CODEWITHSUNDEEP
phpencryptioncoldfusion
Calvin Tse
Calvin Tse

Reputation: 71

php code decrypt the coldfusion encrypted string

we are trying to decrypt the coldfusion encrypted string with AES/OFB/Nopadding in PHP. However, we got think even worse, we try all the solution here but still cannot get it work.

here is the code from CF

<cfsetting enablecfoutputonly="Yes">
<!--- Set encoding --->
<cfset k_strCharset="UTF-8">
<cfcontent type="text/html; charset=#k_strCharset#">
<cfset setEncoding("URL", "#k_strCharset#")>
<cfset setEncoding("FORM", "#k_strCharset#")>

<!--- Get variables --->
<cfif IsDefined("FORM.K1")><cfset fv_strK1="#FORM.K1#"><cfelse><cfset fv_strK1=""></cfif><!--- xxx --->
<cfif IsDefined("FORM.S1")><cfset fv_strS1="#FORM.S1#"><cfelse><cfset fv_strS1=""></cfif>
<cfif IsDefined("FORM.S2")><cfset fv_strS2="#FORM.S2#"><cfelse><cfset fv_strS2=""></cfif>

<!--- Encrypt / Decrypt --->
<cfif fv_strK1 is "xxx">
    <cfif fv_strS1 is not "">
        <cfset fv_strS2 = Encrypt(fv_strS1, fv_strK1, "AES/OFB/NoPadding", "BASE64")>
    <cfelseif fv_strS2 is not "">
        <cfset fv_strS1 = Decrypt(fv_strS2, fv_strK1, "AES/OFB/NoPadding", "BASE64")>
    </cfif>
    <cfset fv_strS3 = "">
    <cfset fv_strS4 = "">
    <cfset fv_strS5 = "">
</cfif>

<cfsetting enablecfoutputonly="No">

then we do php as

<?php 

$z  = "bf19zWnbPmJxOvzRuP85Bw=="; 
$encrypted_string="q2SYE7hWWltsBw5byuwl/IkGmOOm+94=";
$source_text = html_entity_decode(getDecrypt($encrypted_string, $z), ENT_NOQUOTES, 'UTF-8');


//echo trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_OFB));

echo "<br>" . $z . "<br>";

// echo trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, base64_decode($z), base64_decode($encrypted_string), MCRYPT_MODE_OFB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_OFB), MCRYPT_RAND)));



echo "\n\nPlain-Text:\n" . $source_text . "\n";



// Functions
function getDecrypt($str, $key) {
    return ofb_decrypt(base64_decode($str),$key);
}

function ofb_decrypt($str, $key, $iv = ' ' ) 
{
    if ($iv==' ' & strlen($str) < 16)
        return false;
    $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, ' ' , MCRYPT_MODE_NOFB, ' ');

    //RECEOVER IV
    $iv_size = mcrypt_enc_get_iv_size($td);
    if (empty($iv)) {
            $iv = substr($str,0,$iv_size);
            $str = substr($str,$iv_size);
    }

// initialize encryption
mcrypt_generic_init($td, $key, $iv);

// decrypt
$decrypted_string = mdecrypt_generic($td, $str);

// terminate decrtypion 
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

return $decrypted_string;
}


?>

the $encrypted_string is created by using the CF script above.

then we got the result is �=�����@�&O%NSC��#�p�:�

much appreciate if someone can give me a hint with it.

thank you

Upvotes: 4

Views: 981

Answers (2)

Leigh
Leigh

Reputation: 28873

(I realize this is a couple years old, but in case anyone runs into the same problem ... )

OFB mode requires an IV. Although the ColdFusion code did not specify an IV explicitly, one was still generated automatically and prepended to the result. That IV must be extracted properly when decrypting, or the result will be gibberish. 1. Decode the encrypted base64 string first. 2. Then extract the IV and data from the decoded value and decrypt as usual.

PHP:

$key = base64_decode("bf19zWnbPmJxOvzRuP85Bw==");
$encrypted="q2SYE7hWWltsBw5byuwl/IkGmOOm+94=";

$decoded = base64_decode($encrypted);
$ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_NOFB);
$iv = substr($decoded, 0, $ivSize);
$data = substr($decoded, $ivSize);

$text = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_NOFB, $iv);

Result:

testing

Upvotes: 0

Nalin Singapuri
Nalin Singapuri

Reputation: 463

Im able to get "testing" (and some garbage) out of the string using the poorly documented 'ncfb' argument to mcrypt_decrypt (http://php.net/manual/en/mcrypt.constants.php). I think the garbage is related to the block size...some additional input examples would be helpful.

function decryptColdfusionString($key, $data)
{
    $retVal = mcrypt_decrypt(
        MCRYPT_RIJNDAEL_128,
        base64_decode($key),
        base64_decode($data),
        'ncfb',
        '0000000000000000'
    );

    return $retVal;
}

$key  = "bf19zWnbPmJxOvzRuP85Bw==";
$data = "q2SYE7hWWltsBw5byuwl/IkGmOOm+94=";

echo decryptColdfusionString($key, $data) . PHP_EOL;

Upvotes: 0

Related Questions