Tutorial [C#] String Encryption using a WebServer

Harry

Software Engineer
Premium Member
Messages
1,272
Points
748
So the past few days, I've been helping a few devs remove strings from their tools, to say, stop people getting their webservers IP and messing with their systems. This is not a definitive fix, and bypassing this is easy, BUT, using methods of .NET obfuscation, even if parts of the source are cracked, no strings are there to be tampered with.

Things you will need
  • Webserver (PHPMyAdmin is optional) - I'm using
    You do not have permission to view link Log in or register now.
  • Simple knowledge of "bytes"...
  • Half a brain (this is a C+P tutorial)
Skill Level - Experienced

Example & Method
Create a file on your webserver, call it what ever you want, but make sure it's a ".txt" file. This file will display a string of bytes and your program will convert this to a byte array, then to a string, and use this string as a "key" to Decrypt all of your future strings. (This will make more sense soon)

First, we need to get our link to the file we just created. I am using WAMP, so my URL is "
You do not have permission to view link Log in or register now.
". We need to convert this to hex. This website is perfect:
You do not have permission to view link Log in or register now.


In the top textbox, enter your url (include "http://"), then hit convert.
My input/output:
Code:
Input: http://localhost/key.txt
Output: 687474703a2f2f6c6f63616c686f73742f6b65792e747874
This random letters and numbers are our bytes. We need to convert these to look like this:
Code:
0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 0x73, 0x74, 0x2F, 0x6B, 0x65, 0x79, 0x2E, 0x74, 0x78, 0x74
Simply split your output into values of two:
Code:
68 74 74 70...
Add a "," after each (don't do this on the last byte):
Code:
68, 74, 74, 70,...
And add "0x" in front of each:
Code:
0x68, 0x74, 0x74, 0x70,...
Do this to all the bytes!

Now we have a byte array to our key file on our webserver.
Now lets place some text into this file, and attempt to display it in a MessageBox.

I will put "test" into mine.

Double Click your Form
Include these at the top of your code:
Code:
using System.Net;
using System.Security.Cryptography;
We now will create a byte array to our server.
Place this code inside "Form1_Load":
Code:
byte[] myByteArray = { BYTE ARRAY REPLACES THIS TEXT };
Now we can convert the bytes to text by using this function:
Code:
public string BytesToString(byte[] arr)
{
    return Encoding.UTF8.GetString(arr);
}
Now we will show this in a message using a WebClient.
Above the "private void Form1_Load(object sender, EventArgs e)" function, place this:
Code:
WebClient client = new WebClient();
Now place this inside of "Form1_Load":
Code:
MessageBox.Show(client.DownloadString(BytesToString(myByteArray)));
When you run this, a MessageBox should show and say "test".
Now we need to use these two functions in order to Encrypt and Decrypt our strings:
Code:
        string key = "L1$Ba8s!5)g$Sb41";

        public string Encrypt(string data)
        {
            using (var des = new TripleDESCryptoServiceProvider { Mode = CipherMode.ECB, Key = Encoding.UTF8.GetBytes(key), Padding = PaddingMode.PKCS7 })
            using (var desEncrypt = des.CreateEncryptor())
            {
                var buffer = Encoding.UTF8.GetBytes(data);

                return Convert.ToBase64String(desEncrypt.TransformFinalBlock(buffer, 0, buffer.Length));
            }
        }

        public string Decrypt(string data)
        {
            using (var des = new TripleDESCryptoServiceProvider { Mode = CipherMode.ECB, Key = Encoding.UTF8.GetBytes(key), Padding = PaddingMode.PKCS7 })
            using (var desEncrypt = des.CreateDecryptor())
            {
                var buffer = Convert.FromBase64String(data.Replace(" ", "+"));

                return Encoding.UTF8.GetString(desEncrypt.TransformFinalBlock(buffer, 0, buffer.Length));
            }
        }
As you may see, our key string is clearly visible, and anyone who gets this will be able to decrypt our top kek encrypted strings. We will Encrypt this using bytes, and store it on our webserver instead. Make sure to remove your key from your code, once you have chosen a key, make the:
Code:
string key = "L1$Ba8s!5)g$Sb41";
be:
Code:
string key;
Now, we have to keep our key 16 characters long, or it will not work.
So make a 16 character key and throw it into the string to hex converter website again.
Code:
Input: L1$Ba8s!5)g$Sb41
Output: 4c312442613873213529672453623431
We need to convert this to bytes again, but no "," or "0x" this time. My output looks like:
Code:
4C 31 24 42 61 38 73 21 35 29 67 24 53 62 34 31
Now we replace "test" with the bytes above in our key.txt file.
If we run our program now, we should get a MessageBox with the bytes you have entered.
Now we want to convert this to be able to use it as our key.
In Form1_Load, add this:
Code:
string ourKeyBytes = client.DownloadString(BytesToString(myByteArray));
            byte[] bytes = ourKeyBytes.Split().Select(t => byte.Parse(t, System.Globalization.NumberStyles.AllowHexSpecifier)).ToArray();
            key = BytesToString(bytes);
Now our Encryption has a key, we can Encrypt a string. So lets create another file on our server and call it "test.txt".

Under the code we have added in "Form1_Load", add this:
Code:
MessageBox.Show(Encrypt("STRING I WANNA ENCRYPT");
Run the program and make note of the exact characters in the MessageBox... Put these into the string to HEX converter website again.

I am Encrypting the string:
Code:
ProfoundModz
When Encrypted, it is:
Code:
72JeeVa1RmLbwn0PJVU4RQ==
Converting this to hex, it becomes:
Code:
37324a6565566131526d4c62776e30504a56553452513d3d
Now we have to split this again, but only the spaces, no comma or "0x":
Code:
37 32 4A 65 65 56 61 31 52 6D 4C 62 77 6E 30 50 4A 56 55 34 52 51 3D 3D
Now place this split hex into our "test.txt" file on our webserver, and attempt to retrieve and Decrypt it!

Now we will use some of the same byte array as gaining the key in order to get this (same method at least), but instead of "
You do not have permission to view link Log in or register now.
", we need "
You do not have permission to view link Log in or register now.
"
We only need to replace 3 bytes and add one. So our byte array for the key.txt link is:
Code:
0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 0x73, 0x74, 0x2F, 0x6B, 0x65, 0x79, 0x2E, 0x74, 0x78, 0x74
You may notice the end being:
Code:
0x2E, 0x74, 0x78, 0x74
. This is ".txt" in HEX. that must mean the last 7 bytes are "key.txt". From these, will update the first 3, and add one after. I will replace
Code:
0x6B, 0x65, 0x79
to
Code:
0x74, 0x65, 0x73, 0x74
, as this is "test" in hex to bytes.

Under the code already in "Form1_Load", remove the MessageBox.Show code, and add a new array:
Code:
byte[] myOtherByteArray = { BYTES HERE };
. I will replace "BYTES HERE" with:
Code:
0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 0x73, 0x74, 0x2F, 0x74, 0x65, 0x73, 0x74, 0x2E, 0x74, 0x78, 0x74
Now add this under our new byte array:
Code:
string myOtherMessageBytes = client.DownloadString(BytesToString(myOtherByteArray));
            byte[] Otherbytes = myOtherMessageBytes.Split().Select(t => byte.Parse(t, System.Globalization.NumberStyles.AllowHexSpecifier)).ToArray();
Now we can display the Decrypted text in a MessageBox like so:
Code:
MessageBox.Show(Decrypt(BytesToString(Otherbytes)));
I created a program so quickly Encrypt a string and byte it into the byte format (XX XX XX...) for me, and then I put this into a file using ":" between each encrypted string. Then I download it, and split it using ":" into an array, and then I can assign each string that I need to manually. If you'd like me to show you how to do this, PM me, and I'll share some sources.

Also consider "downloading" parts of your code (encrypt it like above). I'll make a tutorial on this in the future.
Code:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Net;
using System.Security.Cryptography;

namespace String_Encryption_Tool
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        WebClient client = new WebClient();
        public string BytesToString(byte[] arr)
        {
            return Encoding.UTF8.GetString(arr);
        }

        string key;

        public string Encrypt(string data)
        {
            using (var des = new TripleDESCryptoServiceProvider { Mode = CipherMode.ECB, Key = Encoding.UTF8.GetBytes(key), Padding = PaddingMode.PKCS7 })
            using (var desEncrypt = des.CreateEncryptor())
            {
                var buffer = Encoding.UTF8.GetBytes(data);

                return Convert.ToBase64String(desEncrypt.TransformFinalBlock(buffer, 0, buffer.Length));
            }
        }

        public string Decrypt(string data)
        {
            using (var des = new TripleDESCryptoServiceProvider { Mode = CipherMode.ECB, Key = Encoding.UTF8.GetBytes(key), Padding = PaddingMode.PKCS7 })
            using (var desEncrypt = des.CreateDecryptor())
            {
                var buffer = Convert.FromBase64String(data.Replace(" ", "+"));

                return Encoding.UTF8.GetString(desEncrypt.TransformFinalBlock(buffer, 0, buffer.Length));
            }
        }

        private void Form1_Load(object sender, EventArgs e)
        {
            byte[] myByteArray = { 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 0x73, 0x74, 0x2F, 0x6B, 0x65, 0x79, 0x2E, 0x74, 0x78, 0x74 };
            //MessageBox.Show(client.DownloadString(BytesToString(myByteArray)));

            string myKeyBytes = client.DownloadString(BytesToString(myByteArray));
            byte[] bytes = myKeyBytes.Split().Select(t => byte.Parse(t, System.Globalization.NumberStyles.AllowHexSpecifier)).ToArray();
            key = BytesToString(bytes);

            byte[] myOtherByteArray = { 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 0x73, 0x74, 0x2F, 0x74, 0x65, 0x73, 0x74, 0x2E, 0x74, 0x78, 0x74 };
            string myOtherMessageBytes = client.DownloadString(BytesToString(myOtherByteArray));
            byte[] Otherbytes = myOtherMessageBytes.Split().Select(t => byte.Parse(t, System.Globalization.NumberStyles.AllowHexSpecifier)).ToArray();

            MessageBox.Show(Decrypt(BytesToString(Otherbytes)));
          
        }
    }
}
~ Harry
 

Top