<?php
function xor_encrypt($in) {
$key = '<censored>';
$text = $in;
$outText = '';
// Iterate through each character
for($i=0;$i<strlen($text);$i++) {
$outText .= $text[$i] ^ $key[$i % strlen($key)];
}
return $outText;
}
// CALLED FIRST
function loadData($def) {
global $_COOKIE;
$mydata = $def;
// If data is in the cookie
if(array_key_exists("data", $_COOKIE)) {
// Get the data in rawform. base64 -> XORED -> json
$tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true);
// outputs an assoc array with a key "showpassword" and "bgcolor"
if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) {
// If bg color looks like # + 6 of a-f then copy it over to mydata
if (preg_match('/^#(?:[a-fd]{6})$/i', $tempdata['bgcolor'])) {
$mydata['showpassword'] = $tempdata['showpassword'];
$mydata['bgcolor'] = $tempdata['bgcolor'];
}
}
}
return $mydata;
}
// CALLED NEXT
// go the other way
function saveData($d) {
setcookie("data", base64_encode(xor_encrypt(json_encode($d))));
}
function decryptcookie($data){
$base64_decoded = base64_decode($data);
$xored = xor_encrypt(base64_decode($data));
$json = json_decode(xor_encrypt(base64_decode($data)), true);
$out = json_decode(xor_encrypt(base64_decode($data)), true);
////////////////////////////////////////////////////////////////
echo "This is it:\n";
echo "HEXX: ". bin2hex($data)."\n";
echo "orig: ". $data."\n";
echo "base64 decoded: ".$base64_decoded."\n";
echo "xor: ".$xored."\n";
echo "json_decode: ".$json."\n";
echo "out: ". $out."\n\n";
////////////////////////////////////////////////////////////////
print_r($out);
print_r(array_values($out));
echo "Type of based64:". gettype($base64_decoded)."\n";
echo "Type of xored:". gettype($xored)."\n";
echo "Type of json:". gettype($json)."\n";
echo "Type of out:". gettype($out);
echo "\n****\n";
}
/////////////////////////////////////////////
$defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff");
// put the cookie data in the new data
$data = loadData($defaultdata);
// if the color is a valid hexcode then add it to the cookie
if(array_key_exists("bgcolor",$_REQUEST)) {
if (preg_match('/^#(?:[a-fd]{6})$/i', $_REQUEST['bgcolor'])) {
$data['bgcolor'] = $_REQUEST['bgcolor'];
}
}
saveData($data);
$cook = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw=";
$cook_alt = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw";
decryptcookie($cook);
echo 'Hello World!';
This is it:
HEXX: 436c564c49683441534373434245386c41784d6163464d5a5632686456566f74456868554a514e56416d685345563473467846656141773d
orig: ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw=
base64 decoded:
UK" H+O%pSWh]UZ-T%UhR^,^h
xor: 66.Lmo:Nf:sFf}i!|3Va6?Caw&@gk>7-Cet:V0
json_decode:
out:
Fatal error: Uncaught TypeError: array_values(): Argument #1 ($array) must be of type array, null given in /in/2v7fm:66
Stack trace:
#0 /in/2v7fm(66): array_values(NULL)
#1 /in/2v7fm(93): decryptcookie('ClVLIh4ASCsCBE8...')
#2 {main}
thrown in /in/2v7fm on line 66
Process exited with code 255.
Output for 8.3.5
Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
This is it:
HEXX: 436c564c49683441534373434245386c41784d6163464d5a5632686456566f74456868554a514e56416d685345563473467846656141773d
orig: ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw=
base64 decoded:
UK" H+O%pSWh]UZ-T%UhR^,^h
xor: 66.Lmo:Nf:sFf}i!|3Va6?Caw&@gk>7-Cet:V0
json_decode:
out:
Fatal error: Uncaught TypeError: array_values(): Argument #1 ($array) must be of type array, null given in /in/2v7fm:66
Stack trace:
#0 /in/2v7fm(66): array_values(NULL)
#1 /in/2v7fm(93): decryptcookie('ClVLIh4ASCsCBE8...')
#2 {main}
thrown in /in/2v7fm on line 66
Process exited with code 255.
This is it:
HEXX: 436c564c49683441534373434245386c41784d6163464d5a5632686456566f74456868554a514e56416d685345563473467846656141773d
orig: ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw=
base64 decoded:
UK" H+O%pSWh]UZ-T%UhR^,^h
xor: 66.Lmo:Nf:sFf}i!|3Va6?Caw&@gk>7-Cet:V0
json_decode:
out:
Warning: array_values() expects parameter 1 to be array, null given in /in/2v7fm on line 66
Type of based64:string
Type of xored:string
Type of json:NULL
Type of out:NULL
****
Hello World!