Forums Scripts & Popups Help using $encode and $decode.

Never mind at the moment. I think I got it working now.
I changed the script in the body of this post. Does this look right now?

At the very bottom is the text from the changelog. I want to be able to encrypt the text within variable %message with a 56 character (448 bit) key inside variable %key. I don't want this to be a one way password hash. I want to be able to decode it using the key.

I have tried several variations using $encode and $decode and I am doing something wrong as it never works or mIRC throws an error.

/encrypt {
var %message.encrypted
var %message.decrypted
var %message = This is a test.
var %key = hfudnqtwh5jv748djne219fndjem568djsmrmufiuhuihgf789yqnksg

%message.encrypted = $encode(%message,cl,%key)
%message.decrypted = $decode(%message.encrypted,cl,%key)

echo -s The original message is %message
echo -s The encrypted message is %message.encrypted
echo -s The decrypted message is %message.decrypted
}

8.Extended $encode/$decode to support blowfish. By default, the method is compatible with OpenSSL and uses CBC, key hashing, a random salt and PKCS#5 padding. The identifier format is:

$encode(%var | binvar, switches, key, [salt | iv])
$decode(%var | binvar, switches, key, [salt | iv])
Where the switches are:
method: c = cbc or e = ecb encryption (one or the other)
key: l = literal key (optional, must be 56 characters)
salt/iv: s = salt or i = iv or r = randomiv (all optional)
padding: z = zeros, n = one and zeros, p = spaces (all optional)

Is there a better (faster way) of doing this? To test this out, I am making an array with the $envvar command, encrypting it and then decrypting it while outputting the results to the active window each step of the way.

Two questions I wish someone could answer...

Why do the first few characters of the encrypted messages all look the same???

ENCRYPTED MESSAGE IS H4V%L=&5D7U])C05,GHRX)B^/RF_OKGKOCY28.`#;GS%5):47::E'EP``
ENCRYPTED MESSAGE IS M4V%L=&5D7U]GQU=`=@/"J"K4I61XG_9X0FN@.<.8M^/RXCP)+MLU8TA*B_!;#!D0_````
ENCRYPTED MESSAGE IS M4V%L=&5D7U\O_K7Z?7S*[LDZ8]W"]Q":N>S=,]>PL;F2&@(30EF.9L#'SX7<MI5G=O^,$4,QKB3K8R'UP^=N6FD`ZIB>67ZH[)W.A#U%?F[T).Q:^5?5"B9#*661<&`^Q.T=_7`A4;,8RS/Z^I&O!";0``
ENCRYPTED MESSAGE IS M4V%L=&5D7U\(?/5WO[)>X%H^.=\,[!H9_M]/>K*-K:RP;^O'+%5&=#!C`#Y$#,&7?````
ENCRYPTED MESSAGE IS M4V%L=&5D7U^"$JK%70LNE=58KVOZ8:KDWAVU[:MN09*+*[:?;(_[UGU[2FB"3HO?*M\C%(!KR5-<#8$`GW:@B+P``
ENCRYPTED MESSAGE IS M4V%L=&5D7U](.X1]I]U+L683;*Y+IJ)L_W_&(%[0:?AA:N:Q8++.\H3%Y@>`+'+Z`UD,W>:%)BFT`
ENCRYPTED MESSAGE IS M4V%L=&5D7U]=LC[,!K4L[Y?$DMJ-LW;F#JO/X`4O2,;M)\V#,C>7]QA%(%'%#D\YY````
ENCRYPTED MESSAGE IS M4V%L=&5D7U_180+O;OFI"!)Y7NC2-UB=0LB^5FR@N!P(=U6T>;.\I)CRPYOZ#O`^)````
ENCRYPTED MESSAGE IS H4V%L=&5D7U\3T"75+'=L@]9B&OS%LD4,YK)$-5"751LRV*SN2,>!B@``
ENCRYPTED MESSAGE IS M4V%L=&5D7U^>1\12\VK"B/KU/97Y8^S-E,T[:A379<FDQ+.>M`$BDR'<DC8.M64%XO6@_GD@RI7^/N3FBNT*7MBO2@5(<5VEJY2?R`-ZFNC=W^>5X+*\U7E@&&`2<\WA`:````
ENCRYPTED MESSAGE IS M4V%L=&5D7U]KO^L#YOMK"!K1A`O3W9HA#,95#!"I;U16,"6F)--(K%I]^1B/#&6E?````
ENCRYPTED MESSAGE IS M4V%L=&5D7U^5[>5;EH]9KX`1YY\G@L_1!9E:49[#>)=<J7ASC"X/_$;;>BL.#))P-````


Why don't I need an equals sign when assigning values to my variables below?


/encrypt {

; Clears active window.

clear

; Use Windows environment variables as test data for my message encryption script.
; Declare variable %i and assign $envvar(0) (which returns the total amount of Windows OS environment variables) to %i.

var %i = $envvar(0)

; Create a variable array by using the '$+' concatenation operator to append a number (string) to
; the end of each variable as it is declared while also assigning to it the environment name and value
; together as one long string. Not sure why I don't need to use the '=' in between [ $+ [ %i ] ] and $envvar(%i).name.

while (%i >= 1) {
var %message.original. [ $+ [ %i ] ] $envvar(%i).name $+ $chr(32) $+ $chr(61) $+ $chr(32) $+ $envvar(%i).value
dec %i
}

; Reset %i to $envvar(0).

%i = $envvar(0)

; Echo %message.original. array to the active window.

while (%i >= 1) {
echo -a ORIGINAL MESSAGE IS %message.original. [ $+ [ %i ] ]
dec %i
}

; Reset %i to $envvar(0).

%i = $envvar(0)

; %encryption.key MUST be 56 bytes (448 bits) long. Encryption type is Blowfish. http://en.wikipedia.org/wiki/Blowfish_(cipher)

var %encryption.key = hfudnqtwh5jv748djne219fndjem568djsmrmufiuhuihgf789yqnkdg

; Encrypt %message.original. array and assign output to %message.encrypted. array.

while (%i >= 1) {
var %message.encrypted. [ $+ [ %i ] ] $encode(%message.original. [ $+ [ %i ] ],cl,%encryption.key)
dec %i
}

; Reset %i to $envvar(0).

%i = $envvar(0)

; Echo %message.encrypted. array to the active window.

while (%i >= 1) {
echo -a ENCRYPTED MESSAGE IS %message.encrypted. [ $+ [ %i ] ]
dec %i
}

; Reset %i to $envvar(0).

%i = $envvar(0)

; Change the encryption key to see if it garbles the ouput.
; Should not decrypt properly if the %encryption.key variable is changed before decrypting below.
; %encryption.key MUST be 56 bytes (448 bits) long. Encryption type is Blowfish. http://en.wikipedia.org/wiki/Blowfish_(cipher)

%encryption.key = hfudnqtwh5jv748djne219fndjem568djsmrmufiuhuihgf789yqnkdg

while (%i >= 1) {
var %message.decrypted. [ $+ [ %i ] ] $decode(%message.encrypted. [ $+ [ %i ] ],cl,%encryption.key)
dec %i
}

; Reset %i to $envvar(0).

%i = $envvar(0)

; Echo %message.decrypted. array to the active window.

while (%i >= 1) {
echo -a DECRYPTED MESSAGE IS %message.decrypted. [ $+ [ %i ] ]
dec %i
}
}

Question 1: Why do the first few characters of the encrypted messages all look the same???

Answer 1: There is no any specific answer for this mIRC encode way is that also try use an other parameter of $encode and $decode like $encode(<message>,m) and $decode(<message>,m)

Question 2: Why don't I need an equals sign when assigning values to my variables below?

Answer 2: I did not understand that explain more also please when you paste an code use [ code ] and [ /code ] tags (without spaces) to be more clear and readable.

also about your first post have a look into this addon maybe is that you want too.

The first few characters look the same because each line is prefixed with a random salt that starts with the word "Salted__" followed by eight bytes of salt data.

The reason you do not need an equal sign with /var is because it is optional, for historical reasons. However, you should use the equal sign as it makes it clear to the parser, and to yourself when you read through your code, where the assignment value begins.

Sorry about the long posts.



Khaled: I actually did use the equals sign originally in my script but when I did, it became part of the string so I had to take it out. You can see what I mean if you put it in and run it. It's like mIRC isn't parsing it right. Or more likely it might be my script since, I just started learning two days ago.

Also does the default padding for the cipher use the type of padding where the value of each added byte is the number of bytes that are added or is the default padding zero filled etc... I think the default for PKCS5, Blowfish is where each padding byte is the value of the number of padding bytes added.

One last and hopefully final question. Should I be salting the message for the added security?

Thank you so much.

When I put the equal signs in the 3 spots where they should be in the script, it outputs this. The first equals sign in each message should not be there and it also garbles the decrypted messages.

Original message is = AMDAPPSDKROOT = C:\Program Files (x86)\AMD APP\

Original message is = ALLUSERSPROFILE = C:\ProgramData

Encrypted message is = H4V%L=&5D7U__]8Y=Q*N6X8;9$T=7WT\]5#(?H@#2TGD8I07L03N6:@``

Encrypted message is = H4V%L=&5D7U]E1=R1?LP8-KNUY+IODSI5H@340J-RBS3?]P)T;XL&L0``

Decrypted message is = ³ðl&#147;ö¬«ýTÏt&#130;ÂI½S¦&#142;&#1927;84dé;&#1684;×y5ì½%e±%íò>$&#149;Õí&#133;rûÂ

Decrypted message is = &#139;>ìà&#155;&#133;~¼&#151;"~NÏí

My current script as of December 1, 2014 8:14pm CST
I can't use the forum's 'code' section for my script because it won't highlight my trouble areas. Sorry.

/encrypt {

; Clear the active window.

clear

; Check to make sure mIRC is version 7.38 or later so I can use $envvar to populate the message array.

If ($version < 7.38) {
echo -a mIRC v7.38 or later is required. This script uses '$envvar' to populate the message array, which is only available in mIRC v7.38 and later.
halt
}

; Use Windows environment variables as test data for my message encryption script.
; Declare variable %i and assign $envvar(0) (which returns the total amount of Windows OS environment variables) to %i.

var %i = $envvar(0)

; Create a variable array by using the '$+' concatenation operator to append a number (string) to
; the end of each variable as it is declared while also assigning to it the environment name and value
; together as one long string. Not sure why I don't need to use the '=' in between [ $+ [ %i ] ] and $envvar(%i).name.

while (%i >= 1) {
var %message.original. [ $+ [ %i ] ] $envvar(%i).name $+ $chr(32) $+ $chr(61) $+ $chr(32) $+ $envvar(%i).value
; Echo %message.original. array to the active window.
echo -a Original message is %message.original. [ $+ [ %i ] ]
dec %i
}

; Reset %i to $envvar(0).

%i = $envvar(0)

; %encryption.key MUST be 56 bytes (448 bits) long. Encryption type is Blowfish. http://en.wikipedia.org/wiki/Blowfish_(cipher)

var %encryption.key = hfudnqtwh5jv748djne219fndjem568djsmrmufiuhuihgf789yqnkdg

; Encrypt %message.original. array and assign output to %message.encrypted. array.

while (%i >= 1) {
var %message.encrypted. [ $+ [ %i ] ] $encode(%message.original. [ $+ [ %i ] ],cl,%encryption.key)
; Echo %message.encrypted. array to the active window.
echo -a Encrypted message is %message.encrypted. [ $+ [ %i ] ]
dec %i
}

; Reset %i to $envvar(0).

%i = $envvar(0)

; Change the encryption key to see if it garbles the ouput.
; Should not decrypt properly if the %encryption.key variable is changed before decrypting below.
; %encryption.key MUST be 56 bytes (448 bits) long. Encryption type is Blowfish. http://en.wikipedia.org/wiki/Blowfish_(cipher)

%encryption.key = hfudnqtwh5jv748djne219fndjem568djsmrmufiuhuihgf789yqnkdg

while (%i >= 1) {
var %message.decrypted. [ $+ [ %i ] ] $decode(%message.encrypted. [ $+ [ %i ] ],cl,%encryption.key)
; Echo %message.decrypted. array to the active window.
echo -a Decrypted message is %message.decrypted. [ $+ [ %i ] ]
dec %i
}
}

If the encryption uses a random salt, it would be a one way hash because the salt would not be known to the decryption routine, only the key would be known. Is the salt known because it is just uuencoded and appended to the beginning of the encrypted message? If so, wouldn't that defeat the purpose of having the salt. I know I have to be missing something here. I need to read up some more on how the salting works. UPDATE for this paragraph: I see that //echo $encode(Salted__,u) returns (4V%L=&5D7U\` which matches up somewhat with the beginning of each of my encrypted lines. Although the first and last bytes are different.

ENCRYPTED MESSAGE IS H4V%L=&5D7U])C05,GHRX)B^/RF_OKGKOCY28.`#;GS%5):47::E'EP``
ENCRYPTED MESSAGE IS M4V%L=&5D7U]GQU=`=@/"J"K4I61XG_9X0FN@.<.8M^/RXCP)+MLU8TA*B_!;#!D0_````

Shouldn't the salting not be announced and the salt data not be included at the beginning if that is indeed what is taking place. I think mIRC should not add any type of salt to the encryption unless specified in the $encode routine and then if it is specified, should not be added to the beginning of the output message. I would know what the salt is if I add it to the $encode routine and could randomize it myself. That way the salt is only known to me. I really must be missing something here because as it stands, if I understand why salting is done, the behavior does not make sense to me?

I wish you could show me the actual encryption routine so I could understand exactly what is happening.

The padding that OpenSSL's Blowfish implementation defaults to, I believe, where the amount of bytes needed to pad the message is the value of each padding byte, so when the message is decrypted, the routine can easily strip the padding bytes off.

Since OpenSSL is now statically linked inside mIRC, do you use it's library calls? I believe I read somewhere that you said that the routine was compatible with OpenSSl's routine, so I assume you just wrote the routine yourself since Blowfish was placed in the public domain.

I apologize for all the questions. I am not worried about the key exchange since that can be done privately, but I just wanted to make sure I am writing this script in the most secure way possible provided by mIRC. Thank-you.

When a salt is used, the same input will produce different encrypted output. If you run your /encrypt command, you will notice that the output is different every time. So, for example, if you encrypt the message "The Magic Words are Squeamish Ossifrage" without a salt, the encrypted output will always be the same. Someone can then search for that encrypted output to find all references to it, even if they do not know its contents. If you use a salt, that is not possible.

mIRC uses the same method as OpenSSL and uses CBC, key hashing, a random salt and PKCS#5 padding. If you are new to encryption, you really will need to research it. It is not possible to provide an introduction to encryption here as it is a complex topic.

From what I gathered from reading up on the topic the other day, the salt is added to prevent brute force attacks using rainbow tables. I thought the salt couldn't be public. After reading the information again, I realize I was wrong, the only thing that needs to be private is the key and the plain text of course. Thank-you for the quick response.

Any idea on why the '=' equals sign is not being parsed correctly in my script. I had it in originally but it added it to the string instead of using it as a literal operator. Did I do something wrong there. I have that text highlighted in red above. Thanks. My last question for a while. I promise.

The reason for this is that the [] evaluation brackets are being parsed at a different stage in the parser, which interferes with = sign being detected. Unfortunately, this behaviour cannot be changed for backwards compatibility reasons. You will come across many quirks in the scripting language that have to remain in place for the same reason. So this particular case is an exception to the "always use an = sign with /var" rule :-)