ENC AND DEC

[Dr.Gopala krishnam raju AMBATI]

i could decrypt a filed plz help me where am i going wrong

 

made text field with text and enc and dec fields but using function both fileds are not same

ENC-DEC.fmp12

[Ocean West]

Try this..

ENC-DEC.fmp12.zip

[comment]

47 minutes ago, Dr.Gopala krishnam raju AMBATI said:

where am i going wrong

Can you explain what the purpose of this exercise is? There are several reasons why your attempt fails (order of operations, data types) but it would be better to understand WHAT is being attempted here, before getting to HOW.

[Dr.Gopala krishnam raju AMBATI]

25 minutes ago, comment said:

Can you explain what the purpose of this exercise is? There are several reasons why your attempt fails (order of operations, data types) but it would be better to understand WHAT is being attempted here, before getting to HOW.

actually, my solution has perfect registration with serial but I am having the issue of a very big client request code in order to simplify it I am trying to use various hashes to encrypt and decrypt, encryption I got the desired result but when reverse engineering to create my own keygen I am getting stuck at decrypting the hashes hope I am clear having very tough times since 12 hrs

29 minutes ago, Ocean West said:

Try this..

ENC-DEC.fmp12.zip 69.28 kB · 1 download

 

tweaked version is it fine ?

ENC-DEC-NOI-KEY.fmp12

Edited February 1, 2019 by Dr.Gopala krishnam raju AMBATI
none

[Ocean West]

Your example your key was simply "md5" it would be better to use an actual random key "63386D57697A5942376E5170537242344158336675316E49536376744934753334634C"

The key should not be stored in the calculation engine in plain text - at the very least it should be referenced as a custom function.

Otherwise it's like putting a password on a sticky note to the safe - should someone hack the file or have access to the file.

Ideally the key should not be stored in the file at all and in some cases a requirement for software validation and certifications.

You could stop an encrypted file on the server and on startup of the solution it could go read that file off the server and store the that in memory or at runtime each time you need to encrypt or decrypt.

Personally I would make encryption and decryption part of a scripted operation and not in the schema.

 

 

[Dr.Gopala krishnam raju AMBATI]

1 hour ago, Ocean West said:

Your example your key was simply "md5" it would be better to use an actual random key "63386D57697A5942376E5170537242344158336675316E49536376744934753334634C"

The key should not be stored in the calculation engine in plain text - at the very least it should be referenced as a custom function.

Otherwise it's like putting a password on a sticky note to the safe - should someone hack the file or have access to the file.

Ideally the key should not be stored in the file at all and in some cases a requirement for software validation and certifications.

You could stop an encrypted file on the server and on startup of the solution it could go read that file off the server and store the that in memory or at runtime each time you need to encrypt or decrypt.

Personally I would make encryption and decryption part of a scripted operation and not in the schema.

 

 

yup got it tx bro 

but in the file, I uploaded first why encrypt decrypt functions not working as I thought

[Dr.Gopala krishnam raju AMBATI]

decrypting digest fail

plz help 

 

ENC-DEC-2.fmp12

Edited February 2, 2019 by Dr.Gopala krishnam raju AMBATI
NONE

[Josh Ormond]

I'm with @comment on this. What are you trying to do? You can HexDecode the 'ENCRYPTED DIGEST' field, but not put another CryptDigest on it. So I'm not sure what you are trying to do.

Reverse engineering an MD5 hash typically requires a hash table. Which you aren't creating. By their nature, it's not intended to be able to reverse engineer a hash. 

[Dr.Gopala krishnam raju AMBATI]

This is the final code for a client which is developed for the serial request

Quote

Quote

Final code field is called - "ALL 64" UjA5UVFVeEJJRXRTU1ZOSVRrRk5JRkpCU2xVPQ0KDQpRVTFDUVZSSg0KDQpOemN3TWprMk5URXdNZz09DQoNCk1URXZNalV2TVRrNE1nPT0NCg0KWVM1bmEzSXVjbXRuUUdsamJHOTFaQzVqYjIwPQ0KDQpRMFF3UWpJeVF6SXdNRVF3UXpCRU1VSTRPVGhFTmtVeE4wTTNOelZCTWpZPQ0KDQpVMGxOUWxVeVEwOU4NCg==

 

 

 

I am trying to make it simpler with a new field called 

all64-digest-encrypted = HexEncode ( CryptDigest ( ALL 64 ; "MD5") )

i am getting this code 

ACAADCCFF00E20ED976E9D370773423A

which i am happy with encrypted code

i am stuck at decrytping 

HexEncode ( CryptDigest ( ALL 64 ; "MD5") )  someone plz tell how to hexdecode above code

all64-digest-decrypted = ????????

 

Edited February 4, 2019 by Dr.Gopala krishnam raju AMBATI
none

[Josh Ormond]

I don't believe you can decode the CryptDigest part. It's how hashes work. They are typically a one-way process.

[Dr.Gopala krishnam raju AMBATI]

58 minutes ago, Josh Ormond said:

I don't believe you can decode the CryptDigest part. It's how hashes work. They are typically a one-way process.

Then what's the purpose of crypt digest function??? When it can't be decoded???

[Josh Ormond]

Security. One common use, store a password as a hash ( not MD5 anymore, its not secure enough ). When someone signs into a site, or file, or whatever, you hash what they typed in the same way as the stored password value. If they match, you let them in. If not, they didn't type the right password.

There are ways to reverse engineer an MD5 hash, but is isn't typically done, especially in FileMaker. It's typically not worth the effort.

It would be good for you to look at the difference between encryption and hashing and encryption.

Here are some brief explanations ( others may clarify as needed )

• encoding - transforming data into another format, typically publicly available so it's easy to reverse engineer or decode it.
• encryption - transforming data into another format, so only authorized parties can view and decode the data.
• hashing - a one-way transformation that can't be reverse engineered, ideally. Newer hashing algorithms are much better for this. Don't rely on MD5 for secure storage of data.

[Dr.Gopala krishnam raju AMBATI]

30 minutes ago, Josh Ormond said:

It would be good for you to look at the difference between encryption and hashing and encryption.

 

I was just trying to make my client code smaller with crypt digest, sad I couldn't decode it can I get any suggestion to make client code small by any other way below is the client code 

UjA5UVFVeEJJRXRTU1ZOSVRrRk5JRkpCU2xVPQ0KDQpRVTFDUVZSSg0KDQpOemN3TWprMk5URXdNZz09DQoNCk1URXZNalV2TVRrNE1nPT0NCg0KWVM1bmEzSXVjbXRuUUdsamJHOTFaQzVqYjIwPQ0KDQpRMFF3UWpJeVF6SXdNRVF3UXpCRU1VSTRPVGhFTmtVeE4wTTNOelZCTWpZPQ0KDQpVMGxOUWxVeVEwOU4NCg==

plz 

Edited February 4, 2019 by Dr.Gopala krishnam raju AMBATI

[comment]

The way to make a string smaller is to compress it. Filemaker has no compressing functions, and I doubt applying a compressing algorithm to your "client code" would make it any shorter. Compressing algorithms work by removing redundancy - and there will not be much redundancy in such a short message that does not contain any character runs. 

Take for example:

Original text:

GOPALA KRISHNAM RAJUAMBATI770296510211/25/1982a.gkr.rkg@icloud.comCD0B22C200D0C0D1B898D6E17C775A26SIMBU2COM

Length: 107 characters.

 

Original text compressed using gzip and encoded to base64 (otherwise the result would be a file):

H4sIAK/kV1wAAwXBUQqDMAwA0P+dwhPUJNCm/Vuajlld59B5gOFAhhNB2P333rV/yE2qbshjc5dSDdJOUqI8MzNQcBaBEGuyNQZPL7OshznW5fyZv/vvbeZ90wSRSAkggULC6INP7oKszFbIjbnEibQvpz/OdpUjbAAAAA==

Length: 168 characters.

 

[Dr.Gopala krishnam raju AMBATI]

51 minutes ago, comment said:

 

GOPALA KRISHNAM RAJUAMBATI770296510211/25/1982a.gkr.rkg@icloud.comCD0B22C200D0C0D1B898D6E17C775A26SIMBU2COM

 

 

OH MY GOD  

tx for decoding I am more alert now @comment @cheers

Edited February 4, 2019 by Dr.Gopala krishnam raju AMBATI

[comment]

I don't understand the purpose of this file. 

Earlier you were asked what your goal is. Eventually you said it was "to make client code smaller". This has nothing to do with security.

If you now have a different goal, please state it. What your file does makes no sense to me. As I said, we need to know what you are trying to accomplish before we can advise you how to do it.

 

[Dr.Gopala krishnam raju AMBATI]

25 minutes ago, comment said:

I don't understand the purpose of this file. 

Earlier you were asked what your goal is. Eventually you said it was "to make client code smaller". This has nothing to do with security.

If you now have a different goal, please state it. What your file does makes no sense to me. As I said, we need to know what you are trying to accomplish before we can advise you how to do it.

 

NO PURPOSE JUST A REFERENCE for me and others 

Edited February 4, 2019 by Dr.Gopala krishnam raju AMBATI

[Dr.Gopala krishnam raju AMBATI]

On 2/4/2019 at 12:57 PM, comment said:

The way to make a string smaller is to compress it. Filemaker has no compressing functions, and I doubt applying a compressing algorithm to your "client code" would make it any shorter. Compressing algorithms work by removing redundancy - and there will not be much redundancy in such a short message that does not contain any character runs. 

Take for example:

Original text:

GOPALA KRISHNAM RAJUAMBATI770296510211/25/1982a.gkr.rkg@icloud.comCD0B22C200D0C0D1B898D6E17C775A26SIMBU2COM

Length: 107 characters.

 

Original text compressed using gzip and encoded to base64 (otherwise the result would be a file):

H4sIAK/kV1wAAwXBUQqDMAwA0P+dwhPUJNCm/Vuajlld59B5gOFAhhNB2P333rV/yE2qbshjc5dSDdJOUqI8MzNQcBaBEGuyNQZPL7OshznW5fyZv/vvbeZ90wSRSAkggULC6INP7oKszFbIjbnEibQvpz/OdpUjbAAAAA==

Length: 168 characters.

 

FA4FF51313D39E41D41BE0E28CE032F2 finally coded to 32 characters

 

 

plz help me how to decode this step

 

HexEncode ( CryptAuthCode ( $$RAW DATA; "sha512"; $$KEY ) )

Edited February 8, 2019 by Dr.Gopala krishnam raju AMBATI

[comment]

I think you're doing something wrong. The CryptAuthCode() computes a message authentication code. The length of the resulting code is constant, and does not depend on the length of the message. When using the SHA512 algorithm, the length of the code after encoding to Base64 should be 128. If you're getting 32, then your algorithm is probably MD5 or MDC2, not SHA512. Or perhaps your $$KEY variable is empty?

Needless to say, a message authentication code is not the message, does not contain the message, and cannot be converted back to the message.
https://en.wikipedia.org/wiki/HMAC

 

 

 

Edited February 8, 2019 by comment

[Dr.Gopala krishnam raju AMBATI]

$$key has value 

 

so HexEncode ( CryptAuthCode ( $$RAW DATA; "sha512"; $$KEY ) ) cant be decoded right

[comment]

Right.

[Dr.Gopala krishnam raju AMBATI]

30 minutes ago, comment said:

Right.

thanks mam for clarification

[comment]

I hope you know I'm not the Queen ...