All geek questions in one place

How to decrypt text in Java (Android) that was encrypted by Crypt in Laravel?

I need to decrypt some data that I get from the server, and the programmer who made the API directed me to this Encrypter class to see what it used to encrypt.

Now, based on this class, I found that the algorithm used is AES128 CBC, and that the string I receive is Base64 encoded and contains other data, not just ciphertext.

Namely, if I get the following line:

eyJpdiI6InJsSzRlU3pDZTBBUVNwMzdXMjVcL0tBPT0iLCJ2YWx1ZSI6Ik5JOENsSVVWaWk2RGNhNlwvWjJNeG94UzVkclwvMGJOREQreWUyS1UzclRMND0iLCJtYWMiOiJhZTZkYjNkNGM2ZTliNmU0ZTc0MTRiNDBmMzFlZTJhNTczZWIxMjk4N2YwMjlhODA1NTIyMDEzODljNDY2OTk2In0

after decoding base64 I get:

 {"iv":"rlK4eSzCe0AQSp37W25\/KA==","value":"NI8ClIUVii6Dca6\/Z2MxoxS5dr\/0bNDD+ye2KU3rTL4=","mac":"ae6db3d4c6e9b6e4e7414b40f31ee2a573eb12987f029a80552201389c466996"}

Based on the line 99 of the Encrypter class ( iv = base64_decode($payload['iv']); ), I executed another base64 decoder on iv and value and got iv length 16. Those that I passed as parameters to the function below:

  public static String decrypt(String iv, String encryptedData) throws Exception { byte[] keyValue = "zy2dEd1pKG5i3WuWbvOBolFQR84AYbvN".getBytes(); Key key = new SecretKeySpec(keyValue, "AES"); Cipher c = Cipher.getInstance("AES/CBC/PKCS7Padding"); c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv.getBytes())); byte[] decordedValue = Base64.decode(encryptedData.getBytes(), Base64.DEFAULT); byte[] decValue = c.doFinal(decordedValue); return new String(decValue); }

But I get the following error:

 10-06 19:13:33.601 12895-12895/? W/System.err: java.security.InvalidAlgorithmParameterException: expected IV length of 16 10-06 19:13:33.601 12895-12895/? W/System.err: at com.android.org.conscrypt.OpenSSLCipher.engineInitInternal(OpenSSLCipher.java:281) 10-06 19:13:33.601 12895-12895/? W/System.err: at com.android.org.conscrypt.OpenSSLCipher.engineInit(OpenSSLCipher.java:323) 10-06 19:13:33.601 12895-12895/? W/System.err: at javax.crypto.Cipher.init(Cipher.java:751) 10-06 19:13:33.601 12895-12895/? W/System.err: at javax.crypto.Cipher.init(Cipher.java:701) 10-06 19:13:33.601 12895-12895/? W/System.err: at com.example.kushtrim.testproject.MainActivity.decrypt(MainActivity.java:62) 10-06 19:13:33.601 12895-12895/? W/System.err: at com.example.kushtrim.testproject.MainActivity.onCreate(MainActivity.java:45) 10-06 19:13:33.601 12895-12895/? W/System.err: at android.app.Activity.performCreate(Activity.java:5990) 10-06 19:13:33.601 12895-12895/? W/System.err: at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1106) 10-06 19:13:33.601 12895-12895/? W/System.err: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2278) 10-06 19:13:33.601 12895-12895/? W/System.err: at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2387) 10-06 19:13:33.601 12895-12895/? W/System.err: at android.app.ActivityThread.access$800(ActivityThread.java:151) 10-06 19:13:33.601 12895-12895/? W/System.err: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1303) 10-06 19:13:33.602 12895-12895/? W/System.err: at android.os.Handler.dispatchMessage(Handler.java:102) 10-06 19:13:33.602 12895-12895/? W/System.err: at android.os.Looper.loop(Looper.java:135) 10-06 19:13:33.602 12895-12895/? W/System.err: at android.app.ActivityThread.main(ActivityThread.java:5254) 10-06 19:13:33.602 12895-12895/? W/System.err: at java.lang.reflect.Method.invoke(Native Method) 10-06 19:13:33.602 12895-12895/? W/System.err: at java.lang.reflect.Method.invoke(Method.java:372) 10-06 19:13:33.602 12895-12895/? W/System.err: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903) 10-06 19:13:33.602 12895-12895/? W/System.err: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698)

Note. String iv has a length of 16, but iv.getBytes() returns an array of length 26.

Can someone tell me where I did wrong and how I can fix it. Thanks /

EDIT
After the comment, I made some changes that resolved the above error:
Before I got base64 decoding iv , converting bytes to String, and then passing that String to the decryption method, which in turn is called getBytes (). One way or another, this led to the byte array having a length of 26.
Sending the byte array that I received after base64 decoding to the decryption method fixed the problem.
Now this method is as follows:

 public static String decrypt(byte[] iv, String encryptedData) throws Exception { byte[] keyValue = "zy2dEd1pKG5i3WuWbvOBolFQR84AYbvN".getBytes(); Key key = new SecretKeySpec(keyValue, "AES"); Cipher c = Cipher.getInstance("AES/CBC/PKCS7Padding"); c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv)); byte[] decordedValue = Base64.decode(encryptedData.getBytes(), Base64.DEFAULT); byte[] decValue = c.doFinal(decordedValue); return new String(decValue); }

Now I have another strange problem:
The text I encrypted in the first place was KushtrimPacaj , but the decrypted text s:13:"KushtrimPacaj"; . Where does this other part come from? 13 perhaps represents the length of the KushtrimPacaj ?

Edit
Here's the working code, if anyone needs it:
https://gist.github.com/KushtrimPacaj/43a383ab419fc222f80e

+5
source share
1 answer

You can see the function in padAndMcrypt() so that the given $ value is serialized using the PHP serialize() function . You can unserialize() function in Java, or you can split the byte array yourself if you always encrypt strings in PHP.

 int firstQuoteIndex = 0; while(decValue[firstQuoteIndex] != (byte)'"') firstQuoteIndex++; return new String(Arrays.copyOfRange(decValue, firstQuoteIndex + 1, decValue.length-2));

Full code:

 public static String decrypt(byte[] keyValue, String ivValue, String encryptedData) throws Exception { Key key = new SecretKeySpec(keyValue, "AES"); byte[] iv = Base64.decode(ivValue.getBytes("UTF-8"), Base64.DEFAULT); byte[] decodedValue = Base64.decode(encryptedData.getBytes("UTF-8"), Base64.DEFAULT); Cipher c = Cipher.getInstance("AES/CBC/PKCS7Padding"); // or PKCS5Padding c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv)); byte[] decValue = c.doFinal(decodedValue); int firstQuoteIndex = 0; while(decValue[firstQuoteIndex] != (byte)'"') firstQuoteIndex++; return new String(Arrays.copyOfRange(decValue, firstQuoteIndex + 1, decValue.length-2)); }

MAC validation is always a good idea, as it prevents some attacks, such as add-on insult attacks. This is also a very good way to detect common modifications to encrypted texts.

Full MAC Validation Code:

 public static String decrypt(byte[] keyValue, String ivValue, String encryptedData, String macValue) throws Exception { Key key = new SecretKeySpec(keyValue, "AES"); byte[] iv = Base64.decode(ivValue.getBytes("UTF-8"), Base64.DEFAULT); byte[] decodedValue = Base64.decode(encryptedData.getBytes("UTF-8"), Base64.DEFAULT); SecretKeySpec macKey = new SecretKeySpec(keyValue, "HmacSHA256"); Mac hmacSha256 = Mac.getInstance("HmacSHA256"); hmacSha256.init(macKey); hmacSha256.update(ivValue.getBytes("UTF-8")); byte[] calcMac = hmacSha256.doFinal(encryptedData.getBytes("UTF-8")); byte[] mac = Hex.decodeHex(macValue.toCharArray()); if (!secureEquals(calcMac, mac)) return null; // or throw exception Cipher c = Cipher.getInstance("AES/CBC/PKCS7Padding"); // or PKCS5Padding c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv)); byte[] decValue = c.doFinal(decodedValue); int firstQuoteIndex = 0; while(decValue[firstQuoteIndex] != (byte)'"') firstQuoteIndex++; return new String(Arrays.copyOfRange(decValue, firstQuoteIndex + 1, decValue.length-2)); } /* Constant-time compare to prevent timing attacks on invalid authentication tags. */ public static boolean secureEquals(final byte[] known, final byte[] user) { int knownLen = known.length; int userLen = user.length; int result = knownLen ^ userLen; for (int i = 0; i < knownLen; i++) { result |= known[i] ^ user[i % userLen]; } return result == 0; }
+2
source

Source: https://habr.com/ru/post/1233077/

More articles:


All Articles