Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Dark GDK / Failed on data decryption

Author
Message
Drowneath
15
Years of Service
User Offline
Joined: 22nd Jun 2009
Location: In your eyes
Posted: 9th Aug 2009 09:31 Edited at: 9th Aug 2009 09:32
Link
Hello there,

For an unknown reason, I got failed on decrypting my data after sending it over the network from the server to the client using Multisync as the network library.

Here I made an illustration image to make my question clearer.



Any kind of help would be appreciated

Thanks.

if(asleep) sheep++;
Back to top
Profile PM Email
dark coder
21
Years of Service
User Offline
Joined: 6th Oct 2002
Location: Japan
Posted: 9th Aug 2009 10:19 Edited at: 9th Aug 2009 10:24
Link
Those network commands take c-style strings meaning their length is determined by scanning across the memory until a zero byte is found(NULL terminator). It's most likely that your encryption routine generates a NULL byte in the encrypted sequence thus causing the full string to not be sent. Perhaps Ben should have overloaded the function to take an optional length . But yea there's not a whole lot you can do to fix that.

[Edit] Then again, now that I look at your images the returned string matches the sent one? Thus I don't see how Multisync can be to blame unless I'm missing something.

Back to top
Profile PM Email
Mista Wilson
16
Years of Service
User Offline
Joined: 27th Aug 2008
Location: Brisbane, Australia
Posted: 9th Aug 2009 10:36
Link
Could the problem be that your decryption key is not being passed properly(or is being corrupted as its passed somehow), so the client isnt able to decrpyt how it should ?

Just a shot in the dark...

If it ain't broke.... DONT FIX IT !!!
Back to top
Profile PM Email
Drowneath
15
Years of Service
User Offline
Joined: 22nd Jun 2009
Location: In your eyes
Posted: 9th Aug 2009 10:44 Edited at: 9th Aug 2009 10:45
Link
I stored the SAME key in both server and client, on the top of the program as a constant var. and both of them are EXACTLY THE SAME.

Mean the key isn't transferred over the network.

if(asleep) sheep++;
Back to top
Profile PM Email
Mista Wilson
16
Years of Service
User Offline
Joined: 27th Aug 2008
Location: Brisbane, Australia
Posted: 9th Aug 2009 11:00
Link
Lol, that answers that...

Anyway, from the images, we can see that the data is actually being sent, and recieved in the same form it was sent.

That tells me that the problem is unlikely to be Multisync(as dark coder said), as the data is being sent and recieved, and thats pretty much as far as multisync is involved by the looks of it...

The only thing being called, inbetween that data being recieved and decrypted is your function, is that right ? I know you said you are 100% sure its not your functions.. but thats what it's looking like(at least at initially), have you checked all pointers/references that are used in those functions are pointing where they should all the time ?

Sorry, I know alot of that seems obvious, just trying to be methodical to find the problem..

If it ain't broke.... DONT FIX IT !!!
Back to top
Profile PM Email
Benjamin
21
Years of Service
User Offline
Joined: 24th Nov 2002
Location: France
Posted: 9th Aug 2009 11:25
Link
You're sending binary data as a string, don't do this. I'm not familiar with AES but I know that some encryption/decryption algorithms fail if part of the encrypted data is missing, and I'm guessing this is what is happening.
Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 9th Aug 2009 11:42 Edited at: 9th Aug 2009 12:11
Link
Your public key declaration is a pointer type const char*.

You are passing in the address of your public key instead of the actual key when you call the decrypt function? You cant use a regular char array?

Quote: "You're sending binary data as a string, don't do this"


Sending an image over the network as a string is fine if you are sending the data as Unicode, and receiving the data as Unicode...hopefully not treating it as ASCII when it arrives. A string at its core is a char array, and a char is nothing more than a representation of a bianary sequence.

Not that it matters...he was not sending an image. The actual data looked like a string to me. Thought the computer was just doing data magic tricks.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
Drowneath
15
Years of Service
User Offline
Joined: 22nd Jun 2009
Location: In your eyes
Posted: 9th Aug 2009 12:57 Edited at: 9th Aug 2009 13:02
Link
@Benjamin: As you can see in the image, nothing is missing, not even a byte.

@Mista Wilson: Why I can be so sure that nothing wrong with the function?
Because it already decrypted some datas before the "wdt 4250 2" without any problem, and successfully decrypted.

Here I made another image to prove that the function really worked.



Well, just a littl explanation about my program, it authenticates user login based on their username and password.

Request for validation
Client > Server: "val <user> <pass>"

Reply the request ("lok" if valid, otherwise "inv")
Server > Client: (login OK) ? "lok" : "inv"

Request for available server listing (wrq = world/server request)
Client > Server: "wrq"

Reply the request (wdt = world data; 4250 = server port; 2 = total available servers)
Server > Client: "wdt 4250 2" <-- the problem is here....



Thanks.

if(asleep) sheep++;
Back to top
Profile PM Email
Benjamin
21
Years of Service
User Offline
Joined: 24th Nov 2002
Location: France
Posted: 9th Aug 2009 13:11 Edited at: 9th Aug 2009 13:14
Link
Quote: "Sending an image over the network as a string is fine if you are sending the data as Unicode, and receiving the data as Unicode...hopefully not treating it as ASCII when it arrives."


Of course, if you convert all the values to text first. But then why would you use Unicode?

Quote: "@Benjamin: As you can see in the image, nothing is missing, not even a byte."


Actually I can't see this, because I don't know if your image is actually showing all the encrypted data to the very end (you only show it up to byte 27 in the 2nd panel).

[edit] Never mind, someone pointed out that the down arrow is greyed out.
Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 9th Aug 2009 13:19 Edited at: 9th Aug 2009 13:26
Link
I did not see the TrimNullToEnd function anyplace else, but it appears just before your function call to decrypt the wdt string.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 9th Aug 2009 13:22 Edited at: 9th Aug 2009 13:25
Link
Quote: "Of course, if you convert all the values to text first. But then why would you use Unicode?"


What!?

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
dark coder
21
Years of Service
User Offline
Joined: 6th Oct 2002
Location: Japan
Posted: 9th Aug 2009 13:26 Edited at: 9th Aug 2009 13:27
Link
Quote: "@Benjamin: As you can see in the image, nothing is missing, not even a byte."


Then you're saying it's a problem with your decryption code. While it's hard to see, in the 2nd frame you can see the 27th char is the last one thus both encrypted strings(up until the NULL terminator) match 100%. Thus multisync cannot have anything to do with the problem.

Quote: "What!?"


Do you even know what unicode is? You wouldn't send an image in unicode because an image(for the most part, depending on format) contains no text characters. Even if it did then it's irrelevant by what standard you send the values as.

Back to top
Profile PM Email
Drowneath
15
Years of Service
User Offline
Joined: 22nd Jun 2009
Location: In your eyes
Posted: 9th Aug 2009 13:36
Link
Quote: "I did not see the TrimNullToEnd function anyplace else, but it appears just before your function call to decrypt the wdt string."


Actually that function finds and replaces remaining bytes to 0 when a null terminator is found in a char array.



if(asleep) sheep++;
Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 9th Aug 2009 13:48 Edited at: 9th Aug 2009 13:54
Link
Quote: "Even if it did then it's irrelevant by what standard you send the values as."


...as long as the receiver was using the same standard...

saying that the standards are irrelevant is like saying HTML is the same thing as XML, char is the same thing as wchar_t, or C and C++ are the same thing;

I was just using that as an example.

Quote: "
Actually that function finds and replaces remaining bytes to 0 when a null terminator is found in a char array.
"


Still the odd man out...but its hard to say without going over your code with a fine tooth comb.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
dark coder
21
Years of Service
User Offline
Joined: 6th Oct 2002
Location: Japan
Posted: 9th Aug 2009 13:54
Link
I'm of course talking about the Unicode standard which has nothing to do with how the value is encoded(wchar_t/UTF-16/32, UTF-8 etc). Unicode only serves to map values to characters such as Chinese characters, how this pertains to image data I don't know, which is what I was saying.

Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 9th Aug 2009 14:10
Link
Quote: "how this pertains to image data I don't know"


You should try opening an image file in notepad...but I will say again Example.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
dark coder
21
Years of Service
User Offline
Joined: 6th Oct 2002
Location: Japan
Posted: 9th Aug 2009 14:39
Link
Quote: "You should try opening an image file in notepad..."


Yes, binary data. What would writing it as Unicode achieve? You expect it to write "This image is of a red apple"?

The difference between sending a c-style string over a network and binary data is that a c-style string is read until a NULL terminator is reached, binary data is either of a known size or a size is prefixed(you can do this with strings too). Thus sending arbitrary binary data as a c-style string is a very bad idea, to avoid this you must make sure no character inside the data block is NULL/0. Writing an image as Unicode doesn't achieve this and it also doesn't make any sense unless you mean to write an RGB value of 255,100,50 as "255100050" thus writing no NULL terminators, but this has nothing to do with Unicode inherently, and if you were to do that you'd most likely use ASCII if anything as you'll never need more than 10 characters.

Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 9th Aug 2009 15:16
Link
Quote: "You expect it to write "This image is of a red apple"?"


No Mr. Powers I expect it to die.

De de dee.

Now lets start at the begining. Read this next part carefuly just to make sure everything is clear to those of us who are a little thick.

Example: Assuming you were sending your data in unicode format text, you should hope that when your data is received it is treated as the same standard it was sent and not something else. This is to retain accuracy of the data.

Now lets do a playback of the conversation. Starting with the comment I originally quoted, we will work our way to present.

Quote: "You're sending binary data as a string, don't do this"


Then with my own personal touches of sarcasim and bull I reply.

Quote: "The actual data looked like a string to me. Thought the computer was just doing data magic tricks."


To which I get this reply...

Quote: "Of course, if you convert all the values to text first. But then why would you use Unicode?"


I respond with a "What!?" as in "What the 'F' are you talking about?"

And that is about where you pushed yourself into my conversation, and started wearing both of our keyboards for no reason other than to try to make yourslef look good or something...

So captain obvious. I promise I wont use sarcasim, or joke in any other way that might be lost on you, or go above your head, if you promise to just stop with the useless bull.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
dark coder
21
Years of Service
User Offline
Joined: 6th Oct 2002
Location: Japan
Posted: 9th Aug 2009 15:34
Link
Quote: "Assuming you were sending your data in unicode format text"


There is no such thing as Unicode format text, Unicode is just a standard list of numbers assigned to characters. How these characters are stored, aka encoded is what's important with regard to network data(which is what we're talking about here).

Your initial post mentioning Unicode was written as if Unicode was some method you could use in order to absolve the issue of sending binary data using strings across networks. The NULL terminator is the exact same value when encoded in UTF-8/16 or 32, the only difference being the length so this doesn't solve the issue of sending such network data.

Quote: "if you promise to just stop with the useless bull."


Useless? I'm just correcting your mistake, people come to this board to learn things, not learn incorrect things. What's with all the hostility?

Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 9th Aug 2009 16:22
Link
Quote: "Your initial post mentioning Unicode was written as if Unicode was some method you could use in order to absolve the issue of sending binary data using strings across networks."


I made no such alegation. If you took what I said out of context, oh well...

If you completely forget everything I just explained, you are lost. Please note one extremely important fact. My first post, in a nutshell said this:

Quote: "It does not make sense to have a string without knowing what encoding it uses. You can no longer stick your head in the sand and pretend that "plain" text is ASCII.

There Ain't No Such Thing As Plain Text.

If you have a string, in memory, in a file, or in an email message, you have to know what encoding it is in or you cannot interpret it or display it to users correctly."


Furthermore:

The Unicode Standard and ISO/IEC 10646 [ISO-10646] jointly define a coded character set (CCS), hereafter referred to as Unicode.

And if you are a programmer working in 2009 and you don't know the basics of characters, character sets, encodings, and Unicode, and I catch you, I'm going to punish you. I swear I will.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
dark coder
21
Years of Service
User Offline
Joined: 6th Oct 2002
Location: Japan
Posted: 9th Aug 2009 17:31
Link
Quote: "I made no such alegation. If you took what I said out of context, oh well..."


How did I take it out of context? You said:

Quote: "Sending an image over the network as a string is fine if you are sending the data as Unicode, and receiving the data as Unicode...hopefully not treating it as ASCII when it arrives."


The issue here is that sending an image as Unicode makes no sense at all. Unicode is to standardize characters, image data contains none as it isn't literature.

Quote: "And if you are a programmer working in 2009 and you don't know the basics of characters, character sets, encodings, and Unicode, and I catch you, I'm going to punish you. I swear I will."


Self harming won't get you anywhere.

Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 9th Aug 2009 17:59 Edited at: 9th Aug 2009 18:22
Link
Anything can contain characters. Its not hard to change data between Dec, Bi, and Oct. But its like I said, really. Whatever.

This is about decrypting a character string. Is it possible to pass image data over a network as strings? Sure, but this thread is not about that so how about you stick to the real issue?

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
Drowneath
15
Years of Service
User Offline
Joined: 22nd Jun 2009
Location: In your eyes
Posted: 11th Aug 2009 03:45
Link
Anyone? :dead:

if(asleep) sheep++;
Back to top
Profile PM Email
Mista Wilson
16
Years of Service
User Offline
Joined: 27th Aug 2008
Location: Brisbane, Australia
Posted: 11th Aug 2009 04:05
Link
So you have successfuly sent encrypted data and been able to recieve it an de-crpyt it inside this program. The problem is this particular string : "wdt 4250 2"

Am I understanding that correctly ? (sorry just making sure we are on the same page)

If you have sent/recieved and been able to decrypt other data in the program, and that string is the only problem, I would first ask myself is there another way I can send that data without using that string, can I use integers in place of characters, can I just send the data as binary and re-assemble it on the other side etc ? If you can get the data across in another way and it works, then the problem would have to be the way you are using the string I guess...

Sorry, ive not come across a problem like this before so just trying to be methodical to help you solve it

If it ain't broke.... DONT FIX IT !!!
Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 11th Aug 2009 04:33
Link
Quote: "I did not see the TrimNullToEnd function anyplace else, but it appears just before your function call to decrypt the wdt string."


Like I said before. If it worked before, than single out everything that is different about the way you handle the information for this one call.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 11th Aug 2009 05:57
Link
Just thought. Besides all the chars at the end of the string should already be null.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
Mista Wilson
16
Years of Service
User Offline
Joined: 27th Aug 2008
Location: Brisbane, Australia
Posted: 11th Aug 2009 06:25
Link
If you are using string, you may need to ensure that your encryption/decryption functions know not to use certain characters... like if there is a \ anywhere in the string, the compiler will interpret that as an escape code and not as a character "\"

Also, I just noticed, but in your first images, in Pane 3.. which is where the data is recieved but not yet de-crypted, the variable : wdtbuf ( addr: 0x0012fca0 ) has as it's 8th character a "\" ... where the string being sent is actually 10 characters long.... ... which means that character 11 should be the null termiantor shouldnt it ?

If it ain't broke.... DONT FIX IT !!!
Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 11th Aug 2009 06:53
Link
Yeah I see one in the encripted string too. I would definately check that out.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
dark coder
21
Years of Service
User Offline
Joined: 6th Oct 2002
Location: Japan
Posted: 11th Aug 2009 09:33
Link
Quote: "If you are using string, you may need to ensure that your encryption/decryption functions know not to use certain characters... like if there is a \ anywhere in the string, the compiler will interpret that as an escape code and not as a character "\""


This only applies to literal strings, as you said yourself, the compiler interprets the escape sequences, this isn't done at runtime.

Although I have no idea how AES 256 operates, is it normal for a 10 char long input to get encrypted into 28 chars? Unless this also stores some info about the key.

Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 11th Aug 2009 09:59
Link
If it stored info about the key in the data that would make sense on some level, but than again, wouldnt that leave your data vulnerable? But if they always used the same encryption method that would eventually become vulnerable as well.

if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
Drowneath
15
Years of Service
User Offline
Joined: 22nd Jun 2009
Location: In your eyes
Posted: 11th Aug 2009 10:16
Link
The key is 63 mixed case alphabet characters and it will be changed each patch release when the entire game is done.

Many ways are possible to hack the data, but atleast I made it harder.

if(asleep) sheep++;
Back to top
Profile PM Email
Mista Wilson
16
Years of Service
User Offline
Joined: 27th Aug 2008
Location: Brisbane, Australia
Posted: 11th Aug 2009 11:08
Link
@Dark Coder - good point, I should have thought of that lol..

I dont know anything about aes256 bit encryption methods myself besides the absolute basics, I guess depending on how it encrypts and decrypts and what its storing in the encryption, like you said, it could be possible that the encrypted string is longer than the decrypted one.

I guess this will have to be one of those topics that i'll have to spend some time learning about one of these days.

If it ain't broke.... DONT FIX IT !!!
Back to top
Profile PM Email
Amnzero
15
Years of Service
User Offline
Joined: 1st Aug 2009
Location:
Posted: 11th Aug 2009 11:27
Link
Comment was not directed at you per se. I was putting my thoughts down as a side note towards figuring out this problem. Ok so yes the key is added in.

Quote: "High-level description of the algorithm
KeyExpansion using Rijndael's key schedule
Initial Round
AddRoundKey
Rounds
SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table.
ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps.
MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column
AddRoundKey—each byte of the state is combined with the round key; each round key is derived from the cipher key using a key schedule.
Final Round (no MixColumns)
SubBytes
ShiftRows
AddRoundKey

[edit] The SubBytes step

In the SubBytes step, each byte in the state is replaced with its entry in a fixed 8-bit lookup table, S; bij = S(aij).In the SubBytes step, each byte in the array is updated using an 8-bit substitution box, the Rijndael S-box. This operation provides the non-linearity in the cipher. The S-box used is derived from the multiplicative inverse over GF(28), known to have good non-linearity properties. To avoid attacks based on simple algebraic properties, the S-box is constructed by combining the inverse function with an invertible affine transformation. The S-box is also chosen to avoid any fixed points (and so is a derangement), and also any opposite fixed points.


[edit] The ShiftRows step

In the ShiftRows step, bytes in each row of the state are shifted cyclically to the left. The number of places each byte is shifted differs for each row.The ShiftRows step operates on the rows of the state; it cyclically shifts the bytes in each row by a certain offset. For AES, the first row is left unchanged. Each byte of the second row is shifted one to the left. Similarly, the third and fourth rows are shifted by offsets of two and three respectively. For the block of size 128 bits and 192 bits the shifting pattern is the same. In this way, each column of the output state of the ShiftRows step is composed of bytes from each column of the input state. (Rijndael variants with a larger block size have slightly different offsets). In the case of the 256-bit block, the first row is unchanged and the shifting for second, third and fourth row is 1 byte, 3 bytes and 4 bytes respectively - this change only applies for the Rijndael cipher when used with a 256-bit block, as AES does not use 256-bit blocks.


[edit] The MixColumns step

In the MixColumns step, each column of the state is multiplied with a fixed polynomial c(x).In the MixColumns step, the four bytes of each column of the state are combined using an invertible linear transformation. The MixColumns function takes four bytes as input and outputs four bytes, where each input byte affects all four output bytes. Together with ShiftRows, MixColumns provides diffusion in the cipher. Each column is treated as a polynomial over GF(28) and is then multiplied modulo x4 + 1 with a fixed polynomial c(x) = 3x3 + x2 + x + 2. The MixColumns step can also be viewed as a multiplication by a particular MDS matrix in Finite field. This process is described further in the article Rijndael mix columns.


[edit] The AddRoundKey step

In the AddRoundKey step, each byte of the state is combined with a byte of the round subkey using the XOR operation (⊕.In the AddRoundKey step, the subkey is combined with the state. For each round, a subkey is derived from the main key using Rijndael's key schedule; each subkey is the same size as the state. The subkey is added by combining each byte of the state with the corresponding byte of the subkey using bitwise XOR."


if(enemy == Amnzero) runAway();
Amnzero->WebSite = L"http://neovance.com/";
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-10-06 07:33:54
Your offset time is: 2024-10-06 07:33:54