Skip to content
/ php-xecryption Public

PHP encrypt/decrypt/cracking library for the toy XECryption cryptographic(ally insecure) algorithm.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fabacab/php-xecryption

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
tests
tests
 
 
README.markdown
README.markdown
 
 
XECryption.class.php
XECryption.class.php
 
 
phpunit.xml
phpunit.xml
 
 
xecrypt.php
xecrypt.php
 
 

Repository files navigation

PHP-XECryption

XECryption is a simplistic (broken) symmetric key cipher used in several popular amateur cryptography training courses. I thought it might be fun to write a few toy scripts that used it so I whipped up this PHP library to help with that. Then I went down the rabbit hole: ANSI escape sequences for video text terminals, readline interactivity, various experiments at ASCII text recognition, whatever I felt like.

So, that's what that repository is.

In case it needs to be stated more obviously: XECryption is NOT secure. DO NOT USE THIS library for anything important. This algorithm is HORRIBLY BROKEN. Kthxbai.

Using

Include the XECryption.class.php file in your project, then call its encrypt() or decrypt() methods as follows:

requre_once 'XECryption.class.php';

// Encrypting.
$plaintext  = "Hello world.";
$passphrase = "fascists deserve painful deaths"; // What? It's true.
$ciphertext = XECryption::encrypt($plaintext, $passphrase);

// Decrypting.
$plaintext = XECryption::decrypt($ciphertext, $passphrase);

Command-line interface

There is also xecrypt.php, a command-line tool that interacts with the library. It expects to find XECryption.class.php in the current directory, but you can set your shell's XECRYPT_LIBRARY_PATH variable to another directory. For instance, in Bash:

export XECRYPT_LIBRARY_PATH=/usr/local/XECryption

The above will tell xecrypt.php to expect the library in /usr/local/XECryption/XECryption.class.php.

In any event, using the script is simple.

To encrypt the contents of a file:

php xecrypt.php --mode encrypt --file my_secret_message.txt --pass "secret passphrase" > my_encrypted_message

To decrypt the contents of a file:

php xecrypt.php --mode decrypt --file my_encrypted_message --pass "secret passphrase"

Interactive attack modes

You can try "cracking" XECryption-enciphered strings interactively.

A pseudo-automated dictionary (wordlist) attack:

$ php xecrypt.php --mode dict --file my_encrypted_message --dict /path/to/wordlist.dict
XECryption::dictionaryAttack() progress...
...250
...500
...750
Possible plaintext: 
%"RJR/ZGEt{rvkqp

                ZGEt{rvkq
Password candidate: aaal
Continue guessing? [y]: y
...1000
...1250
...1500
...1750
...2000
...2250
Possible plaintext:
# PHP-XECryption

XECryption is a simplistic (broken) symmetric key cipher
Password candidate: aabm
Continue guessing? [y]: n

And a brute force attack:

$ php xecrypt.php --mode brute --file my_encrypted_file --start 0 --max 1000

When using --mode brute, the --start and --max flags are optional and default to the values shown.

See also

About

PHP encrypt/decrypt/cracking library for the toy XECryption cryptographic(ally insecure) algorithm.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages