No announcement yet.

What is XOR encryption and how do you do it in Powerbasic?

  • Filter
  • Time
  • Show
Clear All
new posts

  • What is XOR encryption and how do you do it in Powerbasic?

    Anyone seen something like this?
    I need to write a function where I can decode messages coming in and encode messages going out.

    Payload is masked using XOR encryption (with a 32-bit key).

    What is XOR encryption?

    Here is a javascript example, I think..
    uint8_t payload[payload_len];
    read_bytes(payload, payload_len);
    or (i = 0; i < payload_len; i++) payload[i] ^= mask[i % 4];
    This the frame I need to encode and decode for websocket communications.

    Data going from the client to the server is masked using XOR encryption (with a 32-bit key).
        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       |F|R|R|R| opcode|M| Payload len |    Extended payload length    |
       |I|S|S|S|  (4)  |A|     (7)     |             (16/64)           |
       |N|V|V|V|       |S|             |   (if payload len==126/127)   |
       | |1|2|3|       |K|             |                               |
       +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
       |     Extended payload length continued, if payload len == 127  |
       + - - - - - - - - - - - - - - - +-------------------------------+
       |                               |Masking-key, if MASK set to 1  |
       | Masking-key (continued)       |          Payload Data         |
       +-------------------------------- - - - - - - - - - - - - - - - +
       :                     Payload Data continued ...                :
       + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
       |                     Payload Data continued ...                |
    FIN  - 1: Indicates final frame that makes up the message.
    RSV 1- 3: Are reserved
    The MASK bit simply tells whether the message is encoded.
    Messages from the client must be masked, so your server should expect this to be 1.
    The opcode field defines how to interpret the payload data:
    0x0 for continuation, 0x1 for text (which is always encoded in UTF-8),
    0x2 for binary, and other so-called "control codes" that will be discussed later.
    In this version of WebSockets, 0x3 to 0x7 and 0xB to 0xF have no meaning.
    Payload data:
    Read bits 9-15 (inclusive) and interpret that as an unsigned integer.
    If it's 125 or less, then that's the length; you're done.
    If it's 126, go to step 2. If it's 127, go to step 3.
    Read the next 16 bits and interpret those as an unsigned integer. You're done.
    Read the next 64 bits and interpret those as an unsigned integer.
    The most significant bit MUST be 0. You're done.

  • #2
    It becomes a One Time Pad (OTP) if the key is as long as the data.


    • #3
      I found an XOR thing...
      FUNCTION CryptedString  (StrIn AS STRING, CryptKey AS STRING) AS STRING
         LOCAL StrPos AS LONG, KeyPos AS LONG, KeyLen AS LONG, StrOut AS STRING
         LOCAL CharIn AS BYTE, kCharIn AS BYTE, CharOut AS BYTE
         KeyLen = LEN(CryptKey)
         StrOut = STRING$ (LEN(StrIn), 0)  ' binary zeros as default
         FOR StrPos = 1 TO LEN (StrIn)
                KeyPos = (StrPos MOD(KeyLen -1)) + 1  ' add one to convert range (0:len-1)
                                                      ' to range (1:LEN)
                CharIn                 = ASC(StrIn, StrPos)
                kCharIn                = ASC (CryptKey, KeyPos)-20
                CharOut                = CharIn XOR kCharIn
                MID$(StrOut, StrPos,1) = CHR$(CharOut)
         NEXT StrPos
         FUNCTION = StrOut
       ONE = CryptedString("Yeah Baby!! That is what i am talking about!", "4598755846587654846")
       TWO = CryptedString(ONE, "4598755846587654846")


      • #4
        If the MASK bit was set (and it should be, for client-to-server messages), read the next 4 octets (32 bits); this is the masking key. Once the payload length and masking key is decoded, you can go ahead and read that number of bytes from the socket. Let's call the data ENCODED, and the key MASK. To get DECODED, loop through the octets (bytes a.k.a. characters for text data) of ENCODED and XOR the octet with the (i modulo 4)th octet of MASK.


        • #5

          The action with XOR based encryption is the unique random pad that it is XORRED against. To produce high quality encryption by this technique you need to produce encryption quality random pads and not re-use them. If you can do this then the encrypted data would have to come close to unbreakable. It has 2 things going for it, there is no indication that decrypting has worked and the complexity raises by the power of 256 for each extra character in the encrypted data. With 1 character you have 256 choices, add another character and you multiply it by 256 and with each character you add it multiplies it by another 256 so any reasonable sentence or much larger document starts to have truly massive numbers of combinations and there is no way to decide which is the right combination.

          In practical terms you make a massive pad, many hundreds of gigabytes and pick the starting offset you want to use for the data you want to encrypt. The reason for using a unique pad is if you keep using the same pad, there is a technique that can eventually break it.

          The down side is you must have an identical pad at both ends which is a problem of transmitting the pad from one place to another without someone else getting a copy of it.
          hutch at movsd dot com
          The MASM Forum


          • #6
            >I need to write a function where I can decode messages coming in and encode messages going out.
            Is there a reason not to use AES256?


            • #7
              XOR is how generated pseudo-random bytes are combined with the data to be protected.


              In the block diagrams on that page the circles filled by a cross represent XOR. The pseudo-random blocks (or streams) generators can be DES, AES, NSA hardware or other algorithms.

              (this is symmetric key encryption, do not confuse with asymmetric key like RSA/trapdoor/one-way encryption)

              So while XOR is used in AES (and others) for generating the pseudo-random from a key, and is also used to combine the p-random with the data; I've never heard of a "XOR encryption" method. You still need a generator like AES.



              • #8

                XOR encryption is in fact very simple. It was designed by an American cryptologist in the early 1920s. If you have a character sequence, often plain text you use a random pad of at least the same length and XOR the two to get encrypted data that can be decrypted by xorring it against the original random pad. The method is very simple but the real action is in producing an encryption quality random pad and it has been done by many methods. Sub sonic rumbling of the universe, microphoned wind turbulence or my favourite, our Kylie singing. Its real inconvenience is you must keep very large random pads and they must be available at both sender and receiver ends. Also you should not keep re-using the same pad as there are techniques that will eventually break it.
                This is a test        < plain text
                xyz1l3xkd5a2h7  < random pad   (not very random)
                The random pad is the key. Rerun the xor of the result with the original random pad and you get the plain text back. Key length is always the plain text length and if the pad is unique, there is no way to break it. The greatest risk is someone (the KGB) getting a copy of the original pad.

                The problem with all key length encryption methods is they are already broken by governments around the world with very big computing grunt. Anything that has a known combination limit gets whacked by this technique and this is the main weakness of limited size keys.
                hutch at movsd dot com
                The MASM Forum



                • #9
                  Then we are agreed.
                  the real action is in producing an encryption quality random
                  I just call the XOR part the combination; and the encryption method the random part (like AES).


                  • #10
                    I see the previous attempt to use WebSockets did not come to an answer.


                    • #11

                      Something I have got is a random pad generator, the basics are no 2 computers are identical, different processes running, different start times from boot and different completion times between task switching will produce a reasonably good random pad that passes the ENT tests well in most instances. I can find the MASM version but have not found the PB version so if its any use to anyone I will post it. You may do better with sub sonic rumbling or Kylie singing or even better, Joe Biden or even Leonard Bresnev but the generator tests well.
                      hutch at movsd dot com
                      The MASM Forum



                      • #12
                        Thanks guys,
                        I need to decode an XOR sent by a websocket.
                        I think I can do it now.


                        • #13

                          I put an encryption algo in the inline assembler sub forum that may be useful to you.

                          hutch at movsd dot com
                          The MASM Forum