问题
I'm trying to fix things on a PHP site. There is a pair of PHP functions:
function get_rnd_iv($iv_len) {
$iv = '';
while ($iv_len-- > 0) {
$iv .= chr(mt_rand() & 0xff);
}
return $iv;
}
function md5_encrypt($plain_text, $password, $iv_len = 16) {
$plain_text .= "\x13";
$n = strlen($plain_text);
if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
$i = 0;
$enc_text = get_rnd_iv($iv_len);
$iv = substr($password ^ $enc_text, 0, 512);
while ($i < $n) {
$block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
$enc_text .= $block;
$iv = substr($block . $iv, 0, 512) ^ $password;
$i += 16;
}
return base64_encode($enc_text);
}
function md5_decrypt($enc_text, $password, $iv_len = 16) {
$enc_text = base64_decode($enc_text);
$n = strlen($enc_text);
$i = $iv_len;
$plain_text = '';
$iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
while ($i < $n) {
$block = substr($enc_text, $i, 16);
$plain_text .= $block ^ pack('H*', md5($iv));
$iv = substr($block . $iv, 0, 512) ^ $password;
$i += 16;
}
return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
They are used to encrypt the IP addresses of users in the database. The $password parameter is stored in a php config file (so only dumping the sql will not give you the IP-s even when you know these functions).
I'm still puzzled over them as MD5 is clearly hashing and only things like bruteforcing can reverse it.
Can someone with more php experience explain, how this decryption works? The encrypted text is not a simple MD5 so I might have to understand what is happening there.
Anyway I'm trying to write a mysql stored function doing the decryption, because I want to join an other table by the IP-s (a table containing IP ranges for countries), and only return the country codes in the query.
The problems are: I have never written a MySQL function. How do I make a while cycle? there are functions like pack, and preg_replace which are not built in in MySQL, do I have to implement them too somehow?
Any help would be appreciated (ranging from hints to the full function)!
Comments like "MD5 cannot be decrypted it's hashing!" will not be appreciated.
回答1:
In these functions md5 is only used to compute hash of constant component $iv_len, that is later used like salt to the passwords.
Every other operations are reversible (string padding, packing and XOR [^])
As for MySQL function, I wouldn't do it. IMHO better solution is to extend users table with country_from_ip column and populate it from php, by decrypting all existing IPs and getting their country code and modifying php code to add this info while saving new record.
Making a join on field computed by function will very soon become bottleneck for your application
回答2:
The MD5 hash isn't performed on the IP address, it appears to be used to add some random seed data to the encryption, or something.
As for how to decrypt it, why do you want to use SQL? While is probably possible, I suspect PHP is much faster at this type of operation.
Use SQL to select, say, 1000 user rows at a time, and then use PHP to actually link them against each country.
来源:https://stackoverflow.com/questions/8861208/md5-decrypt-php-function-to-mysql-stored-function