Convert _StringEncrypt to PHP

[taurus905]

My goal is to convert the _StringEncrypt UDF (inside of String.au3) to PHP.

My initial search produced two threads within this forum:

Alternative to _StringEncrypt() "Standard" RC4 from SkinnyWhiteGuy used…

Posted by PsaltyDS

http://www.autoitscript.com/forum/index.php?showtopic=66005

equal encrypt function autoit and php

Posted by Cyber

http://www.autoitscript.com/forum/index.php?showtopic=57294

Although the above threads revealed some significant facts, they did not produce a final solution.

I don’t expect anyone to do my work for me.

But I would appreciate any input which would help in identifying major obsticles or shortcuts.

_StringEncrypt.au3 (from Help file):

expandcollapse popup

#include <GuiConstantsEx.au3>
#include <String.au3>

Opt("MustDeclareVars", 1)

_Main()

Func _Main()
    Local $WinMain, $EditText, $InputPass, $InputLevel, $UpDownLevel, $EncryptButton, $DecryptButton, $string
    ; GUI and String stuff
    $WinMain = GUICreate('Encryption tool', 400, 400)
    ; Creates window
    $EditText = GUICtrlCreateEdit('', 5, 5, 380, 350)
    ; Creates main edit
    $InputPass = GUICtrlCreateInput('', 5, 360, 100, 20, 0x21)
    ; Creates the password box with blured/centered input
    $InputLevel = GUICtrlCreateInput(1, 110, 360, 50, 20, 0x2001)
    $UpDownLevel = GUICtrlSetLimit(GUICtrlCreateUpdown($InputLevel), 10, 1)
    ; These two make the level input with the Up|Down ability
    $EncryptButton = GUICtrlCreateButton('Encrypt', 170, 360, 105, 35)
    ; Encryption button
    $DecryptButton = GUICtrlCreateButton('Decrypt', 285, 360, 105, 35)
    ; Decryption button
    GUICtrlCreateLabel('Password', 5, 385)
    GUICtrlCreateLabel('Level', 110, 385)
    ; Simple text labels so you know what is what
    GUISetState()
    ; Shows window

    While 1
        Switch GUIGetMsg()
            Case $GUI_EVENT_CLOSE
                ExitLoop
            Case $EncryptButton
                GUISetState(@SW_DISABLE, $WinMain) ; Stops you from changing anything
                $string = GUICtrlRead($EditText) ; Saves the editbox for later
                GUICtrlSetData($EditText, 'Please wait while the text is Encrypted/Decrypted.') ; Friendly message
                GUICtrlSetData($EditText, _StringEncrypt(1, $string, GUICtrlRead($InputPass), GUICtrlRead($InputLevel)))
                ; Calls the encryption. Sets the data of editbox with the encrypted string
                ; The encryption starts with 1/0 to tell it to encrypt/decrypt
                ; The encryption then has the string that we saved for later from edit box
                ; It then reads the password box & Reads the level box
                GUISetState(@SW_ENABLE, $WinMain) ; This turns the window back on
            Case $DecryptButton
                GUISetState(@SW_DISABLE, $WinMain) ; Stops you from changing anything
                $string = GUICtrlRead($EditText) ; Saves the editbox for later
                GUICtrlSetData($EditText, 'Please wait while the text is Encrypted/Decrypted.') ; Friendly message
                GUICtrlSetData($EditText, _StringEncrypt(0, $string, GUICtrlRead($InputPass), GUICtrlRead($InputLevel)))
                ; Calls the encryption. Sets the data of editbox with the encrypted string
                ; The encryption starts with 1/0 to tell it to encrypt/decrypt
                ; The encryption then has the string that we saved for later from edit box
                ; It then reads the password box & Reads the level box
                GUISetState(@SW_ENABLE, $WinMain) ; This turns the window back on
        EndSwitch
    WEnd ; Continue loop untill window is closed
    Exit
EndFunc   ;==>_Main

Data: MyString

Password/Key: MyPassword

Level: 1

Output:

09225E8BFEEEBCE8E99B127D1893C331

It’s nice to have two examples, one in AutoIt and the other in PHP, even though their results don’t match up.

(PHP download example)

RC4 Crypt by mukul of SourceForge.net

http://sourceforge.net/projects/rc4crypt/

Online working PHP example provided by Cyber:

=============================================

http://www.colcyber.com/macro/rc4/rc4test.html

Data: MyString

Password/Key: MyPassword

http://www.colcyber.com/macro/rc4/rc4test.php?pwd=MyPassword&data=MyString

Original Data : MyString

Encrypted Data (using Hex Key) : 1f12ed6e640edd02

Decrypted Data (using Hex Key) : MyString

Encrypted Data (using Key as is) : c1ee0e593349f328

Decrypted Data (using Key as is) : MyString

=============================================

My AutoIt scripting is better than my PHP, but I feel I can compete this task with a little help from the forum.

Thank you in advance.

taurus905

[taurus905]

I haven't had any time to devote to this task because I am very busy creating an online business. However, I am surprised that nobody has posted any replies to this thread. I was hoping to get a little direction for when I decide to tackle this problem.

As such, I am feeling it might be easier to start from scratch, instead of trying to produce a PHP script to match _StringEncrypt. A while back I wrote my own version of an encryption script in AutoIt and C#. So if it won't be so easy to write an equivalent _StringEncrypt in PHP, I might as well just use PHP to duplicate my custom encryption script.

taurus905

[JohnOne]

Or you could use one already written in php

http://www.php.net/manual/en/refs.crypto.php

[taurus905]

Or you could use one already written in php

http://www.php.net/manual/en/refs.crypto.php

Hello JohnOne,

That link is VERY helpful.

Before I look further into this solution, do you know if there is an equivalent AutoIt script for any of these cryptography extensions?

Thank you for your help. This is very promising in saving me a lot of work, as well as obtaining a more secure method.

taurus905

[JohnOne]

Well this mentions MD5 and SHA1 amongst others.

And does the same amongst others.

[trainer]

Hi, maybe this could help:

Autoit-Code:

$enc_key = "streng_geheim"
$string = "Hello"

MsgBox(0,"",rc4($enc_key, $string))

;---------------------------------------------

Func rc4($key, $value)
    Local $S[256], $i, $j, $c, $t, $x, $y, $output
    Local $keyLength = BinaryLen($key), $valLength = BinaryLen($value)
    For $i = 0 To 255
        $S[$i] = $i
    Next
    For $i = 0 To 255
        $j = Mod($j + $S[$i] + Dec(StringTrimLeft(BinaryMid($key, Mod($i, $keyLength)+1, 1),2)),256)
        $t = $S[$i]
        $S[$i] = $S[$j]
        $S[$j] = $t
    Next
    For $i = 1 To $valLength
        $x = Mod($x+1,256)
        $y = Mod($S[$x]+$y,256)
        $t = $S[$x]
        $S[$x] = $S[$y]
        $S[$y] = $t
        $j = Mod($S[$x]+$S[$y],256)
        $c = BitXOR(Dec(StringTrimLeft(BinaryMid($value, $i, 1),2)), $S[$j])
        $output = Binary($output) & Binary('0x' & Hex($c,2))
    Next
    Return $output
EndFunc

Result: e97a0f259c

PHP-Code

expandcollapse popup

$enc_key = "streng_geheim";
$string = "e97a0f259c";

$string = hex_str($string);
$string = rc4Decrypt($enc_key, $string);

echo $string;


#---------------------------------------------------------------

function str_hex($string){
    
    for ($i=0; $i < strlen($string); $i++) $hex .= sprintf("%02x",ord($string[$i]));
    return $hex;
}


#---------------------------------------------------------------

function hex_str($hex){
    
    for ($i=0; $i < strlen($hex)-1; $i+=2) $string .= chr(hexdec($hex[$i].$hex[$i+1]));
    return $string;
}

#---------------------------------------------------------------

function rc4Encrypt($key, $pt) {
    $s = array();
    for ($i=0; $i<256; $i++) {
        $s[$i] = $i;
    }
    $j = 0;
    $x;
    for ($i=0; $i<256; $i++) {
        $j = ($j + $s[$i] + ord($key[$i % strlen($key)])) % 256;
        $x = $s[$i];
        $s[$i] = $s[$j];
        $s[$j] = $x;
    }
    $i = 0;
    $j = 0;
    $ct = '';
    $y;
    for ($y=0; $y<strlen($pt); $y++) {
        $i = ($i + 1) % 256;
        $j = ($j + $s[$i]) % 256;
        $x = $s[$i];
        $s[$i] = $s[$j];
        $s[$j] = $x;
        $ct .= $pt[$y] ^ chr($s[($s[$i] + $s[$j]) % 256]);
    }
    return $ct;
}

#---------------------------------------------------------------

function rc4Decrypt($key, $ct){
    
    return rc4Encrypt($key, $ct);
}

Result: Hello

[trainer]

Hi,

ok - after reading again: this ist NOT what you asked for . But maybe someone can take advantage of it.

trainer

[taurus905]

Hi,

ok - after reading again: this ist NOT what you asked for . But maybe someone can take advantage of it.

trainer

Hello trainer,

Thank you for the working example.

Although it isn't a solution to my original problem (to convert the _StringEncrypt UDF to PHP), it is a solution to my second idea I posted tonight.

Your autoit script encrypts and the php script decrypts.

This is a good start.

Thanks again.

taurus905

Note: The reason I wanted to convert the _StringEncrypt UDF to PHP was so I could make a backend to a freeware program I wrote a few years ago which requires users to register the program with me. I currently have to do each email request by hand and I was wanting to automate the process using the "Pipe to a program" feature of cPanel on my web host.

I don't want to have to rewrite my freeware, but I may have to.

Or maybe there's a better solution.

[trainer]

Hello taurus,

I should definitely read the whole topic before posting ... Anyway - good luck with your project.

And here's a little improvement/correction to the posted Autoit-rc4-function:

Return StringTrimLeft(StringLower($output),2)

(otherwise the return result would be 0xE97A0F259C instead of e97a0f259c)

Cheers

trainer

[taurus905]

Hello taurus,

I should definitely read the whole topic before posting ... Anyway - good luck with your project.

And here's a little improvement/correction to the posted Autoit-rc4-function:

Return StringTrimLeft(StringLower($output),2)

(otherwise the return result would be 0xE97A0F259C instead of e97a0f259c)

Cheers

trainer

I am glad that you posted. You've been very helpful.

Do you know why I am getting this error:

Notice: Undefined variable: string

From this line of PHP code:

for ($i=0; $i < strlen($hex)-1; $i+=2) $string .= chr(hexdec($hex[$i].$hex[$i+1]));

taurus905

[trainer]

Hi taurus,

this is a warning and not an error. It depends on your php settings whether it is shown or not. It occurs because $string hasn't been defined yet. You can safely turn it off by adding the following to the top of the script:

// PHP-Parser-Debugging-Level
ini_set ('display_errors', TRUE); // On, Off
ini_set ('error_reporting',E_ALL ^ E_NOTICE); // Debug-Level

The "^ E_NOTICE" means: show the errors but not the warnings

trainer

Edited November 22, 2010 by trainer

[taurus905]

Hi taurus,

this is a warning and not an error. It depends on your php settings whether it is shown or not. It occurs because $string hasn't been defined yet. You can safely turn it off by adding the following to the top of the script:

// PHP-Parser-Debugging-Level
ini_set ('display_errors', TRUE); // On, Off
ini_set ('error_reporting',E_ALL ^ E_NOTICE); // Debug-Level

The "^ E_NOTICE" means: show the errors but not the warnings

trainer

Hi trainer,

Isn't there a way to define $string, instead of disabling the warning?

I tried to do that, but couldn't get it to work right.

Thanks for you time.

taurus905

[trainer]

Hi taurus,

if you don't want to disable the warnings, you have to take care that every variable being used is being declared before the first usage, like

$string = "";

or

$my_array = array();

In this case you have to do this inside of the function (because of the local "area of valitity" - or whatever this is called in English ):

function hex_str($hex){
    
    $string = "";
    
    for ($i=0; $i < strlen($hex)-1; $i+=2) $string .= chr(hexdec($hex[$i].$hex[$i+1]));
    return $string;
}

trainer

[JohnOne]

Forgive me if I'm wrong as Im not great at php, but I'm certain I read that all variables are global scope, no matter where they are declared, in PHP that is.

[trainer]

Forgive me if I'm wrong as Im not great at php, but I'm certain I read that all variables are global scope, no matter where they are declared, in PHP that is.

Hi JohnOne,

no problem - but I am sure that it is the way I explained... Take a look at the first few lines: http://php.net/manual/en/language.variables.scope.php

trainer

[JohnOne]

Yes, I see now, perhaps I read something else, might have been functions declared in functions.

[taurus905]

Hi taurus,

if you don't want to disable the warnings, you have to take care that every variable being used is being declared before the first usage, like

$string = "";

or

$my_array = array();

In this case you have to do this inside of the function (because of the local "area of valitity" - or whatever this is called in English ):

function hex_str($hex){
    
    $string = "";
    
    for ($i=0; $i < strlen($hex)-1; $i+=2) $string .= chr(hexdec($hex[$i].$hex[$i+1]));
    return $string;
}

trainer

Hi trainer,

Thank you for the simple explanation on how to declare the scope of a variable inside a PHP function. I knew what to do, but my syntax was wrong and I gave up too soon. I really appreciate your patience with me.

I have another question for you, or anyone else who would like to contribute an answer. Your RC4 autoit script listed above encrypts. Can you provide an example of it decrypting too. I haven't been doing much programming lately and seem to be having syntax issues.

Thank you again for the time you have spent helping me. I am starting to get inspired in finding a solution which works for me.

taurus905

[trainer]

I have another question for you, or anyone else who would like to contribute an answer. Your RC4 autoit script listed above encrypts. Can you provide an example of it decrypting too.

Hi taurus,

I'd like to help you - if i could. But I don't succeed in decrypting either. This is strange, because like "SkinnyWhiteGuy" wrote ():

; -------------------------------------------------------

; Function: rc4

; Purpose: An encryption/decryption RC4 implementation in AutoIt

; Syntax: rc4($key, $value)

; Where: $key = encrypt/decrypt key

; $value = value to be encrypted/decrypted

; On success returns encrypted/decrypted version of $value

; Author: SkinnyWhiteGuy on the AutoIt forums at www.autoitscript.com/forum

; Notes: The same function encrypts and decrypts $value.

; -------------------------------------------------------

And in php it works exactly this way ...

Does anyone know the solution?

trainer

[taurus905]

Hi taurus,

I'd like to help you - if i could. But I don't succeed in decrypting either. This is strange, because like "SkinnyWhiteGuy" wrote ():

; -------------------------------------------------------

; Function: rc4

; Purpose: An encryption/decryption RC4 implementation in AutoIt

; Syntax: rc4($key, $value)

; Where: $key = encrypt/decrypt key

; $value = value to be encrypted/decrypted

; On success returns encrypted/decrypted version of $value

; Author: SkinnyWhiteGuy on the AutoIt forums at www.autoitscript.com/forum

; Notes: The same function encrypts and decrypts $value.

; -------------------------------------------------------

And in php it works exactly this way ...

Does anyone know the solution?

trainer

Hi trainer,

You've helped me plenty.

I read that also. (Notes: The same function encrypts and decrypts $value.)

When I figure out how to do it, I'll post it here.

I have a feeling it's something simple.

All to often I miss something simple, but can figure out something complicated.

taurus905

[trainer]

All to often I miss something simple, but can figure out something complicated.

The fate of the coders. I guess I spent thousands of hours searching after forgotten semicolons in my php scripts...

trainer