Go4Expert

Go4Expert (http://www.go4expert.com/)
-   C (http://www.go4expert.com/forums/c/)
-   -   help help (http://www.go4expert.com/forums/help-help-t17625/)

rochela 20May2009 16:15

help help
 
i need someone to help me out with these code am not that good in c++ compile it for me or tell me what to do to it ?/******
CFMEncrypt.cpp
Rick Osborne <rick@rixsoft.com>

This is all based on the original source by Matt Chapman
<matthewc@cse.unsw.edu.au>

Purpose:
Encrypts and decrypts CFML templates. Encryption, like CFCRYPT.EXE,
produces executable CFML templates. Decryption performs just like
the CFDECRYPT utility by Matt Chapman. You now have both sets of
functionality in a CFX tag. Go to town.

Reference:
http://packetstorm.securify.com/9907.../cfdecrypt.txt
http://shroom.dv8.org/bmp/crypt.cgi
http://www.rewted.org/exploits/sorte...99/cfdecrypt.c

Decryption Procedure:
1. Get the header size from the top of the file (it is in plaintext).
For version 1 encryption, the custom header is included in this
number, but version 2 encrypts the header with the sourcecode and has
some extra junk for the next 16 bytes. (Don't know what this is yet.)
2. Setup your DES.
3. Decrypt the ciphertext in 8-byte chunks.
a. If you are using version 2 system, look for the first 0x1a to signal
the end of the custom header
4. The remaining bytes in the file are just XORed with their position
past the header. (Hint: Don't store your passwords in the last 7
bytes! ;)

Encryption Procedure:
1. Write the header, including the size and the custom header.
2. Setup your DES.
3. Encrypt the plaintext in 8-byte chunks.
4. The remaining bytes in the file are just XORed with their position
past the header.

Usage:

Parameters:
MODE="ENCRYPT|DECRYPT" (required)
INFILE="(filename)" (not required if you have INPUT instead)
INPUT="(text)" (not required if you have INFILE instead)
OUTFILE="(filename)" (not required if you have OUTPUT instead)
OUTPUT="(text)" (not required if you have OUTFILE instead)
HEADER="(text)" (custom header text for ENCRYPT -- not required)
ERROR="(varname)" (not required -- defaults to CFMEncrypt.Error)

Example:
<!--- Add Yahoo/Geocities-style footers --->
<CFX_CFMENCRYPT MODE="DECRYPT" INFILE="source.cfm" OUTPUT="Source" ERROR="ThisError">
<CFIF ThisError IS NOT "">
<CFABORT SHOWERROR="Could not decrypt! #ThisError#">
</CFIF>
<CFSET Custom=Source & Chr(13) & Chr(10) & "<P>Thank's for using Rick's server!</P>">
<CFX_CFMENCRYPT MODE="ENCRYPT" INPUT="#Custom#" OUTFILE="source.cfm" HEADER="Hosted by Rick">

Notes:
- Anything coming out of an ENCRYPT operation, or into a DECRYPT
operation, is binary data. I suggest you don't try to manipulate
this in variables. That's what files are for.
- Note: This version only does version 1 format files. Until I figure
out what the extra 16 bytes in the new version are, I don't want to
mess with version 2. Besides, it works.

Creative uses:
- Become a CF service host that uses only the ADK. Provide web-based file
upload that automagically encrypts templates as they are uploaded.
Save yourself lots of money by not having to buy the full version.
- "Safety scan" templates that you don't have control over. (Find
people trying to use the hidden admin functions when they shouldn't be.)
- Write some CF scripts to run nightly:
1. Check out the stable source tree from your version control software.
2. Encrypt the source.
3. Upload the encrypted source to your clients.
- Write a "Windows Update"/"LiveUpdate" kind of on-demand updating for your
production code:
1. Code on client end checks in nightly for revisions.
2. When new things are found, encrypt them and send them.

Why use this and not CFCRYPT.EXE?
No major reasons. Maybe you don't want to use CFEXECUTE. Maybe this is
actually faster than shelling out every time you want to encrypt a
template.

Installation:
Install this just as you would any other CFX tag. Note that the ZIP file
should come with two versions: Debug and Release. You only need to install
one of them.

******/
Code:

#include <windows.h>
#include <stdio.h>
#include "CFX.h"
#include "CFMEncrypt.h"
#include "des.h"

int CFMEncrypt(FILE* in, FILE* out, LPCSTR customheader) {
  int headsize = 54;
  char sheadsize[13];
  int i;
  fwrite(TEMPLATE_HEADER,sizeof(char),strlen(TEMPLATE_HEADER),out);
  if(customheader && *customheader) headsize += strlen(customheader);
  itoa(headsize,sheadsize,10);
  for(i=strlen(sheadsize);i<10;i++) sheadsize[i]=' ';
  sheadsize[10] = 0x0a;
  sheadsize[11] = 0x1a;
  sheadsize[12] = 0x00;
  fwrite(sheadsize,sizeof(char),12,out);
  if(customheader && *customheader) {
    fwrite(customheader,sizeof(char),strlen(customheader),out);
    fwrite("\x1a",sizeof(char),1,out);
  }
  des_cblock key;
  des_cblock input = {0, 0, 0, 0, 0, 0, 0, 0};
  des_cblock output = {0, 0, 0, 0, 0, 0, 0, 0};
  char *keystr = "Error: cannot open template file--\"%s\". Please, try again!\012\012";
  des_key_schedule schedule;
  des_string_to_key(keystr, &key);
  des_set_key(&key, schedule);
  int outlen = 0;
  int red;  /* red, get it?  It's a pun.  (okay, it's not that funny, but I can't use 'read'.) */
  /* read the file, 8 bytes at a time, and encrypt it */
  while ((red = fread(input, sizeof(char), 8, in)) == 8) {
    des_ecb_encrypt(&input, &output, schedule, 1);
    outlen += 8;
    fwrite(output, sizeof(char), 8, out);
  } /* while */
  /* This is just kooky.  Why didn't they just pad to 8 bytes? */
  if(red) {
    for(i=0;i<red;i++) output[i] = input[i] ^ (outlen + i);
    fwrite(output, sizeof(char), red, out);
  }
  return ENC_OK;
}

int CFMDecrypt(FILE* in, FILE* out) {
  /* First we read the header, to make sure that we are working with a valid encrypted template. */
  char header[54];
  if(fread(header,sizeof(char),54,in) != 54) return DEC_ERR_BAD_HEAD_SIZE;
  if(memcmp(header,TEMPLATE_HEADER,42)) return DEC_ERR_BAD_HEAD_DATA;
  int headsize;
  int skip;
  if(!memcmp(&header[42],"New Version",11)) {
    headsize = 69; /* What number are we thinking of right now? -- 69, dudes! -- Whoa! */
    skip = 1;      /* To my loo, my darlin'? */
  } else {
    headsize = atoi(&header[42]);  /* "Should we put this in as a text number, or as a binary long?" */
    skip = 0;                      /* "As a textual number.  Duh.  What are you thinkin', man?" */
  } /* if */
  if(headsize < 54) return DEC_ERR_BAD_DATA_SIZE;
  if(fseek(in,headsize,SEEK_SET) < 0) return DEC_ERR_BAD_DATA_SEEK;
  des_cblock key;
  des_cblock input;
  des_cblock output;
  char *keystr = "Error: cannot open template file--\"%s\". Please, try again!\012\012";
  des_key_schedule schedule;
  des_string_to_key(keystr, &key);
  des_set_key(&key, schedule);
  int outlen = 0;
  int i;
  int red;  /* red, get it?  It's a pun.  (okay, it's not that funny, but I can't use 'read'.) */
  /* read the file, 8 bytes at a time, and decrypt it */
  while ((red = fread(input, sizeof(char), 8, in)) == 8) {
    des_ecb_encrypt(&input, &output, schedule, 0);
    outlen += 8;
    i = 0;
    if(skip) while(i<8) if(output[i++] == 0x1a) { skip = 0; break; }
    fwrite(output + i, sizeof(char), 8 - i, out);
  } /* while */
  for(i=0;i<red;i++) output[i] = input[i] ^ (outlen + i);
  fwrite(output, sizeof(char), red, out);
  return DEC_OK;
}

void ProcessTagRequest(CCFXRequest* pRequest) {
  LPCSTR sMode        = pRequest->GetAttribute("MODE");
  LPCSTR sInFile      = pRequest->GetAttribute("INFILE");
  LPCSTR sOutFile    = pRequest->GetAttribute("OUTFILE");
  LPCSTR sInStream    = pRequest->GetAttribute("INPUT");
  LPCSTR sOutStream  = pRequest->GetAttribute("OUTPUT");
  LPCSTR sError      = pRequest->GetAttribute("ERROR");
  LPCSTR sHeader      = pRequest->GetAttribute("HEADER");
  if(!sError || !*sError) sError = "CFMEncrypt.Error";
  try {
    if(!sMode || !*sMode) throw "Required attribute MODE not found.  Should be MODE=\"ENCRYPT\" or MODE=\"DECRYPT\".";
    int iMode;
    strupr((char*)sMode);
    if(!strcmp(sMode,"ENCRYPT")) iMode = MODE_ENC;
    else if(!strcmp(sMode,"DECRYPT")) iMode = MODE_DEC;
    else throw "Unknown MODE attribute.  Should be MODE=\"ENCRYPT\" or MODE=\"DECRYPT\".";
    int tempSource = 0;
    int tempDest = 0;
    FILE* fIn = NULL;
    FILE* fOut = NULL;
    if(sInStream && *sInStream) {
      fIn = tmpfile();
      if(!fIn) throw "Could not create temp file for INPUT stream.";
      size_t slen = strlen(sInStream);
      fwrite(sInStream,sizeof(char),slen,fIn);
      fseek(fIn,0,SEEK_SET);
    } else if(sInFile && *sInFile) {
      fIn = fopen(sInFile,"rb");
      if(!fIn) throw "Could not open INFILE for read/binary access.";
    } else {
      throw "Required input source not found.  Use INPUT or INFILE attributes.";
    }
    if(sOutStream && *sOutStream) {
      fOut = tmpfile();
      if(!fOut) {
        fclose(fIn);
        throw "Could not create temp file for OUTPUT stream.";
      } /* if */
    } /* if */
    if(sOutFile && *sOutFile) {
      fOut = fopen(sOutFile,"w+b");
      if(!fOut) {
        fclose(fIn);
        throw "Could not open OUTFILE for write/binary access.";
      } /* if */
    }
    if(!fOut) {
      fclose(fIn);
      throw "Required input source not found.  Use INPUT or INFILE attributes.";
    } /* if */
    int results;
    if(iMode == MODE_ENC) results = CFMEncrypt(fIn, fOut, sHeader);
    else results = CFMDecrypt(fIn, fOut);
    fclose(fIn);
    if(sOutStream && *sOutStream) {
      fseek(fOut,0,SEEK_END);
      long fsize = ftell(fOut);
      fseek(fOut,0,SEEK_SET);
      char* fbuf = new char[fsize + 1];
      fbuf[fsize] = NULL;
      fread(fbuf,sizeof(char),fsize,fOut);
      pRequest->SetVariable(sOutStream,fbuf);
      delete fbuf;
    } /* if */
    fclose(fOut);
    if((results != ENC_OK) && (results != DEC_OK)) {
      char rbuf[16];
      itoa(results,rbuf,10);
      pRequest->SetVariable(sError,(char*)rbuf);
    } /* if */
  } /* try */
  catch(CCFXException* e) {
    pRequest->ReThrowException(e);
  } /* catch CCFXException* */
  catch(char* cp) {
    pRequest->SetVariable(sError,cp);
    pRequest->ThrowException(TAG_ERROR_HEADER,cp);
  } /* catch char* */
  catch( ... ) {
    pRequest->ThrowException(TAG_ERROR_HEADER,"Unexpected error occurred while processing tag.");
  } //catch
} /* Process Tag Request */



All times are GMT +5.5. The time now is 02:39.