Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

port a function from php

by reqnode (Novice)
on Dec 10, 2013 at 15:32 UTC ( #1066447=perlquestion: print w/replies, xml ) Need Help??

reqnode has asked for the wisdom of the Perl Monks concerning the following question:

Hello, i'm trying to port a function from PHP to Perl, a following function: in PHP:
function md5_decrypt($enc_text, $password, $iv_len = 16) { $enc_text = base64_decode($enc_text); $n = strlen($enc_text); $i = $iv_len; $plain_text = ''; $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512); while ($i < $n) { $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H*', md5($iv)); $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } return preg_replace('/\\x13\\x00*$/', '', $plain_text); }
i wrote in perl:
use MIME::Base64; use Digest::MD5 qw(md5 md5_hex md5_base64); use strict; sub md5_decrypt { my $iv_len = 16; my $enc_text = decode_base64(shift); my $password = shift; my $n = length($enc_text); my $i = $iv_len; my $plain_text; my $iv = substr(($password ^ substr($enc_text, 0, $iv_len)), 0, 51 +2); while ($i < $n) { my $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H*', md5_hex($iv)); $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } #$plain_text =~ s/\x13\x00*$//; return $plain_text; }
perl function gives me a different and wrong result decrypting this hash, for example md5_decrypt('XHnhcRzMuo63RqqZmbxW1nQKXqVMm48eXMS6oh9wmBdg9pfXhAmNQEvR+luaVVzk', 'test'); should return 'very secret string', but it doesn't

Replies are listed 'Best First'.
Re: port a function from php
by Crackers2 (Parson) on Dec 10, 2013 at 16:21 UTC

    Are you sure it's perl that's wrong? PHP is giving some weird results. I've added a print in both perl and php:

    print "^:" . strlen($password ^ substr($enc_text, 0, $iv_len)) . "\n";

    (s/strlen/length/ in perl of course), and the result in PHP is 4 instead of the expected 16. Adding a few more lines:

    for ($x=0; $x<$iv_len; $x++) { printf("%02x ", ord(substr($enc_text,$x +,1))); } print "\n"; for ($x=0; $x<$iv_len; $x++) { printf("%02x ", ord(substr($password,$x +,1))); } print "\n"; for ($x=0; $x<$iv_len; $x++) { printf("%02x ", ord(substr($password,$x +,1))^ord(substr($enc_text,$x,1))); } print "\n";

    shows what's going on. Output of those lines on both the perl and php versions shows:

    5c 79 e1 71 1c cc ba 8e b7 46 aa 99 99 bc 56 d6 74 65 73 74 00 00 00 00 00 00 00 00 00 00 00 00 28 1c 92 05 1c cc ba 8e b7 46 aa 99 99 bc 56 d6

    Looks like PHP is truncating the XOR when the shortest string run out, in this case your password, "test". Quick and dirty hack to make perl return the same result is:

    sub md5_decrypt { my $iv_len = 16; my $enc_text = decode_base64(shift); my $password = shift; my $n = length($enc_text); my $i = $iv_len; my $plain_text; my $iv = substr($password ^ substr($enc_text,0,length($password)), + 0, 512); my $x; while ($i < $n) { my $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H*', md5_hex($iv)); $iv = substr($block . $iv, 0, length($password)) ^ $password; $i += 16; } #$plain_text =~ s/\x13\x00*$//; return $plain_text; }

    But somehow I doubt that's actually the right thing to do.

      Well... Consider this perl code for example:
      sub ncp { ($_[0] ^ $_[1]) =~ m/\0*/; $+[0]; }
      This returns the common prefix length for two given strings. Except when it fails, that is. Which happens when NUL's are present in the (longer) string. A case that has actually bitten me before. The PHP semantics would be a win sometimes.
      Wow, your variant worked for 'very secret string' in perl, but when i put any other hash, for example:
      md5_decrypt('2EC0KFZ1aGghEdySB+5Y9nbAfMrk9ky/89vwlA4HyTU=', '34giu34hgiu34hg'); should return '34giu34hgiu34hg'
      perl returns some binaty data... really weird! Any solution?

        Hmm I'm not getting an issue with that particular example; it's coming out f234fgerg5g for me.

        I did say it was a quick hack though :)

        To really emulate php you'd probably want to create a new function, something like:

        sub php_xor { my ($p1,$p2) = @_; my $len = length($p1) < length($p2) ? length($p1) : length($p2); return substr($p1,0,$len) ^ substr($p2,0,$len); }

        and use that where you currently have ^, giving something like:

        use MIME::Base64; use Digest::MD5 qw(md5 md5_hex md5_base64); use strict; sub php_xor { my ($p1,$p2) = @_; my $len = length($p1) < length($p2) ? length($p1) : length($p2); return substr($p1,0,$len) ^ substr($p2,0,$len); } sub md5_decrypt { my $iv_len = 16; my $enc_text = decode_base64(shift); my $password = shift; my $n = length($enc_text); my $i = $iv_len; my $plain_text; my $iv = substr(php_xor($password,substr($enc_text,0,$iv_len)), 0, + 512); my $x; while ($i < $n) { my $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H*', md5_hex($iv)); $iv = php_xor(substr($block . $iv, 0, 512),$password); $i += 16; } #$plain_text =~ s/\x13\x00*$//; return $plain_text; } print md5_decrypt('2EC0KFZ1aGghEdySB+5Y9nbAfMrk9ky/89vwlA4HyTU=', '34g +iu34hgiu34hg') . "\n";

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1066447]
Approved by marto
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2021-11-27 16:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?