Delphi + DCPCrypt 2 (RC6) vs RAD Studio + DCPCrypt 2 (RC6) = KABOOM!

[Kerlingen]

My first guess would be that you have an alignment problem. Delphi 7 stores a LongInt as 32 bit, while current Delphi versions align each LongInt to 64 bit (it still only contains 32 bit). There are many possible errors when using incorrect memory addressing. Or it could be inncorrect initialisation of IV when using CBC mode, but the offsets don't really match in the strings you have posted. Or you could start encryption at String[0] and encrypt the string length together with the data.

Could you share the code (include variable declaration)? Or could you share at least some test EXE which includes the encryption code?

Did you already try ASM debugging your code?

[TmC]

OK...the problem is partly solved. Partly because one application begun to work perfeclty even under rad studio XE, while the other fails exactly as beginning. here i paste code from the first and the second:

WORKING APP (previously not working)

Code:

procedure TMainForm.BitBtn4Click(Sender: TObject);
var
  content, instr, opt: AnsiString;
  open: File;
begin
slist.Clear;
OD.DefaultExt := '.sif';
OD.Filter := 'Signatrol Instruction File|*.sif';
OD.Title := 'Please specify a valid Instruction File to load';
while OD.FileName = '' do
begin
OD.Execute;
try
begin
AssignFile(open,OD.FileName);
FileMode := fmOpenRead;
Reset(open,1);
SetLength(content,FileSize(open));
BlockRead(open,content[1],Length(content));
CloseFile(open);
end
except
Messagebox(Application.Handle,'Error while opening the file. Please check that the file exists and it is a valid Signatrol Instruction File and try again!','Severe',MB_ICONERROR);
Exit;
end;
end;
if Copy(content,1,10) <> 'SIGNATROLV' then
begin
Messagebox(Application.Handle,'This is not a valid Signatrol Instruction File. Please specify a valid Signatrol Instruction File and try again!','Severe',MB_ICONERROR);
Exit;
end;
OD.FileName := '';
content := Copy(content,Pos('$',content)+1,Length(content));
content := RC6Decrypt(content,'SIGNATROLV1183919102011');
if Copy(SHA1(Copy(content,1,Pos('###BSB###',content)-1)),1,40) <> Copy(content,Pos('###BSB###',content)+9,40) then
begin
Messagebox(Application.Handle,'File Corrupted! This file was damaged by a Virus or a Bad Sector and can''t be used anymore. Please specify another file try again!','Severe',MB_ICONERROR);
Exit;
end;
content := Copy(content,1,Pos('###BSB###', content) -1);
instr := Copy(content,1,Pos('###EDB###',content)+8);
opt := Copy(content,Pos('###BOB###',content),Length(content));
instr := StringReplace(instr,'###BDB###','',[rfReplaceAll]);
instr := StringReplace(instr,'###EDB###','',[rfReplaceAll]);
while Pos('#',instr) <> 0 do
begin
slist.AddItem(Copy(instr,1,Pos('#',instr)-1),nil);
instr := Copy(instr,Pos('#',instr)+1,Length(instr));
end;
slist.AddItem(instr,nil);
opt := StringReplace(opt,'###BOB###','',[rfReplaceAll]);
opt := StringReplace(opt,'###EOB###','',[rfReplaceAll]);
txtSpanS.Text := opt;
end;

NOT WORKING APP

Code:

function TLIC.intCheckLicKey(actcode: AnsiString): boolean;
var
  licdata: array of AnsiString;
  tmp, xx: String;
  ok: boolean;
  r, s, generator : AnsiString;
  p, q, g, y: TBIGInt;
  z,i: integer;
begin
actcode := licdata[0] + #13#10 + licdata[1] + #13#10 + licdata[2] + #13#10 + licdata[3] + #13#10 + licdata[4] + #13#10 + licdata[5] + #13#10 + licdata[6] + #13#10 + licdata[7] + #13#10 + licdata[8] + #13#10 + licdata[9] + #13#10 + licdata[10] + #13#10 + licdata[14];
s := licdata[11] + licData[12];
s := StringReplace(s,'-','',[rfReplaceAll]);
ConvertHexStringToBase256String(s,s);
r := intRC6Decrypt(Base64DecodeStr(licdata[13]),intCertificate.LSSigKeySeed); <--- I BELIEVE THIS IS THE CAUSE OF THE FAILURE
Base10StringToBIGInt(intCertificate.LSSigKeyQ,q);
Base10StringToBIGInt(intCertificate.LSSigKeyP,p);
Base10StringToBIGInt(intCertificate.LSSigKeyG,g);
Base10StringToBIGInt(intCertificate.LSSigKeyY,y);
DSAVerify(p, q, g, y, actcode, r, s, ok);
if ok then
begin
//GOOD BOY
end
else
begin
//BAD BOY
end;

The actual DSAVerify works very good, because if I replace the decrypted (partially incorrectly) from the memory loading from an external textbox (like told upper in this thread) it returns true. The same exact code in Delphi 7 works, while in Rad Studio XE does not.

[Kerlingen]

You define licdata as a variable, but you never initialize it with any value. Did this happen when you copy&pasted the code to publish it here or does you source code really use the variable without initializing it?

RC6 is a block chiper, but I don't see a "length" field anywhere. Are you sure the block your are passing has the correct length?

You use intRC6Decrypt in one proc, but RC6Decrypt in the other. Did you check if both produce the same output using the same input data?

[TmC]

Quote:

Originally Posted by Kerlingen

You define licdata as a variable, but you never initialize it with any value. Did this happen when you copy&pasted the code to publish it here or does you source code really use the variable without initializing it?

licData is a simple array of string.

Quote:

Originally Posted by Kerlingen

RC6 is a block chiper, but I don't see a "length" field anywhere. Are you sure the block your are passing has the correct length?

I don't know this...the code for RC6 is not mine it is from DCPCrypt2...I am only passing him a string to be decrypted...I believe DCPCrypt code handles the whole job.

Quote:

Originally Posted by Kerlingen

You use intRC6Decrypt in one proc, but RC6Decrypt in the other. Did you check if both produce the same output using the same input data?

This is because it is not the same program. The name of the function is different but the code is the same. I added "int" to the name of the function just because in the first case the function is publicly advertised to be used in the program while in the second it is only used internally in the Licensing module and can't be used outside it.

[Kerlingen]

Quote:

Originally Posted by TmC

licData is a simple array of string.

I can see this. The problem is that licdata is never assigned any value. You use licdata[0], licdata[1], ... licdata[14] in your code, but the array doesn't contain anything, it is just completely empty.

You also use actcode := in your code, but actcode is no variable parameter. You overwrite it before evaluating the value which was passed to the procedure.

Quote:

I don't know this...the code for RC6 is not mine it is from DCPCrypt2...I am only passing him a string to be decrypted...I believe DCPCrypt code handles the whole job.

Neither DCPcrypt nor DCPcrypt2 have a function called RC6Decrypt. They just have a RC6 class containing a procedure called DecryptECB which decrypts exactly one block, nothing more or less. You must be using some wrapper for DCPcrypt.

It also looks much like you're using FGInt and some prankster renamed it to BIGInt. (refactoring )

[TmC]

Quote:

Originally Posted by Kerlingen

I can see this. The problem is that licdata is never assigned any value. You use licdata[0], licdata[1], ... licdata[14] in your code, but the array doesn't contain anything, it is just completely empty.

You also use actcode := in your code, but actcode is no variable parameter. You overwrite it before evaluating the value which was passed to the procedure.

Now I understand what you were saying. licdata[] IS initialised with values...the assignment is not reported to not prolong the code too much... you have a PM with real routine.

Quote:

Originally Posted by Kerlingen

Neither DCPcrypt nor DCPcrypt2 have a function called RC6Decrypt. They just have a RC6 class containing a procedure called DecryptECB which decrypts exactly one block, nothing more or less. You must be using some wrapper for DCPcrypt.

Nope...I use the code suggested to decrypt or encrypt a string in the html help files bundled with the control. The code is not part of DCPCrypt 2 itself but it is suggested in the help file... (i did copy/paste...and it works perfectly in other delphi versions prior to unicode ones).

Quote:

Originally Posted by Kerlingen

It also looks much like you're using FGInt and some prankster renamed it to BIGInt. (refactoring )
The BIGInt is only FGint renamed to fool some automatic scanners.