This document gives brief idea on the encryption method
used in Class CL_HARD_WIRED_ENCRYPTOR.
Note:
1)The Method used for Encryption is - ENCRYPT_STRING2STRING.
2)The Method used for Decryption is - DECRYPT_STRING2STRING.
A) Below screen shows the view of the methods in class-CL_HARD_WIRED_ENCRYPTOR.
a) It uses base64 encoding.
b) And to make it more secured it uses a special 'xoring' algorithm for encryption and decryption.
c) This algorithm will be explained in this document later.
Let us first study how, the encryption process takes place using
B) Method-ENCRYPT_STRING2STRING
1) Let us consider and example to study how this method works.
a)User inputs a string which is importing parameter of this method
in a program.
Consider an example: ‘TEST’ as the input string.
2) To encrypt a string in this method we have 2 more methods to
execute:
a) encrypt_string2bytes(pass input string here).
b) base64_encode(get encrypted result here).
Initially the string = ’TEST’ is encrypted to byte format using
method ENCRYPT_STRING2BYTES.
3)To encrypt string to byte format, the string has to be first converted
to byte and then the byte data will be encrypted using the
hard-wired encryption technique.
4)To convert the string to bytes data method GET_BYTES is used.
The string ‘TEST’ is converted to bytes format as result = ‘74657374’.
5)Then the byte data ‘74657374’ is encrypted using the hard-wired encryption
technique in method ENCRYPT_BYTES2BYTES.
a) Algorithm study:
1) First the length of that bytes input is calculated.
a) Here 2 digits of input are considered as 1 in length
(Because it is xstring value).
Example: the_byte_array(xstring input) = '74657374'.
leng(Length) = '4'.
2) And the next step will be about creating a dynamic length for the field
symbol variable <copy_dat>.
a) Here we are incrementing the variable(result_len) length by 1.
b) And we are assigning dynamic length to <copy_dat> variable.
c) Now the length of <copy_dat> is xtring 5 i.e its initial value is '0000000000'.
d) We are incrementing the length of variable <copy_dat> by 1 from the
original length of the input xstring from '4' to '5' because, we will be
attaching '2' digits to our 'xored' data which will be explained later.
3) The next step is 'xoring' the xstring data (the_byte_array) and storing the
result in reverse order in variable <copy_dat>.
Here the 'do' will loop for 4 times( leng = '4').
Loop 1:
a) offs(offset) variable initially will be '0'.
offs = 1 (sy-index) - 1 = 0.
b) result_len = 5(result_len) - 1 = 4.
c) <copy_dat>+4(1) = the_byte_array+0(1) bit-xor 74(xor_val).
<copy_dat>+4(1) = 74 bit-xor 74.
<copy_dat>+4(1) = '00'.
<copy_dat> = '0000000000'.
loop 2:
a) offs = 2 - 1 = 1.
b) result_len = 4 - 1 = 3.
c) <copy_dat>+3(1) = the_byte_array+1(1) bit-xor 74(xor_val).
<copy_dat>+3(1) = 65 bit-xor 74.
<copy_dat>+3(1) = '11'.
<copy_dat> = '0000001100'.
loop 3:
a) offs = 3 - 1 = 2.
b) result_len = 3 - 1 = 2.
c) <copy_dat>+2(1) = the_byte_array+2(1) bit-xor 74(xor_val).
<copy_dat>+2(1) = 73 bit-xor 74.
<copy_dat>+2(1) = '07'.
<copy_dat> = '0000071100'.
loop 4:
a) offs = 4 - 1 = 3.
b) result_len = 2 - 1 = 1.
c) <copy_dat>+1(1) = the_byte_array+3(1) bit-xor 74(xor_val).
<copy_dat>+1(1) = 74 bit-xor 74.
<copy_dat>+1(1) = '00'.
<copy_dat> = '0000071100'.
4) In the final step we will flag resultant data with '01'(enc_flag).
a) After completion of previous step the value in <copy_dat> will be
'0000071100'.
b) Now we attach enc_flag to <copy_dat>(1).
c) Final result will be '0100071100'.
6) After bytes encryption of string the bytes data STRING_AS_BYTES = '0100071100'
is then exported to BASE64_ENCODE method as shown below.
a) Here Function Module: ‘SSFC_BASE64_ENCODE’ is used to
encode the byte data.
b) The byte data ‘0100071100’ will be encoded to value ‘AQAHEQA=’.
c) This will end the encryption process of input string 'test' to achieve
resultant encrypted string 'AQAHEQA=' .
7) Now the result will be received through parameter 'result' in our program.
Conclusion: After reading this document we know how the encryption algorithm works
in Class-CL_HARD_WIRED_ENCRYPTOR.
Important Note:1) As we have seen in above document the encryption process
involves key value 'xor_val' which has a static value '74' .
This makes the encryption process vulnerable to attacks.
2)But this can be overcome by further encryption of the resultant
string or by customizing the algorithm and passing the 'xor_val'
dynamically,which can be achieved quite easily.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
5 | |
3 | |
3 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 |