pot. I have tried urlencode on the passed string, I've tried rawurlencode / rawurldecode on the string I've tried just base64_encode/base64_decode but nothing is working 100% Would some php guru kindly point out my mistake? PHP is not my primary language, and I really feel like this is an encoding issue that I'm not seeing clearly. Thanks! David Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/ Share on other sites More sharing options...
Shinzan Posted April 11, 2013 Author Share Posted April 11, 2013 Can't Edit for some reason but for instance echo php_DecryptValue(base64_decode("HQcSBwYdYQsaHQ5iMDseNjs8Myw1JCQsIGlpFjs8Myw1JCQsIAAFa3QfAA4BDBJifGlwc2NgehcEDQAWEWklMAs9LjcmJyAvMSc1YgcMFWJ0DDcnOj0PIzksYX90bnNyZXphFgxpEDc1JSgkPSwzZXhpDCc5KyQwJyEoMgYsMDc9OyQmdHRhZRIIDRERbm1iGCYiIyAgLix0dGFlBCgyIzAsLyN4aRUac2VhBjU9JBEgKDM2dHRhZWZ5cHF5fGxzZG5tYhAoNScRJyViaWlmcGR4cm9hZHByc2VhATsmMyY9JyA2OzsPIzksYX90bhUadAgSDXNlYQ8xJC5iaWlmZXhpNy8LIDUnOSAlYnR0YWVzZWE0ORYxIy0kJCwgICViaWlmZXhpDCMmImF/dG4HAxgaBGV4aRcjOCAlIyAsEDc1JSgkPSwzYmlpZgQVBRIHc2VhATslLSc3PRUnNSQILDImYX90bgcDGBoEZXhpESo7PS4QMTg0KyYsJWJpaWYEFQUSB3NlYRQxJzQnGigsJ3R0YWUVJyUnJjphBS0kYRE1J2EINSooLCAmYQE7JS0nMyxmbnQfJCwhLAAmMDskMSd4YX90bnlyYnlhESQsLyExO2EKIzBmbnQfJCwhLAAmMDskMSd7YX90bmZudB8kLCEsAisgMGF/dG4RIycoJSc6KGZudB8kLCEsGyskKi4mMWl8YnN+eXBlcWZudAUgNjEvJCd0dGFlc2VhDz06MicwGDQjOCAnKzE7BycxaXxic25tYhgoNScSLCQRICgzNidpfGJzZGxibnNmbnQINDY8ByQ2GCYmKzoABWJpaWZleGkANyAhDycgCBELHyw4YmlpZmV4aRcjOCAlIyAsADEnJiIrNT0oLToEJC82LDMxPCAxYmlpZgQVBRIHc2VhFDUlKCY1PSQDJzouIT0oNSs7JwwnOSskMCchKDIYKCMnOGl8YnNubWIaJi8PMSQjJyYPJCd0dGFlc2VhFwcICiMmKDUnBygvISAgLiwxLWF/dG4HAxgaBGV4aWEWPSoqJyA6ADQ1IC0jNiUkDTolKCwxaXxicw8ADgcMZm50aTYjPT8kMCAsOTZ0aXxic2dvZXRpFgoRGwRiACY0MDooLCc6PQgGdHRhc2V+"),"secetkey"); This decodes fine because it is the string directly from VBA copied out fo the debug window then pasted into a test.php code page echo php_DecryptValue(base64_decode("HQcSBwYdYQsaHQ5iMDseNjs8Myw1JCQsIGlpFjs8Myw1JCQsIAAFa3QfAA4BDBJifGlwc2NgehcEDQAWEWklMAs9LjcmJyAvMSc1YgcMFWJ0DDcnOj0PIzksYX90bnNyZXphFgxpEDc1JSgkPSwzZXhpDCc5KyQwJyEoMgYsMDc9OyQmdHRhZRIIDRERbm1iGCYiIyAgLix0dGFlBCgyIzAsLyN4aRUac2VhBjU9JBEgKDM2dHRhZWZ5cHF5fGxzZG5tYhAoNScRJyViaWlmcGR4cm9hZHByc2VhATsmMyY9JyA2OzsPIzksYX90bhUadAgSDXNlYQ8xJC5iaWlmZXhpNy8LIDUnOSAlYnR0YWVzZWE0ORYxIy0kJCwgICViaWlmZXhpDCMmImF%2FdG4HAxgaBGV4aRcjOCAlIyAsEDc1JSgkPSwzYmlpZgQVBRIHc2VhATslLSc3PRUnNSQILDImYX90bgcDGBoEZXhpESo7PS4QMTg0KyYsJWJpaWYEFQUSB3NlYRQxJzQnGigsJ3R0YWUVJyUnJjphBS0kYRE1J2EINSooLCAmYQE7JS0nMyxmbnQfJCwhLAAmMDskMSd4YX90bnlyYnlhESQsLyExO2EKIzBmbnQfJCwhLAAmMDskMSd7YX90bmZudB8kLCEsAisgMGF%2FdG4RIycoJSc6KGZudB8kLCEsGyskKi4mMWl8YnN%2BeXBlcWZudAUgNjEvJCd0dGFlc2VhDz06MicwGDQjOCAnKzE7BycxaXxic25tYhgoNScSLCQRICgzNidpfGJzZGxibnNmbnQINDY8ByQ2GCYmKzoABWJpaWZleGkANyAhDycgCBELHyw4YmlpZmV4aRcjOCAlIyAsADEnJiIrNT0oLToEJC82LDMxPCAxYmlpZgQVBRIHc2VhFDUlKCY1PSQDJzouIT0oNSs7JwwnOSskMCchKDIYKCMnOGl8YnNubWIaJi8PMSQjJyYPJCd0dGFlc2VhFwcICiMmKDUnBygvISAgLiwxLWF%2FdG4HAxgaBGV4aWEWPSoqJyA6ADQ1IC0jNiUkDTolKCwxaXxicw8ADgcMZm50aTYjPT8kMCAsOTZ0aXxic2dvZXRpFgoRGwRiACY0MDooLCc6PQgGdHRhc2V%2B"),"secretkey"); This decodes half way and fails half way through, same code but urlencoded and passed by URL It has to be an encoding issue I just can't seem to fix it! Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424058 Share on other sites More sharing options...
Shinzan Posted April 11, 2013 Author Share Posted April 11, 2013 Further more i think the encoding is causing the parameter string to be broken into to multiple pieces for instance: Parameter=HQcSBwYdYQsaHQ5iMDseNjs8Myw1JCQsIGlpFjs8Myw1JCQsIAAFa3QfAA4BDBJifGlwc2NgehcEDQAWEWklMAs9LjcmJyAvMSc1YgcMFWJ0DDcnOj0PIzksYX90bnNyZXphFgxpEDc1JSgkPSwzZXhpDCc5KyQwJyEoMgYsMDc9OyQmdHRhZRIIDRERbm1iGCYiIyAgLix0dGFlBCgyIzAsLyN4aRUac2VhBjU9JBEgKDM2dHRhZWZ5cHF5fGxzZG5tYhAoNScRJyViaWlmcGR4cm9hZHByc2VhATsmMyY9JyA2OzsPIzksYX90bhUadAgSDXNlYQ8xJC5iaWlmZXhpNy8LIDUnOSAlYnR0YWVzZWE0ORYxIy0kJCwgICViaWlmZXhpDCMmImF%2FdG4HAxgaBGV4aRcjOCAlIyAsEDc1JSgkPSwzYmlpZgQVBRIHc2VhATslLSc3PRUnNSQILDImYX90bgcDGBoEZXhpESo7PS4QMTg0KyYsJWJpaWYEFQUSB3NlYRQxJzQnGigsJ3R0YWUVJyUnJjphBS0kYRE1J2EINSooLCAmYQE7JS0nMyxmbnQfJCwhLAAmMDskMSd4YX90bnlyYnlhESQsLyExO2EKIzBmbnQfJCwhLAAmMDskMSd7YX90bmZudB8kLCEsAisgMGF%2FdG4RIycoJSc6KGZudB8kLCEsGyskKi4mMWl8YnN%2BeXBlcWZudAUgNjEvJCd0dGFlc2VhDz06MicwGDQjOCAnKzE7BycxaXxic25tYhgoNScSLCQRICgzNidpfGJzZGxibnNmbnQINDY8ByQ2GCYmKzoABWJpaWZleGkANyAhDycgCBELHyw4YmlpZmV4aRcjOCAlIyAsADEnJiIrNT0oLToEJC82LDMxPCAxYmlpZgQVBRIHc2VhFDUlKCY1PSQDJzouIT0oNSs7JwwnOSskMCchKDIYKCMnOGl8YnNubWIaJi8PMSQjJyYPJCd0dGFlc2VhFwcICiMmKDUnBygvISAgLiwxLWF%2FdG4HAxgaBGV4aWEWPSoqJyA6ADQ1IC0jNiUkDTolKCwxaXxicw8ADgcMZm50aTYjPT8kMCAsOTZ0aXxic2dvZXRpFgoRGwRiACY0MDooLCc6PQgGdHRhc2V%2B But when i echo the red parameter it returns: HQcSBwYdYQsaHQ5iMDseNjs8Myw1JCQsIGlpFjs8Myw1JCQsIAAFa3QfAA4BDBJifGlwc2NgehcEDQAWEWklMAs9LjcmJyAvMSc1YgcMFWJ0DDcnOj0PIzksYX90bnNyZXphFgxpEDc1JSgkPSwzZXhpDCc5KyQwJyEoMgYsMDc9OyQmdHRhZRIIDRERbm1iGCYiIyAgLix0dGFlBCgyIzAsLyN4aRUac2VhBjU9JBEgKDM2dHRhZWZ5cHF5fGxzZG5tYhAoNScRJyViaWlmcGR4cm9hZHByc2VhATsmMyY9JyA2OzsPIzksYX90bhUadAgSDXNlYQ8xJC5iaWlmZXhpNy8LIDUnOSAlYnR0YWVzZWE0ORYxIy0kJCwgICViaWlmZXhpDCMmImF/dG4HAxgaBGV4aRcjOCAlIyAsEDc1JSgkPSwzYmlpZgQVBRIHc2VhATslLSc3PRUnNSQILDImYX90bgcDGBoEZXhpESo7PS4QMTg0KyYsJWJpaWYEFQUSB3NlYRQxJzQnGigsJ3R0YWUVJyUnJjphBS0kYRE1J2EINSooLCAmYQE7JS0nMyxmbnQfJCwhLAAmMDskMSd4YX90bnlyYnlhESQsLyExO2EKIzBmbnQfJCwhLAAmMDskMSd7YX90bmZudB8kLCEsAisgMGF/dG4RIycoJSc6KGZudB8kLCEsGyskKi4mMWl8YnN eXBlcWZudAUgNjEvJCd0dGFlc2VhDz06MicwGDQjOCAnKzE7BycxaXxic25tYhgoNScSLCQRICgzNidpfGJzZGxibnNmbnQINDY8ByQ2GCYmKzoABWJpaWZleGkANyAhD Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424061 Share on other sites More sharing options...
Shinzan Posted April 11, 2013 Author Share Posted April 11, 2013 ok I finally figured it out but this is stupid. So the urlencoded results are automatically urldecoded by the server. Fine. no problem but to get back the results i need I have to do this: (So confirmed encryption algs work fine its an encoding issue and this solves it.... BUT WHY ! $parameter = ff_getParam('ff_param_hash',''); //get the parameter but it will be urldecoded by default as this function wraps get $ProperResults = base64_decode(rawurldecode(urlencode($sqlpackage))); However even this isn't quite right, it returns the fully decrypted, fully unencoded string with the last character missing!!! ARGHH! So I fudge it by padding the whole string with a few extra spaces so it will drop those vs real data on the VB side VBA CODE: strPackage = strPackage & " " 'padding so no chars are stripped off on php side I added this once i realized the ProperResults was cutting off the last character!! strPackage = php_EncryptValue(strPackage, "secretkey") strPackage = base64_encode(strPackage) strPackage = URLEncode(strPackage) ) Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424070 Share on other sites More sharing options...
Shinzan Posted April 11, 2013 Author Share Posted April 11, 2013 Is there a cleaner way, it works now and thats important, but I hate stupid hacks like this! Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424071 Share on other sites More sharing options...
trq Posted April 11, 2013 Share Posted April 11, 2013 I've got to ask why your doing all of this? Get an ssl and be done with it. Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424074 Share on other sites More sharing options...
Shinzan Posted April 11, 2013 Author Share Posted April 11, 2013 I have ssl Thats not the issue, can you help me with the issue? Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424132 Share on other sites More sharing options...
Shinzan Posted April 11, 2013 Author Share Posted April 11, 2013 (edited) I need the parameter to be encrypted from human eyes not just site to site on the wepage URL itsself. Edited April 11, 2013 by Shinzan Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424133 Share on other sites More sharing options...
Shinzan Posted April 11, 2013 Author Share Posted April 11, 2013 for instance https://MyWebApp.com/indexp.php&?param="HeyYouWerentSupposedToBeAbleToReadThis" needs to be https://MyWebApp.com/indexp.php&?param="Wfwdsdfakldsjf;kljasdlkjf;fweqjfeiowuprqiouewioqoireuwpwerieowjkflasfs" Its not just about encryption its about obfuscation of the parameter in the url from human eyes and modification ssl wont do anything for a user changing the value and refreshing the browser Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424134 Share on other sites More sharing options...
Shinzan Posted April 11, 2013 Author Share Posted April 11, 2013 (edited) For instance (And I have about 15 uses for this code) Lets assume the VBA app wants to launch a userpage with a user already logged in, we encrypt the data: UserID:4,BogusData then explode it out later get the userid and auto login the user If the url is Http://myweapp.com/index.php?param=UserID:4,BogusData Thats pretty useless since a user could just change it to 5 refresh and bob's your uncle hes logged in as the wrong user: I could go on and on with examples of how I can use this to let an offline client communicate with my server app but hopefully this is enough. this is just 1 example of the reason it needs encrypted from human eyes more importantly than simple SSL encrypting it in transit Edited April 11, 2013 by Shinzan Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424138 Share on other sites More sharing options...
DavidAM Posted April 11, 2013 Share Posted April 11, 2013 1) Use POST rather than GET. It is hidden better (though still not invisible); the length limits are higher (you are sending a lot of data for a GET); it might avoid the "truncation" $ProperResults = base64_decode(rawurldecode(urlencode($sqlpackage))); 2) urlencode()/urldecode() are different from rawurlencode()/rawurlencode(). Since you are having to urlencode it back and then rawurldecode it, there is an apparent mis-match between the VBA and PHP. There may also be some minor discrepancies in the interpretation of the specs between VBA and PHP. You can get the un-urldecoded (that is, the raw) values from $_SERVER['QUERY_STRING'], I believe. Of course, you will have to split the string up yourself if there is more than one parameter. If at all possible, I would use POST for this. Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424234 Share on other sites More sharing options...
Shinzan Posted April 12, 2013 Author Share Posted April 12, 2013 $_SERVER['QUERY_STRING'], I will go straight to that to get my unaltered parametter thank you! Quote Link to comment https://forums.phpfreaks.com/topic/276801-simple-encryption-routine-vba-to-php-url-encoding-problem/#findComment-1424352 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.