Jump to content

_Crypt_EncryptFile issue

legend
 Share

Recommended Posts

legend Universalist

legend

Posted
Posted (edited)

I've found a issue, regarding : _Crypt_EncryptFile

If you provide a wrong password, and even use @error, it will still try to decompile the file, the result will be a 1 kb file.

6ce00f2984.PNG

Edited by legend
Link to comment
Share on other sites
JohnOne Universalist

JohnOne

Posted
Posted

I'm not certain that what you assume, is a bug. I don't see anything in the help file that says that is incorrect behaviour.

What error do you get? 

Whatever it is, you have the opportunity to delete any files.

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites
legend Universalist

legend

Posted
  • Author
Posted (edited)

There's no particular error in the syntax, but the behaviour is indeed a bug as I see it. Why would it be able to detect if the decryption was wrong, and then it will still attempt to decrypt it?.

See the first picture in the first post.

Sure I can delete the file that it generates, with the content: ÿÿÿÿ

Yet it's not a nice solution.

Edited by legend
Link to comment
Share on other sites
legend Universalist

legend

Posted
  • Author
Posted

I'm not getting any erros, 

It's the behaviour of _Crypt_EncryptFile, that it will generate a file with the content of "ÿÿÿÿ" 

When a wrong decryption password was used. that behaviour is just not logical, when it can detect it by @error.

Link to comment
Share on other sites
legend Universalist

legend

Posted
  • Author
Posted (edited)

The message box only shows if the decryption password was correct,

I have no clue how you aren't seeing that as a bug (the behaviour of creating a file, when a wrong decrypting password is provided).

 

But thank's for the luck.

Edited by legend
Link to comment
Share on other sites
guinness Universalist

guinness

Posted
Posted

This has been mentioned already. I think the conclusion was NO BUG!

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

legend,

How on earth can you expect a cryptographic method to "see" that the recovered plaintext is wrong due to a wrong passphrase?

That would require one of two taboo things: either the passphrase is stored somewhere in the cyphertext (in which case decryption doesn't need you supply the passphrase, hence defeating the whole purpose of encryption) or the decrypt method has a way to behave as an oracle and recognize that the passphrase and the recovered plaintext is correct, which destroys plausible deniability and introduces a galaxy-large hole in the robustness of the cryptographic method employed.

Engage brain before posting and shouting bug!

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
  • Moderators
Melba23 Universalist

Melba23

Posted
  • Moderators
Posted

legend,

I have run the following snippet:

#include "Crypt.au3"

_Crypt_EncryptFile("test.txt", "encrypted.txt", "123", $CALG_AES_256)

; Use incorrect password
$bRet = _Crypt_DecryptFile("encrypted.txt", "wrongdecrypted.txt", "wrongpassword", $CALG_AES_256)
ConsoleWrite("Wrong Pword: " & $bRet & " - " & @error & @CRLF)

; Use correct password
$bRet = _Crypt_DecryptFile("encrypted.txt", "rightdecrypted.txt", "123", $CALG_AES_256)
ConsoleWrite("Right Pword: " & $bRet & " - " & @error & @CRLF)

; Use incorrect file
$bRet = _Crypt_DecryptFile("test.txt", "wrongfile.txt", "123", $CALG_AES_256)
ConsoleWrite("Wrong File:  " & $bRet & " - " & @error & @CRLF)

The results are as follows:

Wrong Pword: False - 420
Right Pword: True - 0
Wrong File:  False - 420

According to the Help file, the error says that the function "Failed to create key" and "Failed to decrypt final piece" - which seems perfectly logical to me and there is no differentiation between the 2 cases to help a would-be cracker determine the exact reason for the failure. In both error cases a small 4-byte file is created - which is the product of the internal Windows decryption code used by the Crypt library and nothing to do with AutoIt itself.

So what exactly are you complaining about?

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites
JohnOne Universalist

JohnOne

Posted
Posted

I though you meant an error in the syntax checker.

So going back to what I said earlier and with the help of Melba23 posting the error, you might do something like...

If @error = 420 Then
    FileDelete("decrypted.txt")
    ;deal with whatever you need to
EndIf

 

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...