Just want to decode the code into plain text

2020-05-07 06:14发布

问题:

We would like to know more about function get_rnd_iv() and md5_encrypt() these function for using 128bit encoding. Now here we just want to know how to decode that code into plain text...

Here is my all code lines..

function get_rnd_iv($iv_len)
{
   $iv = '';
   while ($iv_len-- > 0) {
       $iv .= chr(mt_rand() & 0xff);
   }
   return $iv;
}

function md5_encrypt($plain_text, $password, $iv_len = 16)
{
   $plain_text .= "\x13";
   $n = strlen($plain_text);
   if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
   $i = 0;
   $enc_text = get_rnd_iv($iv_len);
   $iv = substr($password ^ $enc_text, 0, 512);
   while ($i < $n) {
       $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
       $enc_text .= $block;
       $iv = substr($block . $iv, 0, 512) ^ $password;
       $i += 16;
   }
   return base64_encode($enc_text);
}

function md5_decrypt($enc_text, $password, $iv_len = 16)
{
   $enc_text = base64_decode($enc_text);
   $n = strlen($enc_text);
   $i = $iv_len;
   $plain_text = '';
   $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
   while ($i < $n) {
       $block = substr($enc_text, $i, 16);
       $plain_text .= $block ^ pack('H*', md5($iv));
       $iv = substr($block . $iv, 0, 512) ^ $password;
       $i += 16;
   }
   return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
?>

回答1:

We would like to know more about function get_rnd_iv() and md5_encrypt()

But you don't say what it is that you want to know!

There's an _encrypt() and a _decrypt() - what's the problem?

I'm no cryptoanalyst - but the functions are very badly named - md5 is a hashing function NOT an encryption function - i.e. the point of md5 is to make the data un-decryptable - certainly this symmetric algorithm is using an md5 function - but it doesn't implement just md5.

The point of an IV is so that encrypting the same message with the same key gives a different output (and hence makes replay attacks and key identification more difficult). NB the IV needs to be generated for encrpytion and the same value passed to the decryption fn. In the case of the code you've provided it is being incorporated into the output - but can be handled separately.

I could be wrong, but the algorithm here looks like a variation on WEP



回答2:

I might not fully understand your question, but as far as encrypting and decrypting is what you ask for here with that code:

$plain_text = 'Hello World';
$password = 'bb98x! jKl\'5#}';
$enc_text = md5_encrypt($plain_text, $password);
$text = md5_decrypt($enc_text, $password);
var_dump($plain_text, $enc_text, $text);

Output:

string(11) "Hello World"
string(44) "52tXWp087mLYL/Rd1z8Bbb8sQbE+pp2+tlY95UCmkqc="
string(11) "Hello World"

This seems so obvious that I dunno if that is really what you're asking for.