I have the folowing JAVA class of a XOR “encryption” class:
import java.io.PrintStream;
public class Encryptor
{
private static final String m_strPrivateKey = "4p0L@r1$";
public Encryptor()
{
}
public static String encrypt(String pass)
{
String strTarget = XORString(pass);
strTarget = StringToHex(strTarget);
return strTarget;
}
public static String decrypt(String pass)
{
String strTarget = HexToString(pass);
strTarget = XORString(strTarget);
return strTarget;
}
private static String GetKeyForLength(int nLength)
{
int nKeyLen = "4p0L@r1$".length();
int nRepeats = nLength / nKeyLen + 1;
String strResult = "";
for(int i = 0; i < nRepeats; i++)
{
strResult = strResult + "4p0L@r1$";
}
return strResult.substring(0, nLength);
}
private static String HexToString(String str)
{
StringBuffer sb = new StringBuffer();
char buffDigit[] = new char[4];
buffDigit[0] = '0';
buffDigit[1] = 'x';
int length = str.length() / 2;
byte bytes[] = new byte[length];
for(int i = 0; i < length; i++)
{
buffDigit[2] = str.charAt(i * 2);
buffDigit[3] = str.charAt(i * 2 + 1);
Integer b = Integer.decode(new String(buffDigit));
bytes[i] = (byte)b.intValue();
}
return new String(bytes);
}
private static String XORString(String strTarget)
{
int nTargetLen = strTarget.length();
String strPaddedKey = GetKeyForLength(nTargetLen);
String strResult = "";
byte bytes[] = new byte[nTargetLen];
for(int i = 0; i < nTargetLen; i++)
{
int b = strTarget.charAt(i) ^ strPaddedKey.charAt(i);
bytes[i] = (byte)b;
}
String result = new String(bytes);
return result;
}
private static String StringToHex(String strInput)
{
StringBuffer hex = new StringBuffer();
int nLen = strInput.length();
for(int i = 0; i < nLen; i++)
{
char ch = strInput.charAt(i);
int b = ch;
String hexStr = Integer.toHexString(b);
if(hexStr.length() == 1)
{
hex.append("0");
}
hex.append(Integer.toHexString(b));
}
return hex.toString();
}
public static void main(String args[])
{
if(args.length < 1)
{
System.err.println("Missing password!");
System.exit(-1);
}
String pass = args[0];
String pass2 = encrypt(pass);
System.out.println("Encrypted: " + pass2);
pass2 = decrypt(pass2);
System.out.println("Decrypted: " + pass2);
if(!pass.equals(pass2))
{
System.out.println("Test Failed!");
System.exit(-1);
}
}
}
I tried to port it to Perl like this:
#!/usr/bin/perl
use strict;
use warnings;
my $pass = shift || die "Missing password!\n";
my $pass2 = encrypt($pass);
print "Encrypted: $pass2\n";
$pass2 = decrypt($pass2);
print "Decrypted: $pass2\n";
if ($pass ne $pass2) {
print "Test Failed!\n";
exit(-1);
}
sub encrypt {
my $pass = shift;
my $strTarget = XORString($pass);
$strTarget = StringToHex($strTarget);
return $strTarget;
}
sub decrypt {
my $pass = shift;
my $strTarget = HexToString($pass);
$strTarget = XORString($strTarget);
return $strTarget;
}
sub GetKeyForLength {
my $nLength = shift;
my $nKeyLen = length '4p0L@r1$';
my $nRepeats = $nLength / $nKeyLen + 1;
my $strResult = '4p0L@r1$' x $nRepeats;
return substr $strResult, 0, $nLength;
}
sub HexToString {
my $str = shift;
my @bytes;
while ($str =~ s/^(..)//) {
my $b = eval("0x$1");
push @bytes, chr sprintf("%d", $b);
}
return join "", @bytes;
}
sub XORString {
my $strTarget = shift;
my $nTargetLen = length $strTarget;
my $strPaddedKey = GetKeyForLength($nTargetLen);
my @bytes;
while ($strTarget) {
my $b = (chop $strTarget) ^ (chop $strPaddedKey);
unshift @bytes, $b;
}
return join "", @bytes;
}
sub StringToHex {
my $strInput = shift;
my $hex = "";
for my $ch (split //, $strInput) {
$hex .= sprintf("%02x", ord $ch);
}
return $hex;
}
Code seems ok but the problem is the JAVA class outputs different results than the Perl code.
In JAVA I have the plain-text passsword
mentos
and it is encoded as
&4\=80CHB’
What should I do to my Perl script to get the same result? Where I do wrong?
Another two examples: plain-text
07ch4ssw3bby
is encoded as:
,#(0\=DM.’@ ‘8WQ2T
(note the space after @)
Last example, plain-text:
conf75
encoded as:
&7]P0G-#!
Thanks for help!
Ended up with this, thanks to Joni Salonen:
#!/usr/bin/perl
# XOR password decoder
# Greets: Joni Salonen @ stackoverflow.com
$key = pack("H*","3cb37efae7f4f376ebbd76cd");
print "Enter string to decode: ";
$str=<STDIN>;chomp $str; $str =~ s/\\//g;
$dec = decode($str);
print "Decoded string value: $dec\n";
sub decode{ #Sub to decode
@subvar=@_;
my $sqlstr = $subvar[0];
$cipher = unpack("u", $sqlstr);
$plain = $cipher^$key;
return substr($plain, 0, length($cipher));
}
My only and last problem is that when a “\” is found (actually “\\” as one escaped the real character) the decryption goes wrong :-\
Example encoded string:
“(4\\4XB\:7″G@, “
(I escaped it with double-quotes, last characters of the string is a space, it should decode to
“ovFsB6mu”
Update: thanks to Joni Salonen, I have 100% working final version:
#!/usr/bin/perl
# XOR password decoder
# Greets: Joni Salonen @ stackoverflow.com
$key = pack("H*","3cb37efae7f4f376ebbd76cd");
print "Enter string to decode: ";
$str=<STDIN>;chomp $str; $str =~s/\\(.)/$1/g;
$dec = decode($str);
print "Decoded string value: $dec\n";
sub decode{ #Sub to decode
@subvar=@_;
my $sqlstr = $subvar[0];
$cipher = unpack("u", $sqlstr);
$plain = $cipher^$key;
return substr($plain, 0, length($cipher));
}
Your encryption loop skips the first character of
$strTargetif it happens to be'0'. You could compare it against an empty string instead of checking if it’s “true”:Update: This program decrypts your strings: