fogbound.net




Thu, 28 Mar 2019

Using openssl for AES-CBC-PKCS5Padding rather than mcrypt in PHP

— SjG @ 2:34 pm

Yeah, that’s quite an acronym soup.

Background: the mcrypt library for PHP has been deprecated for a long time now. However, in PHP we still have to process lots encrypted strings coming from a format like MCRYPT_RIJNDAEL_128 or stuff coming from Java (Android, I’m looking at you!), that was encrypted with a AES with Cipher Blocker Chaining and PKCS5Padding. These cipher algorithms are not explicitly included in openssl as such, although you can find stray references all over the web pointing you in the general direction.

I frequently have to integrate with third-party sites or services that are written in Java, and which provide sample PHP code for implementing my end. Because the ciphers in mcrypt are easier to identify, this provided source usually uses the deprecated library rather than openssl.

So, to save some time, here’s the equivalent openssl encryption/decryption commands:

openssl_encrypt($plaintext,'aes-128-cbc',$key,0,$iv)
openssl_decrypt($encrypted, 'aes-128-cbc',$key, 0, $iv)

For a more verbose proof-of-concept, a longer test program is included below. But before you look at that, consider the following warnings:

DO NOT USE A FIXED INITIALIZATION VECTOR!
DO NOT USE STUPID PASSWORDS!
DO NOT USE THIS CODE IN PRODUCTION!

<?php
// sooper-secret message
$src = array('don' => 'sleeper agent', 'mike' => 'coverup');
// ultra-seekrit key
$key = '1234567890123456';
// hard-coded initialization vector to prove we really know our stuff
$iv = '6543210987654321';

$original = json_encode($src);

// encrypt with mcrypt
$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$pad = $size - (strlen($original) % $size);
$plain = $original . str_repeat(chr($pad), $pad);
$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($module, $key, $iv);
$data = mcrypt_generic($module, $plain);
mcrypt_generic_deinit($module);
mcrypt_module_close($module);
$mcrypted = base64_encode($data);

// encrypt with openssl
$ocrypted = openssl_encrypt($original, 'aes-128-cbc', $key, 0, $iv);

if (strcmp($mcrypted, $ocrypted))
{
echo "Uh-oh. Encrypted strings don't match up.\n";
echo "mcrypt encrypted string:\n$mcrypted\n";
echo "openssl encrypted string:\n$ocrypted\n";
}
else
{
// decrypt using mcrypt
$m_from_o_decrypt_padded = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($ocrypted), MCRYPT_MODE_CBC, $iv);
$dec_s = strlen($m_from_o_decrypt_padded);
$padding = ord($m_from_o_decrypt_padded[$dec_s - 1]);
$m_from_o_decrypt = substr($m_from_o_decrypt_padded, 0, -$padding);

// decrypt using openssl
$o_from_m_decrypt = openssl_decrypt($mcrypted, 'aes-128-cbc', $key, 0, $iv);

if (strcmp($o_from_m_decrypt, $m_from_o_decrypt))
{
echo "Uh-oh. Decrypted JSON strings don't match up.\n";
echo "openssl decrypting mcrypt encrypted string:\n$o_from_m_decrypt\n";
echo "mcrypt decrypting openssl encrypted string:\n$m_from_o_decrypt\n";
}
else
{
echo "Encrypted strings were the same, and each library decrypted the other's encrypted data\n.";
}
}

Wed, 13 Mar 2019

Replacing the battery in a mid-2012 Retina MBP

— SjG @ 8:17 pm

I bought my MBP back in September of 2012, and it’s been the best machine I’ve ever owned. Named Apotheosis, it’s quiet, powerful, good battery life, and all that. It’s been through four or five iterations of MacOS, and still runs fast. It’s got old-school USB 3 ports, an SD card reader, and the mag-safe connector. In short, the only thing I could hope to improve it would be more storage.

Of late, however, it’s been exhibiting power issues. It will log itself out, or spontaneously go to sleep and not wake up without external power. I reset the System Management Controller (SMC) by the arcane ritual of holding down Shift, Control, and Option on the left side of the keyboard, then holding down the power button for 10 seconds. No luck.

Then, there’s some minor issues with the screen; small areas that look almost like fungus in the display. From what I’ve read, this has affected a lot of older Retina displays, but in my case it’s more an annoyance than a serious problem. Still, given these two issues, I thought perhaps it’s time to upgrade. After all, the machine’s over six years old.

Looking at the new MacBooks and MacBook Pros, though, I can’t find anything that would be satisfactory. Certainly nothing at a price-point that I feel like paying. I’m not a big fan of the new keyboards, and if you want to put a lot of storage (i.e., 2TB) in a machine, Apple really makes you pay. Resolved, then, try to get more years out of Apotheosis. Apple no longer services this model, and the indy/Authorized dealers wanted $500 to replace the battery. That seemed high to me.

Other World Computing has a replacement battery kit for $85. I ordered it, and it arrived overnight! In big red letters, they warn that “Professional Installation Highly Recommended” but people like me don’t pay any attention to such things.

Back cover removed

The kit comes complete with Torx screwdrivers specifically for the MBP, including the (in)famous “pentalobe” driver.

They also supply a step-by-step video for the process. This is a really outstanding instructional video. It shows everything in perfect detail. Things which sound simple in words (e.g., “unclip the connector”) are often not so clear when staring at the physical object. But watching each step makes it very simple.

That being said, they estimated two hours to do the process, and it took me more like three. Part of that was my obsessive disassembly process which I’ve perfected over the years. It involves lots of post-it notes, with little drawings and sticky tape that I use to make sure I can reassemble things correctly. In this case, the video would have been sufficient, but old habits die hard. And, frankly, this is a good habit.

Even thought OWC makes this a straightforward process, Apple certainly didn’t intend it to be. You have to remove the speakers to really get at the battery. To get the speakers out, you basically have to remove all the guts:

Ready for battery removal
All The Innards… haruspices take note

The kit includes a gnarly solvent that helps dissove the adhesive holding the battery in place. This is the worst part of the process, although they provide gloves and eye protection to make it a safer process.

Once the machine was back together, I went through a full charge/discharge cycle, and it’s seemed quite stable. There are some weird minor discrepancies. For example, while writing this post and doing some other odd chores, I’ve been unplugged. The menu bar battery gauge tells me I’m at 81%, while CoconutBattery tells me I’m at 77.6%.

With any luck, this repair will help me keep Apotheosis up and running for a few more years!