Login/Register
decrypt value from blowfish in Objective-C code
Asked Answered
Solved iosobjective-cblowfish
V

1

3

I am recieving the Encrypted data by server (BLOWFISH ALGORITHM) , I have to decrypt it by using blowfish algorithm in IOS.

you can donwload my code from here : https://www.dropbox.com/s/nswsm7des7isgd5/BlowfishTest-4.zip

I am struggling from 2 days with this task , I try lot of links and find few useful :

  1. Blowfish Source code
  2. How to implement Blowfish algorithm in iOS
  3. http://www.codeding.com/articles/blowfish-encryption-algorithm-for-iphone

In third link, i got ECB ( I have to decrypt using ECB). but this code also not gives correct output after decryption.

I am using a online tool for testing and this shows correct output : http://www.tools4noobs.com/online_tools/decrypt/

Key = 20zE1E47BE57$51
Input value is = aed5c110d793f850521a4dd3a56a70d9
Algorithm = BLOWFISH
Mode = ECB
Decode the input using= Hexa

output = aYzY1380188405  ( this is correct output which i want)

and I am getting : ¹àÀhÒ¢º¹iÂF

Here is my code :

//Mode selected by default in nib: “ECB”
NSString *modeString = [encryptionModeControl titleForSegmentAtIndex:encryptionModeControl.selectedSegmentIndex];
BlowfishAlgorithm *blowFish = [BlowfishAlgorithm new];
[blowFish setMode:[BlowfishAlgorithm buildModeEnum:modeString]];
[blowFish setKey:key];
[blowFish setInitVector:initVector];
[blowFish setupKey];

NSString *cipherText = cipherTextView.text;
NSString *plainText = [blowFish decrypt:cipherText];

NSLog(@"cipher-text: %@", cipherText);
NSLog(@"plain-text: %@", plainText);

Note : Server side data is Encrypted using BLOWFISH in ECB mode, and converted to hexadecimal notation. enter image description here

Valerie answered 26/9, 2013 at 15:3 Comment(32)
Show some code please. Not properly dealing with encoding and padding are the most common mistakes.Epidemiology
@MarcusAdams you can download my code from here : dropbox.com/s/nswsm7des7isgd5/BlowfishTest-4.zipValerie
Is there a reason you're using some third party's Blowfish implementation instead of Apple's CommonCrypto API?Essive
@PeterHosey I am getting Encrypted data from server by Blowfish , so i have to dycrypt it by using Blowfish.Valerie
@QueueOverFlow: That's not what I asked. CommonCrypto implements Blowfish already, so why are you adding other implementations to your app instead of just using CommonCrypto for all your Blowfish needs?Essive
@PeterHosey can you send me any link regarding CommonCrypto implementation.Valerie
@QueueOverFlow: https://mcmap.net/q/1696066/-how-to-implement-blowfish-algorithm-in-iosEssive
@PeterHosey I already try this and I also mention this link in my question ( 2nd link "How to implement..."), but same I am getting special Character or Null in my result.Valerie
@QueueOverFlow: You should ask a separate question that shows your CommonCrypto code, along with the input you're giving it and what output you're expecting.Essive
@QueueOverFlow: I agree with Peter, try using CommonCrypto and repost your question. ALso provide some information about the server code, language and code. Can you have the server encrypt data that you supply for testing (chosen plaintext)? Some common problems are padding, additional encodings such as base64 and non character strings that have multibyte characters. Finally, if you have a choice, consider using AES in CBC mode.Longboat
Your code doesn't show input and output, so it's tough to tell what's going wrong here.Epidemiology
@MarcusAdams you can download my code from here : dropbox.com/s/nswsm7des7isgd5/BlowfishTest-4.zipValerie
@Zaph Yes I recieved encrypted data from server, I have to dycrypt it (blowfish ECB). you can download my code dropbox.com/s/nswsm7des7isgd5/BlowfishTest-4.zipValerie
@Valerie FYI: My crypto domain expert just said: Blowfish has vulnerabilities and really should not be used, AES is the preferred encryption algorithm, either 128 or 256 bit (256 is generally overkill). Further, CBC mode should be used over ECB if at all possible rather than ECB.Longboat
@Zaph I add a image in my question, Server side programmer Encrypt the data using BLOWFISH in ECB mode, I have to convert it into plain text.Valerie
A couple of things: 1:the online tool seems to add a byte of 0x00 padding to the key which I don't think the blowfish code is doing. 2) After trying the CommonCrypto Blowfish code it seems that it works differently than say AES in that it does not decrypt all the bytes with the "CCCrypt" call, some research would be needed to figure out what is going on.Longboat
I don't see anything wrong with your code. The library that you are using is providing incorrect results. In other words, it doesn't match the reference implementation.Epidemiology
@MarcusAdams thanks, now I will try another code, I wants decrypt, encrypted value aed5c110d793f850521a4dd3a56a70d9 into result aYzY1380188405 using key 20zE1E47BE57$51.Valerie
@QueueOverFlow: What makes you so sure that that is correct output?Essive
@PeterHosey my friend make same for windows platform. and he is using blowfish algo .. so he also give me same output (aYzY1380188405), and online convert output is also same (aYzY1380188405). please check the windows file. dropbox.com/s/og0j7lj712yflhg/Crypto.cs .... I think problem is in converted to hexadecimal notation. please check the image which i added in my question. (see Encryption Heading)Valerie
@QueueOverFlow: Converting to and from hexadecimal is not difficult. What makes you think that's the problem, and not a difference in configuration or a bug in the Blowfish implementation you're using? Speaking of which, have you tried just using CommonCrypto yet?Essive
@PeterHosey please give me any link and tutorial if you have for CommonCrypto, I am new in encryption/decryption programming so may be it will take my lot of time for research. I am also googling for CommonCrypto now.Valerie
@QueueOverFlow: Again, see https://mcmap.net/q/1696066/-how-to-implement-blowfish-algorithm-in-ios .Essive
Are you really sure about the correct output? I tried to manage a sample app after finding Pandora api implementation and I got this output: <61597a59 31333830 31383834 30350202> ---with this codeline--- NSLog(@"%@", [self PandoraDecrypt:@"aed5c110d793f850521a4dd3a56a70d9"]);Lateshalatest
@codedad yes i am 100% sure. you can check in online converter tool also (see link in my question) . ( My friend use blowfish algorithm code for windows and he is also getting output : aYzY1380188405). here Encrypted data+ hex convertion = aed5c110d793f850521a4dd3a56a70d9 , use key = 20zE1E47BE57$51 and get output = aYzY1380188405Valerie
@codedad yes you are getting right output :).. but it is in Hex, if I convert it into nsstring it gives aYzY1380188405, i just checked in online converter tool string-functions.com/hex-string.aspxValerie
@codedad please give me source code or tell me what i am doing wrongValerie
@codedad: That's almost the output the questioner is presenting, except it's two bytes longer: “aYzY1380188405\02\02”Essive
@QueueOverFlow: Please don't ask for sample code to be emailed to you. If anybody wants to provide sample code, they should post it in their answer for everybody's benefit.Essive
@PeterHosey yes you are rightValerie
OK, soon today I'll post the code as SO answer -- I'm glad to helpLateshalatest
@codedad please post your answer so it will helpful for me and others. thanksValerie
L
5

1) Source of Blowfish routines from David Madore: ftp://quatramaran.ens.fr/pub/madore/misc/blowfish.c

Pls note that in this source .h part should be separated from the .c file.

2) To use Pandora API we have to use the passwords given by its wiki page here: http://pan-do-ra-api.wikia.com/wiki/Json/5/partners

Currently decrypt password is: 20zE1E47BE57$51

3) Use this code snippet (standing on great programmers' shoulders) - original Pandora API implementation is here: https://github.com/alexcrichton/hermes

In AppDelegate.h (for simplicity)

#define PARTNER_DECRYPT  "20zE1E47BE57$51"
...
-(NSData*) PandoraDecrypt:(NSString*) string;

In AppDelegate.m

static char h2i[256] = {
    ['0'] = 0, ['1'] = 1, ['2'] = 2, ['3'] = 3, ['4'] = 4, ['5'] = 5, ['6'] = 6,
    ['7'] = 7, ['8'] = 8, ['9'] = 9, ['a'] = 10, ['b'] = 11, ['c'] = 12,
    ['d'] = 13, ['e'] = 14, ['f'] = 15
};

static void appendByte(unsigned char byte, void *_data) {
    NSMutableData *data = (__bridge NSMutableData*) _data;
    NSLog(@"pre: %@", data);
    [data appendBytes:&byte length:1];
    NSLog(@"post: %@", data);
}

-(NSData*) PandoraDecrypt:(NSString*) string {
    struct blf_ecb_ctx ctx;
    NSMutableData *mut = [[NSMutableData alloc] init];

    Blowfish_ecb_start(&ctx, FALSE, (unsigned char*) PARTNER_DECRYPT,
                       sizeof(PARTNER_DECRYPT) - 1, appendByte,
                       (__bridge void*) mut);

    const char *bytes = [string cStringUsingEncoding:NSASCIIStringEncoding];
    int len = [string lengthOfBytesUsingEncoding:NSASCIIStringEncoding];
    int i;
    for (i = 0; i < len; i += 2) {
        NSLog(@"%c, %c, %d, %d", bytes[i], bytes[i+1], h2i[(int) bytes[i]] * 16, h2i[(int) bytes[i + 1]]);
        Blowfish_ecb_feed(&ctx, h2i[(int) bytes[i]] * 16 + h2i[(int) bytes[i + 1]]);
    }
    Blowfish_ecb_stop(&ctx);

    return mut;
}

And you can use this like:

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
    NSLog(@"%@", [NSString stringWithCString:[
                  [self PandoraDecrypt:@"aed5c110d793f850521a4dd3a56a70d9"] bytes]
                           encoding:NSASCIIStringEncoding]);
    return YES;
}

So it was mainly a research from my side, pls give credit to implementers of the Blowfish api and the pandora api ;-) Also my NSLogs are for research purpose, it highlights how the decryption works.

Lateshalatest answered 1/10, 2013 at 10:6 Comment(12)
thanks your code help me alot. just one little problem. i am getting "aYzY1380188405 ~Ixÿ" few special characters at the end. can we remove these special characters from last? output should be "aYzY1380188405".Valerie
i have to more dig into the blowfish code since this came from the second 8 character block's decryption.Lateshalatest
I tried to test your input using blowfish.online-domain-tools.com and it returns the same as my code. Can we find a different input to further validate the implementation?Lateshalatest
Maybe the tool which you used to get the return value (aYzY1380188405) just cut the non-readable part of the return string...? What is the source of this return value?Lateshalatest
you can use these inputs. 352dd4320d80f2c1f884cadfaaa5f475 ee892f7be4053057aee4872b29772ea7 6a6bb864b6b8e63749f3cdfd00c16d4f NOTE : use R=U!LH$O2B# key for decryption.Valerie
and output after removing first 4 letter. is 1380627680 1380627694 1380627711Valerie
for the first input i get this: 286aa151313338303632373637360202 which is (j¡Q1380627676.. so I see the ending 0202 fot this case too, and moreover it is not matching your output...Lateshalatest
it might be useful to target a basic Pandora query and check the output. Unfortunately I cant access Pandora I'm afraid since it is available basically in US. Anyway what would be a basic Pandora query? I can create sthing and upload to github..Lateshalatest
please add me on skype, my id is gauravk.cqlValerie
have you made advancement creating the api calls?Lateshalatest
not. Now i trying to use the part of github code for decryption and Encryption.Valerie
First link in answer is dead - quatramaran.ens.fr’s server IP address could not be found.Shutin

© 2022 - 2024 — McMap. All rights reserved.