Decrypting AES256 Encrypted Strings in Autoit

[GoogleDude]

I have 2 very basic scripts. One (from au3 help) that Encrypts a string with a given algo. The encrypted string is something like 0x099363CB45F3F6903ADA0E7100D971ED42632A58DAA78A2C0DB8158B7D20F777. The other script decrypts an encrypted string to a proper string. but only works on au3 encrypted strings/encrypted strings 

My issue is that, if I go to a website such as https://encode-decode.com/aes256-encrypt-online/ for example and create an encrypted string with a password how can I decode that string in au3? The format of the encrypted string is totally different than one encrypted by au3. Even when I use the same aes256 algo and key!

Thanks,

GD

[TheXman]

If you are using AES encryption with a text-based password, then the password is most likely being hashed to the required bit length (128, 192, or 256).  So you need to make sure that everything is correct to decrypt.  That means that you need to make sure that you have the correct decryption key and initialization vector. 

If you are encrypting with AutoIt, using the USERKEY constant, with the Crypt_DeriveKey function, then by default, the password is being hashed using MD5, which will create a 128-bit encryption key.

Show the au3 code that you use to encrypt and I can probably show you what you need to decrypt.  Also, many encrypt/decrypt sites use a base64 string to represent the binary data instead of hex.  The site that you referenced is one of them.  There are some out there that will let you see the hex representation.  You just need to make sure that you are comparing equivalent values.

I like this SITE for confirming/comparing AES encryption/decryption.  If you are not familiar with encryption/decryption, it can be a little intimidating at first.  There are other sites out there that are a little more cipher-noob friendly.

 

 

Edited November 27, 2019 by TheXman

[GoogleDude]

The code I am referring to to encrypt a string in au3 is from the help "_Crypt_EncryptData.au3". I am using that as an example. It works great and serves its purpose as an example. But the encrypted string is 0x0blahblahblah. I can decrypt that same string using the other au3 decrypt script, but what I am after is the ability to generate a string from something like android/webpage/*nix etc.. but with the correct key can be decrypted by au3. None of the websites or android type apps iv played with encrypt a string where the encrypted string is in the same format as au3. Im not an expert at all on encryption but I wouldn't call myself a complete noob at it either. my thinking was that if I used some type or common encryption also such as aes128/256 or something on both ends with the same key I should be heading in the correct direction.

Thanks for the reply. I will check out that website you refer to.

~GD

Edited November 27, 2019 by GoogleDude

[TheXman]

11 minutes ago, GoogleDude said:

my thinking was that if I used some type or common encryption also such as aes128/256 or something on both ends with the same key I should be heading in the correct direction

The quote above is true.  If you are going to use a block cipher, like AES, then you just need to make sure that mode (usually CBC), encryption/decryption key, and the initialization vector (IV) are the same when encrypting and decrypting.

Edited November 27, 2019 by TheXman

[GoogleDude]

Thanks. At least my train of thought is somewhat valid. How would I set the IV in au3?

~GD

[TheXman]

Looking at the crypt.au3 UDF, I don't think it gives you a way to set it.  The last time I played with those functions, I think it leaves the IV as NULL.  So when testing on sites like Cryptii, you can use 0x000000...0000.

If you wanted to actually use an IV, and you wanted to use the deprecated functions being used in the crypt.au3 UDF, then you would use the CryptSetKeyParam function.  In other words, you would have to code that function yourself.  But leaving it all 0's works and is fine.

https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsetkeyparam

 

Edited May 3, 2022 by TheXman

[GoogleDude]

I dont really care so much about the IV or even using block chain so much. Im just looking for a somewhat simple/easy way of encrypting a string from outside of au3 with a key/or password and being able to decrypt it with the same key in au3.  Im trying to use this meathod for encrypting data send across a au3 tcp server from a android tablet or other platforms that can send raw tcp/udp data to a au3 tcp server. Doesnt have to be top notch encryption just something basic or at least better than none.

~SG

[TheXman]

I understand.  If you want to continue to use the crypt.au3, and you don't require "top-notch" encryption, then I would suggest using a stream cipher, like RC4.  It is much easier to implement, especially for stream-based data.  It is a simple cipher and relatively fast when compared to block ciphers, like AES.  Stream ciphers do not use blocks, so you do not have to worry about modes, padding, initialization vectors, and other block-related stuff. 

For the record, cryptii can encrypt/decrypt RC4 too.  On Cryptii, don't worry about the RC4 "drop bytes", just leave it at 0.  The crypt.au3 UDF does not implement RC4-Drop, it uses straight RC4.

Edited November 28, 2019 by TheXman