Announcement

Collapse
No announcement yet.

MSN contact grabber for Powerbasic - Still need help.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MSN contact grabber for Powerbasic - Still need help.

    Well I have almost everything working. But i cant still figure
    how this part (The REMarked one) is translated into PowerBASIC:

    Code:
    FUNCTION Derive_key(Key AS STRING, Magic AS STRING) AS STRING
      LOCAL hash1, hash2, hash3, hash4 AS STRING
      hash1 = HMac_Sha1(Key, Magic)
      hash2 = HMac_Sha1(Key, Hash1 & Magic)
      hash3 = HMac_Sha1(Key, hash1)
      hash4 = HMac_Sha1(Key, Hash3 & Magic)
      FUNCTION = Hash2 & MID$(Hash4, 1, 4)
    END FUNCTION
    
    FUNCTION MBI_Encrypt(Key AS STRING, nonce AS STRING) AS STRING
    
            LOCAL key1, key2, key3, IV, hHash, Gg AS STRING
    
            key1 = DecodeStr64(key)
    
            key2 = derive_key(key1, "WS-SecureConversationSESSION KEY HASH")
            key3 = derive_key(key1, "WS-SecureConversationSESSION KEY ENCRYPTION")
    
    
            hHash = HMac_Sha1(Key2, nonce)
    
            RANDOMIZE TIMER
            IV = "aT7gJlKz"
    
    '        alg3 = TripleDESCryptoServiceProvider.Create
    '        alg3.Key = Encoding.Default.GetBytes(key3)
    '        alg3.Mode = CipherMode.CBC
    '        alg3.IV = iv
    '        akm = alg3.CreateEncryptor
    
            Gg = (nonce & CHR$(8,8,8,8,8,8,8,8))
           
            FUNCTION = EncodeStr64(MKDWD$(28) & MKDWD$(1) & MKDWD$(26115) & MKDWD$(32772) & MKDWD$(8) & MKDWD$(LEN(hHash)) & MKDWD$(LEN(Gg)) & IV & hHash & Gg)
            
    END FUNCTION
    I have received lots of help already, but If someone can help me ill appreciate it very much. The part that is not translated is REMarked.

    Here is a reference in PYTON:
    http://www.openrce.org/blog/view/449...ion_scheme_REd

    Here is snippet in Java:
    Code:
              //generate key's
              byte key1[] = Base64Coder.decode(secret);
              byte key2[] = derive_key(key1, "WS-SecureConversationSESSION KEY HASH".getBytes());
              byte key3[] = derive_key(key1, "WS-SecureConversationSESSION KEY ENCRYPTION".getBytes());
    
              //create hash
              byte hash[] = HMAC(key2, nonce.getBytes());
    
              //add 8 bytes to the nonce
              byte nonceFillup[] = new byte[8];
              for(int i = 0; i < 8; i++){
                nonceFillup[i] = 0x08;
              }
    
              //create des3 thingy
              byte des[] = DES3(key3, byteCombine(nonce.getBytes(),nonceFillup), iv);
    
              //fill struct
              byte struct[] = byteCombine(byteCombine(byteCombine(start, iv ), hash ), des);
    
              //return stuff
              return ticket +" "+ new String(Base64Coder.encode(struct));
    Same code in C For Linux:
    http://www.eroster.cn/article/article_50.html

    And here is a reference in VB .NET (I think):
    http://72.14.205.104/search?q=cache:...lnk&cd=3&gl=mx



    More Info Here:
    http://forums.fanatic.net.nz/index.p...r&f=91&t=18479

    All the rest of the code is already working, and i will make it available
    when finished.

    I dont know what commands like "TripleDESCryptoServiceProvider" do, Ill investigate it.

    Feel free to help in any possible way, i will appreciate it very much.
    Last edited by Elias Montoya; 15 Feb 2008, 10:58 AM.

  • #2
    Elias,

    All of those examples are importing crypto classes or libraries, where the real work is done.

    M$ had a very nice digital signature object in MSXML5, but only in the M$ Office version, and they removed it in version 6.

    There's also the old Windows crypto API, which probably doesn't support newer algorithyms, and its replacement is .NET only.

    You might have a look here:

    http://www.planet-source-code.com/vb...50290&lngWId=1

    There's also OpenSSL, which the "C" example you posted is using.
    Last edited by Paul Franks; 15 Feb 2008, 12:19 PM.
    --pdf

    Comment


    • #3
      Originally posted by Paul Franks View Post
      Elias,

      All of those examples are importing crypto classes or libraries, where the real work is done.
      Hmm... that could be bad, since i need this to be a PB CGI, i cant use any
      classes or tools that are not installed in my server...

      Comment


      • #4
        Hello Paul,

        Thanx for enduring me all this days of questions.
        Please check this:

        http://www.powerbasic.com/support/pb...ack+encryption


        Maybe i can use that to encrypt as DES3?

        Comment


        • #5
          I ported this DES3 functions from Purebasic to PowerBasic.... Can i use it for my purpose? :yawn2::coffee2:lease::afraid::lam:


          Code:
          #INCLUDE "WINCRYPT.INC"
          
          %PROV_RSA_FULL   = 1
          %ALG_SID_MD5     = 3
          %ALG_SID_RC4     = 1
          %ALG_SID_RC5     = 13
          %ALG_CLASS_DATA_ENCRYPT = 24576
          
          %ALG_CLASS_HASH  = 32768
          %ALG_TYPE_ANY    = 0
          %ALG_TYPE_STREAM = 2048
          %CALG_MD5        = %ALG_CLASS_HASH OR %ALG_TYPE_ANY OR %ALG_SID_MD5
          %ALG_TYPE_BLOCK  = 1536
          %CRYPT_OAEP      = 64
          %CALG_RC4          = %ALG_CLASS_DATA_ENCRYPT OR %ALG_TYPE_STREAM OR %ALG_SID_RC4
          %CALG_RC5          = %ALG_CLASS_DATA_ENCRYPT OR %ALG_TYPE_BLOCK OR %ALG_SID_RC5
          %CRYPT_CREATE_SALT = 4
          %CRYPT_EXPORTABLE  = 1
          %CRYPT_NEWKEYSET   = 8
          $MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0"
          %ALG_SID_3DES = 3
          %CALG_3DES = %ALG_CLASS_DATA_ENCRYPT OR %ALG_TYPE_BLOCK OR %ALG_SID_3DES
          $MS_ENHANCED_PROV = "Microsoft Enhanced Cryptographic Provider v1.0"
          
          
          '=========================================================================================================
          FUNCTION DES3_Encrypt(StringToEncrypt AS STRING, Key AS STRING) AS STRING
          
            LOCAL Buffer AS ASCIIZ * 1024
            LOCAL myKey  AS ASCIIZ * 1024
            LOCAL myIV   AS ASCIIZ * 1024
            LOCAL hProv AS LONG
            LOCAL hhash AS LONG
            LOCAL hKey  AS LONG
            LOCAL DataLength AS LONG
          
            DataLength = LEN(StringToEncrypt)
          
            Buffer = StringToEncrypt
            myKey  = Key
            myIV   = IV
          
            IF ISFALSE(CryptAcquireContext(hProv, BYVAL %NULL, TRIM$($MS_ENHANCED_PROV & CHR$(0)), %PROV_RSA_FULL, 0)) THEN
             CryptAcquireContext(hProv, BYVAL %NULL, TRIM$($MS_ENHANCED_PROV & CHR$(0)), %PROV_RSA_FULL, %CRYPT_NEWKEYSET)
            END IF
          
            IF hProv THEN
              CALL CryptCreateHash(hProv, %CALG_MD5, 0, 0, hHash)
              IF hHash THEN
                CryptHashData(hHash, BYVAL VARPTR(myKey), LEN(Key), 0)
                CryptDeriveKey(hProv, %CALG_3DES, hHash, %CRYPT_EXPORTABLE, hKey)
                IF hKey THEN
                  IF CryptEncrypt(hKey, 0, 1, 0, BYVAL VARPTR(Buffer), DataLength, (LEN(StringToEncrypt)+200)) THEN
                  END IF
                  CryptDestroyKey(hKey)
                END IF
                CryptDestroyHash(hHash)
              END IF
              CryptReleaseContext(hProv, 0)
            END IF
          
            FUNCTION = EncodeStr64(LTRIM$(Buffer))
          
          END FUNCTION
          
          
          FUNCTION DES3_Decrypt(StringToDecrypt AS STRING, Key AS STRING) AS STRING
          
            LOCAL hProv AS LONG
            LOCAL hhash AS LONG
            LOCAL hKey  AS LONG
            LOCAL DataLength AS LONG
          
            LOCAL Result AS STRING
            LOCAL Buffer AS ASCIIZ * 1024
            LOCAL myKey  AS ASCIIZ * 1024
          
            'SetLastError 0
          
            Buffer     = Decodestr64(StringToDecrypt)
            myKey      = Key
            DataLength = LEN(Buffer)
          
            IF ISFALSE(CryptAcquireContext(hProv, BYVAL %Null, TRIM$($MS_ENHANCED_PROV & CHR$(0)), %PROV_RSA_FULL, 0)) THEN
              CryptAcquireContext(hProv, BYVAL %Null, TRIM$($MS_ENHANCED_PROV & CHR$(0)), %PROV_RSA_FULL, %CRYPT_NEWKEYSET)
            END IF
          
            IF hProv THEN
              CryptCreateHash(hProv, %CALG_MD5, 0, 0, hHash)
              IF hHash THEN
                CryptHashData(hHash, BYVAL VARPTR(myKey), LEN(Key), 0)
                CryptDeriveKey(hProv, %CALG_3DES, hHash, %CRYPT_EXPORTABLE, hKey)
                IF hKey THEN
                  IF CryptDecrypt(hKey, 0, %True, 0, BYVAL VARPTR(Buffer), DataLength) THEN
                    Result = PEEK$(VARPTR(Buffer), DataLength)
                  END IF
                  CryptDestroyKey(hKey)
                END IF
                CryptDestroyHash(hHash)
              END IF
              CryptReleaseContext(hProv, 0)
            END IF
          
            FUNCTION = Result
          
          END FUNCTION

          Comment


          • #6
            Elias,

            I'm not really up to speed on crypto, mostly just use SSL by using the https protocol. Your DES3 function looks OK, but you may want to ask about it in a more active forum, like the Programming forum.
            --pdf

            Comment


            • #7
              Thats a very good idea paul, i think ill do it.

              Comment

              Working...
              X