[SOLVED] Identifying the ENCRYPTION ALGORITHM used in advapi32.dll

Identifying the ENCRYPTION ALGORITHM used in advapi32.dll

How to find which encryption is used in the following vb code

As far as i understood it is using

MD5 to hash the given key
MD5's result is obtained.
then use the resulting value as key for RC4 algorithm

The problem is i am not getting the same output when the above procedures are used separately.

The vb code gives the following output.

aa = !!S
a = !!
b = +
c = -
abc = !!P®
hello = W¡!!‘
A = 3
B = 0
C = 1
ABC = 3pŽ

Note: the value of b above is a "+" -like symbol in which the vertical line is longer.

The vb code is as follows.

Private Const MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0"
Private Const PROV_RSA_FULL = 1
Private Const ALG_CLASS_DATA_ENCRYPT = 24576
Private Const ALG_CLASS_HASH = 32768

Private Const ALG_TYPE_ANY = 0
Private Const ALG_TYPE_BLOCK = 1536
Private Const ALG_TYPE_STREAM = 2048

Private Const ALG_SID_RC2 = 2

Private Const ALG_SID_RC4 = 1
Private Const ALG_SID_MD5 = 3
Private Const CALG_MD5 = ((ALG_CLASS_HASH Or ALG_TYPE_ANY) Or ALG_SID_MD5)
Private Const CALG_RC2 = ((ALG_CLASS_DATA_ENCRYPT Or ALG_TYPE_BLOCK) Or ALG_SID_RC2)
Private Const CALG_RC4 = ((ALG_CLASS_DATA_ENCRYPT Or ALG_TYPE_STREAM) Or ALG_SID_RC4)

Private Const ENCRYPT_ALGORITHM = CALG_RC4
Private Const ENCRYPT_BLOCK_SIZE = 1

Private Const CRYPT_EXPORTABLE = 1

Dim lHHash As Long
Dim lHkey As Long
Dim lResult As Long
Dim lHExchgKey As Long
Dim lHCryptprov As Long

Dim sContainer As String
Dim lCryptLength As Long
Dim lCryptBufLen As Long
Dim sCryptBuffer As String

On Error GoTo EncryptError

Dim sOutputBuffer As String

Dim sProvider

sOutputBuffer = ""
'Get handle to the default CSP
sProvider = MS_DEF_PROV & vbNullChar

If Len(PlainText) = 0 Then
    DoCryptoEncrypt = ""
    Exit Function
End If
If Not CBool(CryptAcquireContext(lHCryptprov, ByVal _
            sContainer, ByVal sProvider, PROV_RSA_FULL, 0)) Then
        ' If there is no default key container then create one
        ' using Flags field
        If GetLastError = 0 Then
        If Not CBool(CryptAcquireContext(lHCryptprov, 0&, ByVal sProvider, PROV_RSA_FULL, CRYPT_NEWKEYSET)) Then
            sOutputBuffer = PlainText
            GoTo Finished
        End If
    End If
End If

'Create a hash object
If Not CBool(CryptCreateHash(lHCryptprov, CALG_MD5, 0, _
        0, lHHash)) Then
    GoTo Finished
End If

'Hash in the password text
If Not CBool(CryptHashData(lHHash, sPassword, _
        Len(sPassword), 0)) Then
    GoTo Finished
End If

'Create a session key from the hash object.
If Not CBool(CryptDeriveKey(lHCryptprov, _
        ENCRYPT_ALGORITHM, lHHash, 0, lHkey)) Then
    GoTo Finished
End If

'Destroy the hash object.
CryptDestroyHash (lHHash)
lHHash = 0

'Create a buffer for the CryptEncrypt function
lCryptLength = Len(PlainText)
lCryptBufLen = lCryptLength * 2
sCryptBuffer = String(lCryptBufLen, vbNullChar)
LSet sCryptBuffer = PlainText

'Encrypt the text data
If Not CBool(CryptEncrypt(lHkey, 0, 1, 0, sCryptBuffer, _
    lCryptLength, lCryptBufLen)) Then
End If

Solution

Your vb code works as follows.

it use MD5 to hash the given value.
then it creates a session key compatible with RC4 algorithm using MD5 hash value
creates encrypted value using RC4 as algorithm and session-key as key