asked on

Need to know if I can step through PHP code to understand what the code is doing.

I have some PHP code from a Word Press plugin that I am trying to understand.

The situation is that we are using this plug-in to encrypt data on a web site, which uses the OpenSSL lib and AES-CBC encryption. I need to decrypt the data in a outside system. I have VBA code to decrypt AES, but I can't get it to work.

The plug-in has a test and verification tool where you can type a string, it encrypts it, shows the encrypted text, and then the decrypted text as a check to verify that everything is working correctly. What I am doing is copying the encrypted text and then trying to decrypt with VBA as a test.

I have looked through the plug-in code and found the procedures they are using as part of their verification tool, but I don't fully understand PHP code.

Is there any way on a Word Press site using PHP code that I can step through the code as it executes and inspect variables? That would be very helpful in figuring this out.

If not, I will post the code in another question for help in figuring out the steps that are being used.

Jim.

SOLUTION

gr8gonzo

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Jim Dettman (EE MVE)

ASKER

which might not necessarily help you (and you could just write those parameters to a file anyway if you wanted to capture them, instead of trying to use a full-fledged debugger).

I may need to do that in order to see what's going on. We're trying to get support on the plug-in from the author (this is Gravity Forms Encryption), but from past comments, it seems like they will not answer these types of questions and not knowing PHP, I'm stuck.

Just update this question with your PHP and VBA code.

Below is the PHP code. I'm using the OpenSSL encryption and where I'm getting hung-up is what their doing with the $key in various places. For example, what they are doing on lines 45-47 (gfef_get_key()).

For their test utility, I tried using:

tester 12345678

and got this as an encrypted string:

GFEncrypt: d88990c33652062f989dfc279ac1dlaTJQSlpaNlp2NFIzKytRcUYxUT09

I know the basics of encryption, what MD5, and SHA256 is, etc, but haven't worked with them a ton, and I can reference all the standard PHP calls, but things like concatenation is what I'm getting lost with. For example, I can't figure out if 'GFEncrypt:' is being passed in as part of the encrypted text of if that is being stripped of (I believe it is - line #58). Also what is being done with $iv.

I'll stop here and let you review.

Jim.

// Decrypt
function gfef_decrypt($text, $key = null) {
                $use_mcrypt                                     = apply_filters('gform_use_mcrypt', function_exists( 'mcrypt_decrypt'));
                $use_openssl                                    = function_exists('openssl_encrypt') && extension_loaded('openssl');
                $gfe_type                                           = get_option('gfe_encryption_method');
                $gfe_key                                             = false;
                if (get_option('gfe_encryption_key')) {
                                $gfe_key                             = md5(esc_html__(get_option('gfe_encryption_key')));
                }
                $secure_key                                      = substr($text, 0, 11);
                $key                                                      = gfef_get_key($gfe_key, 'decrypt');
                
                if ($secure_key === 'GFEncrypt: ') {
                                $secure_key = 'locked';
                } else {
                                $secure_key = 'unlocked';
                }
                
                if ($gfe_type == 2 && $use_mcrypt && $gfe_key && $secure_key === 'locked') {
                                $mcrypt_cipher_name = MCRYPT_RIJNDAEL_128;
                                $iv_size                                = mcrypt_get_iv_size($mcrypt_cipher_name, MCRYPT_MODE_CBC);
                                $text_decode                   = substr($text, 11);
                                $iv                                          = substr($text_decode, 0, $iv_size);
                                $text_decode                   = base64_decode(substr($text_decode, $iv_size + 10));
                                $decrypted_value           = trim(mcrypt_decrypt($mcrypt_cipher_name, $key, $text_decode, MCRYPT_MODE_CBC, $iv));
                } else if ($gfe_type == 1 && $gfe_key && $use_openssl && $secure_key === 'locked') {
                                $decrypted_value           = gfef_ssl_decrypt($text, $key);
                } else {
                                $decrypted_value           = $text;
                }
                return $decrypted_value;
}


// GET/CREATE KEY
function gfef_get_key($gfe_key, $operation) {
                $gfe_key_override                         = esc_html__(get_option('gfe_encryption_key_override'));
                if ($operation) {
                                if ($operation === 'decrypt') {
                                                if ($gfe_key_override) {
                                                                $gfe_key = md5($gfe_key_override);
                                                }
                                }
                }
                $password                                                          = "!c64l?" . trim($gfe_key) . "h4s?09aq-p3x";
                $salt                                                                       = gfef_get_salt() === false ? gfef_create_salt(false) : gfef_get_salt();
                $key                                                                      = md5(hash('SHA256', $salt . $password, true));
                
                return $key;
}


// OPEN SSL Decrypt
function gfef_ssl_decrypt($text, $key) {
    $ssl_cipher_name = "AES-256-CBC";
    $key                                   = hash('sha256', $key);
   $iv_size                             = openssl_cipher_iv_length($ssl_cipher_name);  // iv for AES-256-CBC = 16 bytes
   $text_decode                = substr($text, 11);
    $iv                                       = substr($text_decode, 0, $iv_size);
    $text_decode                = substr($text_decode, $iv_size + 10);
    $text                                 = trim(openssl_decrypt(base64_decode($text_decode), $ssl_cipher_name, $key, 0, $iv));

    return $text;
}

Open in new window

ASKER CERTIFIED SOLUTION

gr8gonzo

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Jim Dettman (EE MVE)

ASKER

so I'd suggest just dumping the key to a file right before you run the decrypt:

Excellent....that should get me going. In the plug-in settings, there is a "web site key" and a "password key", but no where could I find what was being used and how. Writing the key like that will help a lot (which is why I asked about stepping through the code at first).

So the decryption routine should:

I'll try that and let you know.

and it is using OpenSSL BTW

Jim.

Jim Dettman (EE MVE)

ASKER

Doesn't look like I'm going to get this resolved for a few days yet. I need to dig up (or write) some VBA code to do the SHA256 hash.

So I'm going to go ahead and close this out. Will ask another question if I get stuck again.

Thanks!
Jim.

Jim Dettman (EE MVE)

ASKER

Understood the question, got right to the point, and gave me exactly what I needed!

Jim.

Jim Dettman (EE MVE)

ASKER

This new closing process...yuck.

Jim.