AES 128 cipher method problem for decrypt in PHP

alusa_p · November 18, 2021, 11:40am

Hi everyone!

I’m using Kodular to encrypt data with AES-128, and I need to decrypt these data in php.

I’ve been looking for the cipher method used in Kodular, and I found this answer: What method is used in AES-128 encryption (Cryptography component) - #4 by laravel59

Unfortunately, the solution provided is not working for me. I encrypted data in Kodular and tried to decrypt them in PHP using the above method, but the procedure was not working.
I decided to try the inverse process and tried to encrypt the same string in PHP and Kodular separately, to find out if the problem was somewhere else or in the method, but it looks like it is actually the method.
I write my code below.

PHP side:
$aes128 = openssl_encrypt(“php is cool”, “AES-128-ECB”,“123456789”);

Output on web from the PHP page: iCvfjXEi2RbCpRJj7dbK4g==

Android side:

Output in the app:

If the method was the same, the two operations should produce the same output, but as you can see they’re not. Anyone can help with this? Is there a way to see the cipher method used within the block “cryptography” available in Kodular?
Thank you!

dora_paz · November 18, 2021, 12:02pm

Maybe this might help

alusa_p · November 18, 2021, 12:08pm

Hi dora_paz thanks for the answer (sorry, can’t mention you directly).
Unfortunately I had already read this (if you see, the code I used in my example was inspired by the answers of Yashsehgal022) but it’s not working.
I really don’t understand why

alusa_p · November 19, 2021, 7:11am

Guys is really so hard to get an answer? Isn’t it possible to ask to the coders who implemented the system? They should know the method used!
Thanks

Rogerio_Rios · November 19, 2021, 9:07am

Well, the answer is explained in detail above.

If yours isn’t working, you should explain why it isn’t working.

Syntax error? Logic error? Error in PHP ( here is Kodular community , better search in Google )

alusa_p · November 19, 2021, 9:24am

Hi @Rogerio_Rios, thanks for the answer.
I would exclude error in PHP (I work with PHP coders who code since 1995 and they ensured me the code is ok), moreover I do get an output in PHP, so if the code was wrong I would get an error.

My blocks are here:

The point is that I can’t see (or decide) the cipher method in Kodular, and there’s no reference to the one used in the blocks, so how do I know which one to use to decrypt the data outside the app?

I’m sorry I can’t provide an answer, I would share a solution if I had it, but I don’t and that’s why I’m asking for help!

Rogerio_Rios · November 19, 2021, 11:01am

Did you try with another the cipher methods ( aes-128-??? ?) ?

alusa_p · November 19, 2021, 11:05am

@Rogerio_Rios yes, I did try with all the cipher methods below:
aes-128-ecb
aes-128-cbc
aes-128-cbc-hmac-sha1
aes-128-cbc-hmac-sha256
aes-128-ccm
aes-128-cfb
aes-128-cfb1
aes-128-cfb8
aes-128-ctr
aes-128-gcm
aes-128-ocb
aes-128-ofb
aes-128-xts

None of them gave the correct output (by the way sorry for not saying it before!)

Rogerio_Rios · November 19, 2021, 2:46pm

So it seems to be a bug in aes-128 block

Taifun · November 19, 2021, 2:53pm

my aes extension uses AES 128, CBC and PKCS5 padding.
Also there exists a php server method by Stefan to decrypt and encrypt using the same algorithm, for details see here App Inventor Extensions: AES Encrypt/Decrypt | Pura Vida Apps

Taifun

paska_ig · April 5, 2024, 9:36am

I also checked and realized that the built-in Kodular AES-128 encryption is not decrypted on the Web server using PHP. In search of a solution, I came across a discussion where I was able to find a solution to this problem.
The “AES encryption free extension” and the PHP script work the same way in both the Kodular application and the PHP Web server.

Link to the extension branch: https://community.kodular.io/t/aes-encryption-free-extension/744

Taifun · April 5, 2024, 11:03pm