|
|
#1
10-20-2011, 04:39
|
|||
|
|||
|
Delphi + DCPCrypt 2 (RC6) vs RAD Studio + DCPCrypt 2 (RC6) = KABOOM!
Hi...
Just a question: I've coded an application with delphi, that generates files encrypted with RC6, just as a security measure so the user must generate file through the program and not by hand with notepad. Later on...i moved to RAD Studio XE and used exactly the same files (no modifications at all), to further develop the program to version 2. Well...hard to say, but RC6 fails. Files generated by version 1 (delphi 7) are unreadable from version 2 (rad studio xe). From what i see, difference is not so important...it happens very rarely... here it is an example: Plain String before encryption: ###BDB###R#G#Gx#V#RG#RGx#RV#GG#GV#GxVx#GxVy#RGG#RGV#RGxVx#RGxVy#R#G#Gx#V#RG#RGx#RV#GG#GV#GxVx#GxVy#RGG#RGV#RGxVx#RGxVy###EDB######BOB###3###EOB### Plain String after decryption: ###BDB#oŽVÌ'#$0090'NŒ™^Z'#$11'‹.M™“#RV#GG#GV#GxVx#GxVy#RGG#RGV#RGxVx#RGxVy#R#G#Gx#V#RG#RGx#RV#GG#GV#GxVx#GxVy#RGG#RGV#RGxVx#RGxVy###EDB######BOB###3###EOB### As you can see...something breaks in the middle...you can try with various other strings...and it happens the same...even multiple times if the string is long enough. One thought came to my mind: Delphi 7 is ASCII while RAD Studio XE is UNICODE. That causes many problems and a new version of DPCrypt 2 has been released to address UNICODE issues... I have even problems encrypting and decrypting with the same library on RAD Studio XE by itself...it encrypts but after decryption the result is the same of above. So the question is: a) is it normal that going unicode, i receive different results. If I try on delphi 7 everything is fine...on rad studio and between different versions of delphi the entire thing go mess. b) what can be the problem? dpcrypt 2, unicode, rad studio xe or other things? It's a month that I'm bashing my head on the pc without a solution...tried to change everything but this is the most close to unencrypted i got... Thanks in advance to everyone... (P.S. I can share the code if necessary, nothing secret) 
|
|
#3
10-20-2011, 06:26
|
|||
|
|||
|
What drives me absolutely MAD is that it is QUITE correct...but not ALL correct.
The difference between the before and after is minimal... ###BDB###R#G#Gx#V#RG#RGx#RV# ###BDB#oŽVÌ'#$0090'NŒ™^Z'#$11'‹.M™“#RV# only 16 digits...so 128 bits? It's so nonsense...it seems like one round fails and the others don't. I can't even think about a possible solutions...if the sha1 key was incorrect, the entire decryption should be incorrect but i find miself with partial correct decryption and partial incorrect decryption...and that's crazy... I looked everywhere, but everything is set to take AnsiString...so it is correct. Are there other entities that changed from Ansi to Unicode?
|
|
#4
10-20-2011, 07:08
|
||||
|
||||
|
I've heard that the type 'Char' has been changed from 'AnsiChar' (8bit) to 'WideChar' (16bit) as well. Perhaps your RC6 algo uses this type.
__________________
Real programmers don't read manuals. Reliance on a reference is a hallmark of the novice and the coward.
|
|
#5
10-20-2011, 08:43
|
|||
|
|||
|
there is no "Char" use, but there is a function called "FillChar" that may be causing problems. I don't know how to replace and Embarcadero tips don't work.
I'm currently reviewing for the 100th time all the code and found out that the Decrypt routine does not use FillChar, so it should be safe. The problems may arise in the Initialisation of the Key or in the Creation of the Cipher (Cipher:= TDCP_rc6.Create(nil); Cipher.InitStr(KeyStr,TDCP_sha1)  so I'm investigating this way...UPDATE1: Cipher:= TDCP_rc6.Create(nil); does nothing else than filling KeyData (which is an array of DWord) with $FF and IV and CV (which are array of byte) again with $FF. So unless there is something else wrong, it shouldn't be the culprit... Last edited by TmC; 10-20-2011 at 08:53.
|
|
#6
10-20-2011, 10:28
|
|||
|
|||
|
UPDATE2: I think i got a hold on the whole damn thing... The problem is the following(yet to disclose how to fix it though...):
a) if I load the encrypted text from a file into a string and decrypt that string, the whole damn thing breaks. b) if I load the encrypted text from a constant string hardcoded into rad studio xe, the whole damn thing breaks. c) if I load the encrypted text from a Memo.Text and execute RC6Decrypt(Memo1.Text), THE WHOLE DAMN THING WORKS AND DECRYPTS SUCCESFULLY. So...I am now trying to understand why loading it in a textbox makes it succeed while loading from a string it kills himself... Worse...if i load the encrypted text into a string, and then send it to Memo, the thing FAILS, if i copy from the encrypted file the binary data and paste it directly into memo, the thing WORKS... Does this make any sense?
|
|
#8
10-20-2011, 15:44
|
|||
|
|||
|
My first guess would be that you have an alignment problem. Delphi 7 stores a LongInt as 32 bit, while current Delphi versions align each LongInt to 64 bit (it still only contains 32 bit). There are many possible errors when using incorrect memory addressing. Or it could be inncorrect initialisation of IV when using CBC mode, but the offsets don't really match in the strings you have posted. Or you could start encryption at String[0] and encrypt the string length together with the data.
Could you share the code (include variable declaration)? Or could you share at least some test EXE which includes the encryption code? Did you already try ASM debugging your code?
|
|
#9
10-22-2011, 03:49
|
|||
|
|||
|
OK...the problem is partly solved. Partly because one application begun to work perfeclty even under rad studio XE, while the other fails exactly as beginning. here i paste code from the first and the second:
WORKING APP (previously not working) Code:
procedure TMainForm.BitBtn4Click(Sender: TObject);
var
content, instr, opt: AnsiString;
open: File;
begin
slist.Clear;
OD.DefaultExt := '.sif';
OD.Filter := 'Signatrol Instruction File|*.sif';
OD.Title := 'Please specify a valid Instruction File to load';
while OD.FileName = '' do
begin
OD.Execute;
try
begin
AssignFile(open,OD.FileName);
FileMode := fmOpenRead;
Reset(open,1);
SetLength(content,FileSize(open));
BlockRead(open,content[1],Length(content));
CloseFile(open);
end
except
Messagebox(Application.Handle,'Error while opening the file. Please check that the file exists and it is a valid Signatrol Instruction File and try again!','Severe',MB_ICONERROR);
Exit;
end;
end;
if Copy(content,1,10) <> 'SIGNATROLV' then
begin
Messagebox(Application.Handle,'This is not a valid Signatrol Instruction File. Please specify a valid Signatrol Instruction File and try again!','Severe',MB_ICONERROR);
Exit;
end;
OD.FileName := '';
content := Copy(content,Pos('$',content)+1,Length(content));
content := RC6Decrypt(content,'SIGNATROLV1183919102011');
if Copy(SHA1(Copy(content,1,Pos('###BSB###',content)-1)),1,40) <> Copy(content,Pos('###BSB###',content)+9,40) then
begin
Messagebox(Application.Handle,'File Corrupted! This file was damaged by a Virus or a Bad Sector and can''t be used anymore. Please specify another file try again!','Severe',MB_ICONERROR);
Exit;
end;
content := Copy(content,1,Pos('###BSB###', content) -1);
instr := Copy(content,1,Pos('###EDB###',content)+8);
opt := Copy(content,Pos('###BOB###',content),Length(content));
instr := StringReplace(instr,'###BDB###','',[rfReplaceAll]);
instr := StringReplace(instr,'###EDB###','',[rfReplaceAll]);
while Pos('#',instr) <> 0 do
begin
slist.AddItem(Copy(instr,1,Pos('#',instr)-1),nil);
instr := Copy(instr,Pos('#',instr)+1,Length(instr));
end;
slist.AddItem(instr,nil);
opt := StringReplace(opt,'###BOB###','',[rfReplaceAll]);
opt := StringReplace(opt,'###EOB###','',[rfReplaceAll]);
txtSpanS.Text := opt;
end;
Code:
function TLIC.intCheckLicKey(actcode: AnsiString): boolean; var licdata: array of AnsiString; tmp, xx: String; ok: boolean; r, s, generator : AnsiString; p, q, g, y: TBIGInt; z,i: integer; begin actcode := licdata[0] + #13#10 + licdata[1] + #13#10 + licdata[2] + #13#10 + licdata[3] + #13#10 + licdata[4] + #13#10 + licdata[5] + #13#10 + licdata[6] + #13#10 + licdata[7] + #13#10 + licdata[8] + #13#10 + licdata[9] + #13#10 + licdata[10] + #13#10 + licdata[14]; s := licdata[11] + licData[12]; s := StringReplace(s,'-','',[rfReplaceAll]); ConvertHexStringToBase256String(s,s); r := intRC6Decrypt(Base64DecodeStr(licdata[13]),intCertificate.LSSigKeySeed); <--- I BELIEVE THIS IS THE CAUSE OF THE FAILURE Base10StringToBIGInt(intCertificate.LSSigKeyQ,q); Base10StringToBIGInt(intCertificate.LSSigKeyP,p); Base10StringToBIGInt(intCertificate.LSSigKeyG,g); Base10StringToBIGInt(intCertificate.LSSigKeyY,y); DSAVerify(p, q, g, y, actcode, r, s, ok); if ok then begin //GOOD BOY end else begin //BAD BOY end;
|
|
#10
10-22-2011, 16:41
|
|||
|
|||
|
You define licdata as a variable, but you never initialize it with any value. Did this happen when you copy&pasted the code to publish it here or does you source code really use the variable without initializing it?
RC6 is a block chiper, but I don't see a "length" field anywhere. Are you sure the block your are passing has the correct length? You use intRC6Decrypt in one proc, but RC6Decrypt in the other. Did you check if both produce the same output using the same input data?
|
|
#11
10-22-2011, 22:46
|
|||
|
|||
|
Quote:
Quote:
Quote:
|
|
#12
10-23-2011, 01:44
|
|||
|
|||
|
Quote:
You also use actcode := in your code, but actcode is no variable parameter. You overwrite it before evaluating the value which was passed to the procedure. Quote:
It also looks much like you're using FGInt and some prankster renamed it to BIGInt. (refactoring )
|
|
#13
10-23-2011, 09:27
|
|||
|
|||
|
Quote:
Quote:
Quote:
|
 |
|
|
Linear Mode
