B4J Question Decrypt password protected textfield

[ThRuST]

Hi all! When password protecting the contents entered into a textfield it shows like this : ******

How can I retrieve the information entered as visible chars as they looks encrypted chars in the log ޗޘޙݧݨݩ
Which should be abc123 in this example. Please shed some light on how to handle this.
As a bonus it would be great to encrypt/decrypt this from PHP when the data is sent to a server.

 

[ThRuST]

I found a clue how to solve it here, but please post if you can provide some help. Thanks

 

[Erel]

No encryption is involved here.

Log(TextField.Text) will return the password.

 

[QtechLab]

Hi all! When password protecting the contents entered into a textfield it shows like this : ******

How can I retrieve the information entered as visible chars as they looks encrypted chars in the log ޗޘޙݧݨݩ
Which should be abc123 in this example. Please shed some light on how to handle this.
As a bonus it would be great to encrypt/decrypt this from PHP when the data is sent to a server.

Hello ThRuST, What are you trying to achieve with encryption?
In my project i use AES256 encryption between B4X applications and PHP server. Of course you have to manage the encryption key in the safest way you can. I use a dynamic key (and of course i can't tell how to do it). But if you need a PHP snippet, these are my functions:

<?PHP

function encrypt256($data, $key)
{
    $method = 'aes-256-cbc';
    
    // Must be exact 32 chars (256 bit). Salt32 make a robust hash around the entered key
    $password = salt32($key);
    
    // IV must be exact 16 chars (128 bit) Example with zeros
    $iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
    //
    $encrypted = base64_encode(openssl_encrypt($data, $method, $password, OPENSSL_RAW_DATA, $iv));
    
    return $encrypted;
}

function decrypt256($dataEncrypted, $key)
{
    $method = 'aes-256-cbc';
    
    // Must be exact 32 chars Salt32 make a robust hash around the entered key
    $password = salt32($key);
    
    // IV must be exact 16 chars (128 bit)  Example with zeros
    $iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
    //
    $decrypted = openssl_decrypt(base64_decode($dataEncrypted), $method, $password, OPENSSL_RAW_DATA, $iv);
  
    return $decrypted;
}

?>

 

[ThRuST]

Thanks @Erel and @QtechLab I noticed that the strange chars is caused by the fact that I made a misstake with enctryption and stored it back in the textfield.
Thus causing chars to look strange. I have written my own B4XCryptor library which works well but I messed things up so I'll debug it from scratch.
AES encryption seems good but after a lot of reading about encryption on the net I decided to just roll the chars my own way Anyway thanks for contributing ?

Btw, my B4XCryptor library can be found here

 

[ThRuST]

@QtechLab I've had an idea about converting my B4XCryptor library to be compatible with PHP. So a similar routine is needed.
I've been thinking about doing the conversion routine in PHP myself If you have some time to spare it you might want to look at it ?‍B4X

 

[QtechLab]

Thanks @Erel and @QtechLab I noticed that the strange chars is caused by the fact that I made a misstake with enctryption and stored it back in the textfield.
Thus causing chars to look strange. I have written my own B4XCryptor library which works well but I messed things up so I'll debug it from scratch.
AES encryption seems good but after a lot of reading about encryption on the net I decided to just roll the chars my own way Anyway thanks for contributing ?

Btw, my B4XCryptor library can be found here

AES is Advanced Encryption Standard. Used tons of times from tons of devices, from microcontroller with AES128 to more robust solutions with 256.
Personally i would never try to create a cipher alghoritm myself because it will be too weak.

This is the example code that works with the PHP snippet above. It uses the Encryption library of B4A
With some adjustment you can make B4I functions also.

    public Sub EncryptString(plainText As String, password As String) As String
        Dim encryptor As Cipher
        Dim mDigest As MessageDigest
        Dim bConv As ByteConverter
        Dim baseConv As Base64
        Dim key() As Byte = 'Same password of php with salt
        Dim keygen As KeyGenerator
        keygen.Initialize("AES")
        keygen.KeyFromBytes(key)
        
        Try
            encryptor.Initialize("AES/CBC/PKCS7Padding")
            encryptor.InitialisationVector = Array As Byte(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
        
            Dim aryEncrypted() As Byte = encryptor.Encrypt(bConv.StringToBytes(plainText, "ASCII"), keygen.Key, True)
            Dim retBase As String = baseConv.EncodeBtoS(aryEncrypted, 0, aryEncrypted.Length)
            
            Return retBase
        Catch
            Log(LastException)
        End Try
        
        Return ""
        
    End Sub

    public Sub DecryptString(cipherText As String, password As String) As String
        Dim encryptor As Cipher
        Dim mDigest As MessageDigest
        Dim bConv As ByteConverter
        Dim baseConv As Base64
        Dim key() As Byte = 'Same password of php with salt
        Dim keygen As KeyGenerator
        keygen.Initialize("AES")
        keygen.KeyFromBytes(key)
        Try
            encryptor.Initialize("AES/CBC/PKCS7Padding")
            encryptor.InitialisationVector = Array As Byte(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
            Dim cipherAry() As Byte = baseConv.DecodeStoB(cipherText)
            Dim aryPlain() As Byte = encryptor.Decrypt(cipherAry, keygen.key, True)
            Dim retBase As String = bConv.StringFromBytes(aryPlain, "ASCII")
            
            Return retBase
        Catch
            Log(LastException)
        End Try
        
        Return ""
        
    End Sub

 

[ThRuST]

@QtechLab Interesting. That looks nice I'll try that. Thanks for a very competent contribution to the magic world of B4X ??‍

 

[ThRuST]

Ladies and gentlemen, here's an updated PHP code right outa the box. Credits to @QtechLab with some minor addition from me ??

<?PHP

$data = "JlTf/Y6JTO6dXUbYrEcCuQ==";
$key = "Salted_key_is_here";
$test = decrypt256($data, $key);

echo "Result: " . $test;


function encrypt256($data, $key)
{
    $method = 'aes-256-cbc';
    
    // Must be exact 32 chars (256 bit). Salt32 make a robust hash around the entered key
    $password = $key; //salt32($key);
    
    // IV must be exact 16 chars (128 bit) Example with zeros
    $iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
    //
    $encrypted = base64_encode(openssl_encrypt($data, $method, $password, OPENSSL_RAW_DATA, $iv));
    
    return $encrypted;
}

function decrypt256($dataEncrypted, $key)
{
    $method = 'aes-256-cbc';
    
    // Must be exact 32 chars (256 bit). Salt32 make a robust hash around the entered key
    $password = $key; //salt32($key);
    
    // IV must be exact 16 chars (128 bit)  Example with zeros
    $iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
    //
    $decrypted = openssl_decrypt(base64_decode($dataEncrypted), $method, $password, OPENSSL_RAW_DATA, $iv);
 
    return $decrypted;
}

?>