Text only | Text with Images

Roundcube Community Forum

News and Announcements => General Discussion => Topic started by: minminmin on March 12, 2016, 06:20:28 AM

Title: Decrypt password from session-vars
Post by: minminmin on March 12, 2016, 06:20:28 AM
In my mysql base i have - table - sesion  cloumn - vars - in base64 line.
After decrypt - i see ;imap_ssl|N;password|s:32:"p8NpbgElKp4NKZH99y010SLAVxfp4+qi"
i have - $rcmail_config['des_key']
and how i can decrypt my password on php or other?
Please help me its my home work in institute)
Title: Re: Decrypt password from session-vars
Post by: JohnDoh on March 12, 2016, 06:32:22 AM
The method Roundcube uses to decrypt strings it has encrypted is here https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube.php#L845
Title: Re: Decrypt password from session-vars
Post by: minminmin on March 12, 2016, 06:48:11 AM
i dond have this file. maybeee i have old version... but im not understant where IV for service like this - http://ninjaencryption.com/encrypt/3des?
or "p8NpbgElKp4NKZH99y010SLAVxfp4+qi" its not 3des?


program/include/rcmail.php
Code Select
  * Decrypt 3DES-encrypted string
   *
   * @param string $cipher encrypted text
   * @param string $key encryption key to retrieve from the configuration, defaults to 'des_key'
   * @param boolean $base64 whether or not input is base64-encoded
   *
   * @return string decrypted text
   */
  public function decrypt($cipher, $key = 'des_key', $base64 = true)
  {
    if (!$cipher)
      return '';

    $cipher = $base64 ? base64_decode($cipher) : $cipher;

    if (function_exists('mcrypt_module_open') &&
        ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
    {
      $iv_size = mcrypt_enc_get_iv_size($td);
      $iv = substr($cipher, 0, $iv_size);

      // session corruption? (#1485970)
      if (strlen($iv) < $iv_size)
        return '';

      $cipher = substr($cipher, $iv_size);
      mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
      $clear = mdecrypt_generic($td, $cipher);
      mcrypt_generic_deinit($td);
      mcrypt_module_close($td);
    }
    else {
      @include_once 'des.inc';

      if (function_exists('des')) {
        $des_iv_size = 8;
        $iv = substr($cipher, 0, $des_iv_size);
        $cipher = substr($cipher, $des_iv_size);
        $clear = des($this->config->get_crypto_key($key), $cipher, 0, 1, $iv);
      }
      else {
        raise_error(array(
          'code' => 500, 'type' => 'php',
          'file' => __FILE__, 'line' => __LINE__,
          'message' => "Could not perform decryption; make sure Mcrypt is installed or lib/des.inc is available"
        ), true, true);
      }
    }

    /*-
     * Trim PHP's padding and the canary byte; see note in
     * rcmail::encrypt() and http://php.net/mcrypt_generic#68082
     */
    $clear = substr(rtrim($clear, "\0"), 0, -1);

    return $clear;
  }
Title: Re: Decrypt password from session-vars
Post by: JohnDoh on March 12, 2016, 12:37:39 PM
I'm not sure what you are asking. That codes shows how the decryption works, how the IV is set etc.
Text only | Text with Images