RC4/ARCFOUR Implementation in PHP

posted by Michael Cutler on March 1, 2006 @ 17:05

Categories: Misc, PHP, Projects

I wrote this RC4/ARCFOUR implementation in PHP - based on the original C source code posted on usenet in 1994. The rc4() call itself is completely self-contained, two other methods rc4_test() and rc4_benchmark() have been provided for testing and are optional.

My motivation for writing it was to replace the dependency on MCrypt in my SpamKit plugin for Wordpress - see Gerry's site for the updated TBT code I will wrap in the next SpamKit Plugin release.

This is software is completely public domain, all I ask for is a simple credit for my work if you find it useful.

View Source: rc4.php
View Source: rc4tests.php

Examples:

1. Simple encryption & decryption

PLAIN TEXT
PHP:
  1. <?php
  2. require_once( "rc4.php" );
  3.  
  4. $key = "0123456789abcdef";
  5. $plaintext = "Hello World!";
  6.  
  7. $ciphertext = rc4( $key, $plaintext );
  8.  
  9. $decrypted = rc4( $key, $ciphertext );
  10.  
  11. echo $decrypted . " - " . $plaintext . "\n";
  12.  
  13. ?>

2. Execute the tests and display the results

PLAIN TEXT
PHP:
  1. <?php
  2. require_once( "rc4tests.php" ); // Auto includes rc4.php
  3.  
  4. echo rc4_tests();
  5.  
  6. ?>

3. Execute the tests as benchmarks and display the results

PLAIN TEXT
PHP:
  1. <?php
  2. require_once( "rc4tests.php" ); // Auto includes rc4.php
  3.  
  4. echo rc4_benchmark();
  5.  
  6. ?>

| 3 Comments | Post A Comment

JSSHTunnel 0.0.0 Released!

posted by Michael Cutler on August 13, 2005 @ 12:10

Categories: JSSHTunnel

JSSHTunnel is a lightweight GUI application which forwards local & remote ports over SSH connections. It is written in Java and uses Eclipse SWT & JSch. All you need is a JVM to run it.

I've released version 0.0.0, it is under GPL.

Features & Limitations in 0.0.0:

  • Targetted at Windows platform, comes with a Windows-based installer, other platforms will follow
  • Resides in the System Tray when minimised
  • Requires a 1.4 or 1.5 JVM on the target machine (works with the Sun & Microsoft JVM's)
  • Currently only supports one connection, with a single local forward (hey, its only a proof of concept release)
  • Connection details (including passwords) are stored in plaintext form in its XML configuration file %USERPROFILE%\.jsshtunnel.xml
  • Since its just the very first release it is quite basic, but it works :P

    • Screenshots:

    Screenshot of the Main Window
    Main Window

    Screenshot of the Configuration Window
    Configuration Window

    Download:

    http://jsshtunnel.sourceforge.net/

    Roadmap:

  • Multiple connections each with multiple local & remote forwards
  • Hot-pluggable port forwarding rules without having to re-connect
  • Cross platform UI & command line versions
  • Encrypted passwords for configuration file

    • | 0 Comments | Post A Comment

    Instant Password Recovery Tool

    posted by Michael Cutler on May 13, 2005 @ 20:16

    Categories: Projects, Tools

    I made this back in April 2004, it only took a couple of hours to write and build the database.

    Basically, I took a wordlist of 535,683 words and hashed them in MD5, SHA1 & LANMAN. The results are stored in a simple MySQL table, indexes on that table make lookups REALLY fast and thats about it. You enter the hash you want to lookup, select the type of hash it is *if you know it*, then hit "Look It Up".

    The MySQL table is fairly lightweight, 535,683 rows, 48,164 KB total ( 37,030 KB of Data, 11,134 KB of Indexes ).

    It's mostly useful for recovering / auditing passwords on web applications like PhpBB & Bugzilla where the database stores unsalted hashes. It found about 90% of the passwords on a PhpBB message board I administer. You can also use it to test Windows NT/2000 passwords provided you've extracted the LANMAN hashes from the system first.

    http://lobstertechnology.com/password-recovery/

    | 0 Comments | Post A Comment