Created
January 13, 2020 15:46
-
-
Save insteps/db43bdf0fcbca1ac57afc6277332ffee to your computer and use it in GitHub Desktop.
shell script for decryption in codeigniter-v3.1.11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# Copyright (c) 2020 V.Krishn | |
# | |
# This program is free software; you can redistribute it and/or | |
# modify it under the terms of the Simplified BSD License (also | |
# known as the "2-Clause License" or "FreeBSD License".) | |
# | |
# This program is distributed in the hope that it will be useful, | |
# but without any warranty; without even the implied warranty of | |
# merchantability or fitness for a particular purpose. | |
# | |
# Author contact information: | |
# vkrishn@insteps.net | |
# http://www.insteps.net | |
# | |
# ****************************************************************** | |
# | |
# Code to decrypt encrypted ciphertext from codeigniter's encryption. | |
# Use at your own risk. | |
# | |
# | |
fpath=$(readlink -f $0) | |
PWD=$(pwd) | |
# length = 64 | |
# move it to separate file if its in production server | |
KEY='e4c634ec33ca2ddf19ea2657b74f4ee234bdf0cc438e94ae6bb6effd0e6425e0' | |
HexToBin() { | |
echo $1 | xxd -r -ps | |
# echo $1 | xxd -r -p | |
} | |
BinToHex() { | |
echo $1 | xxd -ps -c 200 | |
# echo $1 | xxd -p -c 200 | |
} | |
BinToBase64() { | |
echo $1 | base64 -w 200 | |
} | |
Base64ToBin() { | |
echo $1 | base64 -d | |
} | |
# ------------------------------------------------------------------- | |
# HKDF | |
# | |
# @link https://tools.ietf.org/rfc/rfc5869.txt | |
# # TODO | |
# ------------------------------------------------------------------- | |
HMAC_Enc() { | |
LENGTH=$(HexToBin $KEY | wc -c) | |
openssl pkeyutl -kdf HKDF -kdflen $LENGTH \ | |
-pkeyopt md:SHA512 \ | |
-pkeyopt hexkey:$KEY \ | |
-pkeyopt salt:'' \ | |
-pkeyopt info:'encryption' | xxd -ps -c 200 | |
} | |
# hmac_key | |
# OPTS: md, salt, key, info | |
# KEY = original key (hex format) # length = 64 | |
# OUTPUT = hmac2 (used in HMAC_Digest) | |
HMAC_Auth() { | |
LENGTH=64 | |
openssl pkeyutl -kdf HKDF -kdflen $LENGTH \ | |
-pkeyopt md:SHA512 \ | |
-pkeyopt hexkey:$KEY \ | |
-pkeyopt salt:'' \ | |
-pkeyopt info:'authentication' | xxd -ps -c 200 | |
} | |
HMAC_Digest() { | |
data="$1" # data in BASE64 format | |
# hmac2="$2" # key in hex format | |
local hmac2=$(HMAC_Auth) # key in hex format | |
echo -n $data | openssl dgst -sha512 -hex -mac HMAC -macopt hexkey:"$hmac2" | |
} | |
# ------------------------------------------------------------------- | |
# INPUT BASE64 format, # OUTPUT BASE64 format | |
_getData() { | |
local data="$1" | |
local DLENGTH=$(echo -n $data | wc -c) | |
local LENGTH='129' | |
if [ "$DLENGTH" -lt "$LENGTH" ]; then | |
echo $data; return | |
fi | |
echo $(echo -n $data | cut -b ${LENGTH}-) | |
} | |
# INPUT BASE64 format, # OUTPUT binary | |
GetData() { | |
local data="$1"; local DATA=$(_getData "$data") | |
echo -n "$DATA" | base64 -d --ignore-garbage | xxd -p -s16 | xxd -r -ps | |
} | |
# INPUT BASE64 format, # OUTPUT hexkey | |
GetIv() { | |
local data="$1"; local DATA=$(_getData "$data") | |
echo -n "$DATA" | base64 -d --ignore-garbage \ | |
| cut -z -b-16 | xxd -ps \ | |
| cut -z -b-32 | tr -d '\0' # works | |
} | |
# INPUT BASE64 format, # OUTPUT text | |
DECODE() { | |
local DATA=$1 | |
# local DATA=$(< './cip.txt') | |
HMACKEY=$(HMAC_Enc) | |
IV=$(GetIv $DATA) | |
# GetData $DATA > cip2 | |
GetData $DATA | openssl enc -d -aes-256-ctr -nosalt -nopad -K "${HMACKEY}" -iv "${IV}" | |
# cat 'cip2' | openssl enc -d -aes-256-ctr -nosalt -nopad -K "${HMACKEY}" -iv "${IV}" | |
} | |
_DO_TEST() { | |
# --------------------------------------------------------- | |
plain_text='This is a plain-text message!' | |
# --------------------------------------------------------- | |
echo '-------------------------------------------------------------' | |
echo 'plain_text: This is a plain-text message!' | |
echo 'KEY: hex e4c634ec33ca2ddf19ea2657b74f4ee234bdf0cc438e94ae6bb6effd0e6425e0' | |
echo 'HMACKEY: hex 9ae1114a640416327dca7550a41fdaab96e1710190ce378cc3bd41aedf3462af' | |
echo '$iv: bin2hex 7e809c42eef914127c219ba264f3f4b3' '(str fixed for TEST)' | |
echo '$iv: base64 foCcQu75FBJ8IZuiZPP0sw==' | |
echo '$data: bin2hex 36dc07b8c946e337ddd56c9233801cc5b1a9719fe0d6dbb8fa0e7b35db' | |
echo '$data: base64 NtwHuMlG4zfd1WySM4AcxbGpcZ/g1tu4+g57Nds=' | |
echo '-------------------------------------------------------------' | |
# hmac2='4df73cfce3dc9ccc239bc94858f7c7cc218bc4704b234c5af3bd7ea3d965e33f40c4e48b61fc0ca633cc891d86dc7488d4077ee0c801adde62c23ccca23f280a' | |
# hmac3='f1ef53a04514bd269197a31593244626d03db71f0733a2c402c0f74b81c34233c420a6264efc939553e076fbaccfd83feac17d5a210cad8ca781f4866d39af31' | |
# --------------------------------------------------------- | |
data='foCcQu75FBJ8IZuiZPP0szbcB7jJRuM33dVskjOAHMWxqXGf4NbbuPoOezXb' # == base64(binary (iv+data)) | |
fullDATA='f1ef53a04514bd269197a31593244626d03db71f0733a2c402c0f74b81c34233c420a6264efc939553e076fbaccfd83feac17d5a210cad8ca781f4866d39af31foCcQu75FBJ8IZuiZPP0szbcB7jJRuM33dVskjOAHMWxqXGf4NbbuPoOezXb' # HMAC_Digest+iv+data | |
# --------------------------------------------------------- | |
# --------------------------------------------------------- | |
# --------------------------------------------------------- | |
echo '$data: '$data | |
# ------------------- works | |
echo '>>> HMAC_Enc::'$(HMAC_Enc) | |
echo '>>> HMAC_Auth::'$(HMAC_Auth) | |
data=$(_getData "$fullDATA") | |
echo '>>> HMAC_Digest::'$(HMAC_Digest "$data") | |
echo '>>> GetIv::'$(GetIv "$fullDATA") | |
echo '>>> DECODE::'$(DECODE "$fullDATA") | |
# ------------------- | |
# --------------------------------------------------------- | |
# --------------------------------------------------------- | |
} | |
Current params that works well are:
$params = array(
'driver' => 'openssl',
'cipher' => 'aes-256',
'mode' => 'ctr',
'key' => $key,
'hmac' => TRUE,
'hmac_digest' => 'sha512',
'base64' => 1,
);
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
#!/bin/sh
HOWTO DECODE
source ./lib.sh
_TEMPF='cip.txt' # file containing ciphertext
ct=$(cat "$_TEMPF");
if [ $(echo $ct | wc -c) -lt 128 ]; then exit; fi
DECODE $ct