port a function from php

reqnode has asked for the wisdom of the Perl Monks concerning the following question:

Hello, i'm trying to port a function from PHP to Perl, a following function: in PHP:

function md5_decrypt($enc_text, $password, $iv_len = 16)
{
    $enc_text = base64_decode($enc_text);
    $n = strlen($enc_text);
    $i = $iv_len;
    $plain_text = '';
    $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
    while ($i < $n) {
        $block = substr($enc_text, $i, 16);
        $plain_text .= $block ^ pack('H*', md5($iv));
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
[download]

i wrote in perl:

use MIME::Base64;
use Digest::MD5 qw(md5 md5_hex md5_base64);
use strict;
sub md5_decrypt
{
my $iv_len = 16;
    my $enc_text = decode_base64(shift);
    my $password = shift;
    my $n = length($enc_text);
    my $i = $iv_len;
    my $plain_text;
    my $iv = substr(($password ^ substr($enc_text, 0, $iv_len)), 0, 51
+2);

    while ($i < $n) {
        my $block = substr($enc_text, $i, 16);
        $plain_text .= $block ^ pack('H*', md5_hex($iv));
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    #$plain_text =~ s/\x13\x00*$//;
    return $plain_text;
}
[download]

perl function gives me a different and wrong result decrypting this hash, for example md5_decrypt('XHnhcRzMuo63RqqZmbxW1nQKXqVMm48eXMS6oh9wmBdg9pfXhAmNQEvR+luaVVzk', 'test'); should return 'very secret string', but it doesn't

Comment on port a function from php Select or Download Code

Replies are listed 'Best First'.
Re: port a function from php by Crackers2 (Parson) on Dec 10, 2013 at 16:21 UTC
Are you sure it's perl that's wrong? PHP is giving some weird results. I've added a print in both perl and php: `print "^:" . strlen($password ^ substr($enc_text, 0, $iv_len)) . "\n";` [download] (s/strlen/length/ in perl of course), and the result in PHP is 4 instead of the expected 16. Adding a few more lines: `for ($x=0; $x<$iv_len; $x++) { printf("%02x ", ord(substr($enc_text,$x +,1))); } print "\n"; for ($x=0; $x<$iv_len; $x++) { printf("%02x ", ord(substr($password,$x +,1))); } print "\n"; for ($x=0; $x<$iv_len; $x++) { printf("%02x ", ord(substr($password,$x +,1))^ord(substr($enc_text,$x,1))); } print "\n";` [download] shows what's going on. Output of those lines on both the perl and php versions shows: `5c 79 e1 71 1c cc ba 8e b7 46 aa 99 99 bc 56 d6 74 65 73 74 00 00 00 00 00 00 00 00 00 00 00 00 28 1c 92 05 1c cc ba 8e b7 46 aa 99 99 bc 56 d6` [download] Looks like PHP is truncating the XOR when the shortest string run out, in this case your password, "test". Quick and dirty hack to make perl return the same result is: `sub md5_decrypt { my $iv_len = 16; my $enc_text = decode_base64(shift); my $password = shift; my $n = length($enc_text); my $i = $iv_len; my $plain_text; my $iv = substr($password ^ substr($enc_text,0,length($password)), + 0, 512); my $x; while ($i < $n) { my $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H', md5_hex($iv)); $iv = substr($block . $iv, 0, length($password)) ^ $password; $i += 16; } #$plain_text =~ s/\x13\x00$//; return $plain_text; }` [download] But somehow I doubt that's actually the right thing to do.	[reply] [d/l] [select]
Re^2: port a function from php by oiskuu (Hermit) on Dec 10, 2013 at 17:22 UTC
Well... Consider this perl code for example: `sub ncp { ($_[0] ^ $_[1]) =~ m/\0*/; $+[0]; }` [download] This returns the common prefix length for two given strings. Except when it fails, that is. Which happens when NUL's are present in the (longer) string. A case that has actually bitten me before. The PHP semantics would be a win sometimes.	[reply] [d/l]
Re^2: port a function from php by reqnode (Novice) on Dec 10, 2013 at 19:36 UTC
Wow, your variant worked for 'very secret string' in perl, but when i put any other hash, for example: `md5_decrypt('2EC0KFZ1aGghEdySB+5Y9nbAfMrk9ky/89vwlA4HyTU=', '34giu34hgiu34hg');` should return '34giu34hgiu34hg' perl returns some binaty data... really weird! Any solution?	[reply] [d/l]
Re^3: port a function from php by Crackers2 (Parson) on Dec 10, 2013 at 20:01 UTC
Hmm I'm not getting an issue with that particular example; it's coming out f234fgerg5g for me. I did say it was a quick hack though :) To really emulate php you'd probably want to create a new function, something like: `sub php_xor { my ($p1,$p2) = @_; my $len = length($p1) < length($p2) ? length($p1) : length($p2); return substr($p1,0,$len) ^ substr($p2,0,$len); }` [download] and use that where you currently have ^, giving something like: use MIME::Base64; use Digest::MD5 qw(md5 md5_hex md5_base64); use strict; sub php_xor { my ($p1,$p2) = @_; my $len = length($p1) < length($p2) ? length($p1) : length($p2); return substr($p1,0,$len) ^ substr($p2,0,$len); } sub md5_decrypt { my $iv_len = 16; my $enc_text = decode_base64(shift); my $password = shift; my $n = length($enc_text); my $i = $iv_len; my $plain_text; my $iv = substr(php_xor($password,substr($enc_text,0,$iv_len)), 0, + 512); my $x; while ($i < $n) { my $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H', md5_hex($iv)); $iv = php_xor(substr($block . $iv, 0, 512),$password); $i += 16; } #$plain_text =~ s/\x13\x00$//; return $plain_text; } print md5_decrypt('2EC0KFZ1aGghEdySB+5Y9nbAfMrk9ky/89vwlA4HyTU=', '34g +iu34hgiu34hg') . "\n"; [download]	[reply] [d/l] [select]
Re^4: port a function from php by reqnode (Novice) on Dec 10, 2013 at 20:07 UTC


Do you know where your variables are?
	PerlMonks