#16
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    37
    Rep Power
    2
    Just to clarify...

    I have a working system - not just a database - but the developers of this system have not continued to keep it updated. it is full of bugs and problems, so we have no choice but to export the data to a new system.

    Using an import tool provided by a different company, we were able to export everything except the invoices - but the invoices are a very important part of it.

    I could go down the route of having the whole application decrypted - so someone could work out how this was done - but I don't know if this is legal.

    Is that my only option?
  2. #17
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by chris74
    Is that my only option?
    No. Like I said, I'm pretty sure it's possible to attack the encryption function and find out the key. If ionCube encrypted stuff can be included in custom scripts, one might also use the original encryption function (with the real key) to encrypt the invoice IDs one by one.

    There are many possibilities I could think of. But I think this is something for a freelancer with actual access to the scripts and the possibility to try out things directly.

    One warning, though: Choose wisely whom you give access to your scripts. Don't go with the first one offering help for cheap money. You don't want yet another incompetent "developer" fumbling with your data.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #18
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    37
    Rep Power
    2
    Thanks for your advice.
  6. #19
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    37
    Rep Power
    2
    A final question concerning this issue...

    The PHP application can access the encrypted data. It allows us to creates invoices, add line items etc etc.

    As an example, if there is a script named invoice.php and it contains all the functions for creating and editing invoices etc, all we'd need is to access that source code and use it to gain access to the table? I'm presuming that the encrypt / decrypt stuff is handled by an included file that just needs to be used by the script doing the work, so we wouldn't need to touch that.

    So if a new function was added to the invoice script that could read all the invoice ID's from that table and then copy them back into a new field in their decrypted form, there would be no need for a passcode or any "attacking" of the encryption function.

    Is that plausible?
  8. #20
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by chris74
    Is that plausible?
    Yes, and that's what I suggested in #17: including the encoded function in a custom script and using it do decrypt the IDs one by one.

    That would be the easiest solution.

    Otherwise, I'd attack the encryption function. It seems to use only the first few characters of the key, so it might be possible to find the key by simple brute force. If the including stuff doesn't work, send me a few invoice IDs (plaintext and encrypted), and I'll try it.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  10. #21
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    37
    Rep Power
    2
    1002 %A4%98%C6%C1
    1003 %A4%98%C6%C0
    1004 %A4%98%C6%C7

    1006 %A4%98%C6%C5
    1007 %A4%98%C6%C4


    1018 %A4%98%C7%CB
    1019 %A4%98%C7%CA
    1020 %A4%98%C7%C3
    1024 %A4%98%C4%C7

    1199 %A4%99%CF%CA
    1200 %A4%9A%C6%C3
    1201 %A4%9A%C6%C2
    1202 %A4%9A%C6%C1

    21929 %A7%99%CF%C1%7D

    24702 %A7%9C%C1%C3v
    24703 %A7%9C%C1%C3w

    70247 %A2%98%C4%C7s
    70248 %A2%98%C4%C7%7C
    70249 %A2%98%C4%C7%7D
    70250 %A2%98%C4%C6t
  12. #22
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    37
    Rep Power
    2
    I've found the script that is included for getting access to the items table. How do I use it?

    Would I create a new PHP script and include that file? Then find someone who can tell me the code I need to update the "invoiceid2" field with the actual invoice ID's?

    I think I'm very close to getting this resolved but I could do with a little more help to get over the final hurdle.
  14. #23
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2005
    Location
    Vancouver, WA, USA
    Posts
    397
    Rep Power
    189
    Originally Posted by chris74
    I've found the script that is included for getting access to the items table. How do I use it?

    Would I create a new PHP script and include that file? Then find someone who can tell me the code I need to update the "invoiceid2" field with the actual invoice ID's?

    I think I'm very close to getting this resolved but I could do with a little more help to get over the final hurdle.
    It does sound like you are getting closer... If you can get the actual invoice ID number, you could place it in a new field of the data table. Once you are completely away from the existing invoicing system, you could drop the encrypted field.

    Be sure NOT to delete anything from the old system, and keep it around as a backup/reference for an extended period of time, just in case.
    Thomas Tremain
  16. #24
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    37
    Rep Power
    2
    Thanks for the advice Thomas.

    I've done something I was trying to avoid doing and that is to have a small number of the files in the billing system decoded so that they can be viewed. It's the only way I can find out what is happening with the script. Unfortunately, the owners of the product have been less than helpful, so I had no choice. My only aim is to get my data out, so it's not like I'm trying to do anything malicious.

    I looked at one of the scripts that I know for sure handles the invoicing and it included a specific file, before performing actions on those tables. That include file I think contains the decryption functions.

    As I said before, I'm not a programmer so I'm just trying to work this out the best I can. Each record has a "seed" associated with it and I'm wondering if that seed number is used in combination with the password to create the encryption.

    Does that sound plausible?

    I don't really know what the next step is.

    What I have....

    1. A Working file that contains functions that can gain access to the encrypted ID. it's the script that handles the creation / viewing and editing of invoices.

    2. An include file that seems to contain the method of accessing the encrypted field.

    What do I need to do next? I think all I need is a new function that will read the encrypted invoice ID's, compare them with the actual ID's in the other table and update the new field I created in the database. My problem is with the implementation of this.

    If anyone can help me - I can pay you a reasonable fee, please send me a PM if you can help.
  18. #25
  19. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Chris, I sent you a piece of code to be included in the decoded script, which tries to decrypt 5 example IDs. What was your result?

    In case you somehow didn't receive the message, here's the code again:

    PHP Code:
    $enc_ids mysql_query(
        SELECT 
            invoiceid 
        FROM 
            client_invoices_items 
        LIMIT 
            5 
    '
    ); 
    while ( list(
    $enc_id) = mysql_fetch_row($enc_ids) ) { 
        
    var_dumptcrypt('...'$enc_id'de') ); 

    Comments on this post

    • chris74 agrees : This code works correctly. I couldnt originally make it work because I made mistakes trying to include the files needed.
    Last edited by Jacques1; April 27th, 2013 at 04:30 AM.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  20. #26
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    37
    Rep Power
    2
    Thanks, I didn't see your PM until just now I replied but I will do so here..

    I can't add that code to the snippet I sent you because that is part of an include file.

    If I create a new file that includes just a database connection routine - and your code above - will that be enough?
  22. #27
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    37
    Rep Power
    2
    I just tried this...

    PHP Code:
    <?php
    require $DIR "/../includes/dbconfig.php";
    require 
    $workdir "/admin/includes/REDACTED.php";

     
    $enc_ids mysql_query(
        SELECT 
            invoiceid 
        FROM 
            client_invoices_items 
        LIMIT 
            5 
    '
    ); 
    while ( list(
    $enc_id) = mysql_fetch_row($enc_ids) ) { 
        
    var_dumptcrypt('REMOVED'$enc_id'de') ); 
    }

    ?>
    And it produced the following result

    string(4) "V024"
  24. #28
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2005
    Location
    Vancouver, WA, USA
    Posts
    397
    Rep Power
    189
    I don't have the database, so I did it like this. A couple of the commands you used I never use, but I think it's basically the same.

    PHP Code:
    $ids = array(1002,1003,1004,1006,1007,1018);

    foreach (
    $ids as $id) {
        echo 
    $id.' => '.display(tcrypt('...'$id'de')).'<br>';
    }

    function 
    display($string) {
        
    $ret='';
        while (
    strlen($string)>0) {
            
    $next=substr($string,0,1);
            
    $string= (strlen($string)>1) ? substr($string,1) :'';
            if (
    $next) {
                
    $ret.= '%'.strtoupper(dechex(ord($next)));
            }
        }
        return 
    $ret;

    My output:

    1002 => %E0%5F%5D
    1003 => %E0%5F%5C
    1004 => %E0%5F%5B
    1006 => %E0%5F%59
    1007 => %E0%5F%58
    1018 => %E0%5E%57
    Last edited by ttremain; April 27th, 2013 at 09:13 AM.
    Thomas Tremain
  26. #29
  27. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    37
    Rep Power
    2
    That looks impressive - the result is the same format as in the database - but the values don't match unfortunately. What does this mean?
  28. #30
  29. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2005
    Location
    Vancouver, WA, USA
    Posts
    397
    Rep Power
    189
    Originally Posted by chris74
    That looks impressive - the result is the same format as in the database - but the values don't match unfortunately. What does this mean?
    Might mean I made a mistake, but I'm not seeing where.
    Thomas Tremain

IMN logo majestic logo threadwatch logo seochat tools logo