The character string being generated is formed from a VB application, which the VB programmer has used this page as the source for the compiled code.

>the cipher text length is ALWAYS a multiple of 8

Although he acknowledges that he hasn't initially padded the blocks out to be in exact 8 bytes blocks - using the same function to reverse the data out works; I wonder if perhaps we have inherited someone else's bugs by including this code?

>you are decoding the multi-byte characters into a single byte

When encoding these characters, some single-byte characters are transformed into multi-byte characters, as per the example below.

126    %7E    \x7E
127    %7F    \x7F
128    %u20AC    \x80
129    %81    \x81
130    %u201A    \x82
131    %u0192    \x83
132    %u201E    \x84
133    %u2026    \x85
134    %u2020    \x86
135    %u2021    \x87
[download]

In the example here, the character is transformed as a single byte character, so surely it must go back to a single (not multi) byte character?

>eg %u0160 should be something like "\x00\xBF"

I am not sure I fully understand what you have written here, is this the information I should be looking at?

>correct first few characters then the encryption is running in ECB mode and so Crypt::CBC won't help you

Yes, your statement is correct - I tried the Crypt::CBC module, but the outcoming data looked nothing like the original string, whereas the Crypt::Blowfish module was giving me the majority of it, just causing problems in the trailing area.

Richard (still mostly confused ...!)

Oh now I feel bad... I didn't actually try running your example code last time. (I didn't really have access to perl at the time).

So I just tried your code, and found the problem. when you assign to $tmp at the top you use double quotes which causes a interpolation of @FP near the end of the string.

changing the double quotes to single quotes fixes that. and if you had used warnings it would have told you.

looking at the demonstration VB it says that if the string isn't a multiple of 8 bytes long it will be truncated to a multiple of 8 bytes so it will need to be padded to guarantee you don't lose anything.

As for the translation. You must be doing it right given that you are getting what you want back. However you should be aware that it isn't UTF-16, and it would be ideal to just store the encrypted logs as binary unless there is a real good reason not to.

so anyway heres full working code, cleaned up a bit.

#!/usr/bin/perl
use warnings;
use strict;

use Crypt::Blowfish;

my $string = 'IPPQY%FF%B3M/%u2030%u2014s%FE%07%8D%1E%u201A%C2%D2%FC%09
+F%u0152%07%CF%u2026nO%5B%D3nZ%5B%u02C6%u0152%01%u201D%CDn%7D%7D%u2018
+F%FB%BA%F12Fm%CB%CF%E9%F1%7E%u2013%u2026%u201E%1B%7E%04h%18b%1EZ%u019
+2H%11%11%A6%FEd%0D%60%EB%u0160%23%216F%0C%23%u2020qs%EA%3A%7B%DC%D6W%
+AF7Y%FE%B8%0D%60%EB%u0160%23%216Fg%0A%BAL0%06%u203Aa%A0H%F9%u017E%A8%
+D6UBt%F4%FAT1%A0%u0178%FC%F0%0El%00%DA%D2%5C%DD%AA%26%7B%20%26%DC%3D%
+13%07%DE1%26%CD%CF%B5%EC%AF%09%10%20LkU%CC%05%E6AgD-N%FB%D9%B0%5B%11o
+%7D%B4%E4%11%F8%13%EAUN%10%u02DC%u201E%u2122i%A2U%0B@%08I%24%C6%04%BB
+%8Dh%D1%0A%F4%7C%AF%3A%FD%B7l%D6%u2026%CDt%D5%5B%B4%u201EW%B6NX%C8%0A
+%A7%F6%D4%B2%07C%0A%3C8%B1%26%D2%EF%E19%17%5D%AF%05%u2122%F1bE%23%u20
+19%u2020%E0%E8%A8%B3%3B%u2026h%E8%5B%u0152%C2%25%B8%DA%27%B5%07%02R%D
+AC%B8E%u2039%D6%01D%u0160%BC%0Au%1F%u2013p%F75%8F%01%1A%E81h%B9%90%u0
+17D%A1%90%FAR%11%EA%u2122%12%DF@FP%7DYY%B2%217V%14%F5%F0%BF%29%A3%C6%
+u0160';

$string = &mime_hex_swap($string);
my $key = &key('Richard');
my $cipher = new Crypt::Blowfish $key;
$string = &unencrypt($cipher, $string);

open (FILE,">file.txt");
print FILE "\n\nText is now \"".$string."\"\n";
close(FILE);
print "\n\nText is now \"".$string."\"\n";
exit();

sub mime_hex_swap {
    my $tmp = shift;
    # wierd shite characters (ISO Latin-1)
    $tmp =~ s/\%u20AC/\%80/gi;
    $tmp =~ s/\%u201A/\%82/gi;
    $tmp =~ s/\%u0192/\%83/gi;
    $tmp =~ s/\%u201E/\%84/gi;
    $tmp =~ s/\%u2026/\%85/gi;
    $tmp =~ s/\%u2020/\%86/gi;
    $tmp =~ s/\%u2021/\%87/gi;
    $tmp =~ s/\%u02C6/\%88/gi;
    $tmp =~ s/\%u2030/\%89/gi;
    $tmp =~ s/\%u0160/\%8A/gi;
    $tmp =~ s/\%u2039/\%8B/gi;
    $tmp =~ s/\%u0152/\%8C/gi;
    $tmp =~ s/\%u017D/\%8E/gi;
    $tmp =~ s/\%u2018/\%91/gi;
    $tmp =~ s/\%u2019/\%92/gi;
    $tmp =~ s/\%u201C/\%93/gi;
    $tmp =~ s/\%u201D/\%94/gi;
    $tmp =~ s/\%u2022/\%95/gi;
    $tmp =~ s/\%u2013/\%96/gi;
    $tmp =~ s/\%u2014/\%97/gi;
    $tmp =~ s/\%u02DC/\%98/gi;
    $tmp =~ s/\%u2122/\%99/gi;
    $tmp =~ s/\%u0161/\%9A/gi;
    $tmp =~ s/\%u203A/\%9B/gi;
    $tmp =~ s/\%u0153/\%9C/gi;
    $tmp =~ s/\%u017E/\%9E/gi;
    $tmp =~ s/\%u0178/\%9F/gi;
    $tmp =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg;
    print "length is now ".length($tmp)."\n";
    return $tmp;
}

sub key {
    my $servername = shift;
    my $key = "AMIPS".$servername.length($servername);
    return $key.reverse($key);
}

sub unencrypt {
    my $cipher = shift;
    my $string = shift;
    print length($string)."\n";
    my $decrypt_data = '';
    die "Incorrect Length" if (length($string) % 8); #Ciphertext MUST 
+be a
                             #multiple of 8
    
    while (my $block = substr($string, 0, 8, ''))  {
        $decrypt_data .= $cipher->decrypt($block);
        print ".";
    }
    return $decrypt_data;
}
[download]