Sven Dens

deserialize me

Encryption in AS2 and AS3

with 11 comments

If ever you need to encrypt or decrypt something from in AS2 or AS3, this might come in handy for you.
I’ve started off with the great encryption classes written for AS2 by meychi.com (currently offline), but felt there had to be a more user-friendly way of using them, so I got to work on it last night and think I’ve come up with a pretty elegant solution.

You can download the ZIP-archive to try it out for yourself.
Please note that this release is still early alpha and there’s probably alot of room for improvement, I’ll post updated copies for the files here regularly. There’s also still little documentation in the files and there aren’t any unit tests yet.
Inside the ZIP you’ll find an FLA for AS2 and one for AS3. The AS2 FLA comes in a Flash8 and a FlashCS3 flavour.
The FLA’s contain a single MovieClip with a linkage to their respective .as source files.

Inside the package be.boulevart.as2.security are the wrapper classes I wrote for the original AS2 implementation by meychi.
What this does is provide you with an elegant way of using any encryption type with just a single line of code:

e = new Encryption(EncryptionTypes.RC4(), str , this.theKey, null, null, null);

See what I did with the EncryptionTypes there?
Since AS2 nor AS3 provide Enum’s (like for instance C# does), the static class EncryptionTypes serves as a wrapper for the various AS2 encryption classes. It’s functions return an Object instance of the appropriate encryption class. So instead of importing all the encryption classes to your class and instantiating a new instance for each class, you just import be.boulevart.as2.security.* and call EncryptionTypes.<type_you_choose>();

Next, pass in the string you want to encrypt and (depending on the encryption type you choose) additional parameters.
Now you can just call e.encrypt to encrypt your string and e.decrypt to decrypt it.
Wasn’t that easy?

I also ported the originals by meychi to AS3.
Only GUID and LZW ain’t working in AS3 just yet.

Full AS3 example:

package be.boulevart.as3
{
    /**
    * Encodes and decodes a base64 string.
    * @authors Sven Dens - http://www.svendens.be
    * @version 0.1
    *
    * Original Javascript implementation:
    * Aardwulf Systems, www.aardwulf.com
    * See: http://www.aardwulf.com/tutor/base64/base64.html
    */
    import flash.display.MovieClip;
    import be.boulevart.as3.security.Encryption;
    import be.boulevart.as3.security.EncryptionTypes;

    public class as3_cryptdemo extends MovieClip
    {
        protected var e:Encryption;
        protected var theKey:String = "you'll never guess";
        protected var str:String = "My super secret string";

        public function as3_cryptdemo()
        {
            trace("String before encryption: " + str + "\n");

            //RC4 encryption
            e = new Encryption(EncryptionTypes.RC4(), str , this.theKey, null, null, null);
            e.encrypt();
            trace("String after RC4 encryption: " + e.getInput());
            e.decrypt();
            trace("String after RC4 decryption: " + e.getInput() + "\n");

            //Base8 encryption
            e = new Encryption(EncryptionTypes.Base8(), str , null, null, null, null);
            e.encode();
            trace("String after Base8 encoding: " + e.getInput());
            e.decode();
            trace("String after Base8 decoding: " + e.getInput() + "\n");

            //Base64 encryption
            e = new Encryption(EncryptionTypes.Base64(), str , null, null, null, null);
            e.encode();
            trace("String after Base64 encoding: " + e.getInput());
            e.decode();
            trace("String after Base64 decoding: " + e.getInput() + "\n");

            //Goauld calculation
            e = new Encryption(EncryptionTypes.Goauld(), str , null, null, null, null);
            e.calculate();
            trace("String after Goauld calculation: " + e.getInput() + "\n");

            //MD5 calculation
            e = new Encryption(EncryptionTypes.MD5(), str , null, null, null, null);
            e.calculate();
            trace("String after MD5 calculation: " + e.getInput() + "\n");

            //ROT13 calculation
            e = new Encryption(EncryptionTypes.ROT13(), str , null, null, null, null);
            e.calculate();
            trace("String after ROT13 calculation: " + e.getInput() + "\n");

            //SHA1 calculation
            e = new Encryption(EncryptionTypes.SHA1(), str , null, null, null, null);
            e.calculate();
            trace("String after SHA1 calculation: " + e.getInput() + "\n");

            //LZW compression
            /*e = new Encryption(EncryptionTypes.LZW(), str , null, null, null, null);
            e.compress();
            trace("String after LZW compression: " + e.getInput());
            e.decompress();
            trace("String after LZW decompression: " + e.getInput() + "\n");*/

            //TEA encryption
            e = new Encryption(EncryptionTypes.TEA(), str , this.theKey, null, null, null);
            e.encrypt();
            trace("String after TEA encryption: " + e.getInput());
            e.decrypt();
            trace("String after TEA decryption: " + e.getInput() + "\n");

            //Rijndael encryption
            e = new Encryption(EncryptionTypes.Rijndael(), str , this.theKey, "CBC", 256, 256);
            e.encryptRijndael();
            trace("String after Rijndael encryption: " + e.getInput());
            e.decryptRijndael();
            trace("String after Rijndael decryption: " + e.getInput() + "\n");
        }
    }
}

Full AS2 example:

import be.boulevart.as2.security.Encryption;
import be.boulevart.as2.security.EncryptionTypes;

class be.boulevart.as2.as2_cryptdemo extends MovieClip
{
    private var e:Encryption;
    private var theKey:String = "you'll never guess";
    private var str:String = "My super secret string";

    public function as2_cryptdemo()
    {
        trace("String before encryption: " + str + "\n");

        //RC4 encryption
        e = new Encryption(EncryptionTypes.RC4(), str , this.theKey, null, null, null);
        e.encrypt();
        trace("String after RC4 encryption: " + e.getInput());
        e.decrypt();
        trace("String after RC4 decryption: " + e.getInput() + "\n");

        //Base8 encryption
        e = new Encryption(EncryptionTypes.Base8(), str , null, null, null, null);
        e.encode();
        trace("String after Base8 encoding: " + e.getInput());
        e.decode();
        trace("String after Base8 decoding: " + e.getInput() + "\n");

        //Base64 encryption
        e = new Encryption(EncryptionTypes.Base64(), str , null, null, null, null);
        e.encode();
        trace("String after Base64 encoding: " + e.getInput());
        e.decode();
        trace("String after Base64 decoding: " + e.getInput() + "\n");

        //Goauld calculation
        e = new Encryption(EncryptionTypes.Goauld(), str , null, null, null, null);
        e.calculate();
        trace("String after Goauld calculation: " + e.getInput() + "\n");

        //MD5 calculation
        e = new Encryption(EncryptionTypes.MD5(), str , null, null, null, null);
        e.calculate();
        trace("String after MD5 calculation: " + e.getInput() + "\n");

        //ROT13 calculation
        e = new Encryption(EncryptionTypes.ROT13(), str , null, null, null, null);
        e.calculate();
        trace("String after ROT13 calculation: " + e.getInput() + "\n");

        //SHA1 calculation
        e = new Encryption(EncryptionTypes.SHA1(), str , null, null, null, null);
        e.calculate();
        trace("String after SHA1 calculation: " + e.getInput() + "\n");

        //LZW compression
        e = new Encryption(EncryptionTypes.LZW(), str , null, null, null, null);
        e.compress();
        trace("String after LZW compression: " + e.getInput());
        e.decompress();
        trace("String after LZW decompression: " + e.getInput() + "\n");

        //TEA encryption
        e = new Encryption(EncryptionTypes.TEA(), str , this.theKey, null, null, null);
        e.encrypt();
        trace("String after TEA encryption: " + e.getInput());
        e.decrypt();
        trace("String after TEA decryption: " + e.getInput() + "\n");

        //Rijndael encryption
        e = new Encryption(EncryptionTypes.Rijndael(), str , this.theKey, "CBC", 256, 256);
        e.encryptRijndael();
        trace("String after Rijndael encryption: " + e.getInput());
        e.decryptRijndael();
        trace("String after Rijndael decryption: " + e.getInput() + "\n");
    }
}

Like I said, still early alpha, but nevertheless fun to play with :-)

Let me know what you think about it!

Written by Sven Dens

May 22nd, 2007 at 1:44 pm

Posted in ActionScript

« Build and compile AS3, Flex2 and Apollo applications in Eclipse on Mac OS X
Email and cell phone validation in AS2 and AS3 »

11 Responses to 'Encryption in AS2 and AS3'

Subscribe to comments with RSS or TrackBack to 'Encryption in AS2 and AS3'.

  1. thx,but there still some problem,it cannot support chinese…

    YouYee

    22 Jun 07 at 6:39 PM

  2. Hi YouYee, thanks for your comment!

    Could you show me what goes wrong if you use Chinese please? Perhaps a screenshot or something? I cannot type Chinese characters on my pc, so it’s hard to test, but if you provide me with some more detail of the error I’ll look into it and see what I can do!

    admin

    22 Jun 07 at 11:48 PM

  3. you can test these word:”中国语 chinese”,encrypt it and decrypt it,the result will not as same as the source word.

    youyee

    6 Aug 07 at 4:56 AM

  4. String before encryption: 中国语 chinese

    String after RC4 encryption: undefineddundefined8undefined5424f766501fe50b1
    String after RC4 decryption: Pë7bñÒ`›ûÔn×fT¶\8C£

    String after Base8 encoding: 4e2d56fd8bed206368696e657365
    String after Base8 decoding: N-Vý‹í chinese

    String after Base64 encoding: tIGNoaW5lc2U=
    String after Base64 decoding: ´¡¥¹•Í”Ā
    String after Goauld calculation: 丫囻诫&enohcuc

    String after MD5 calculation: cf729ada29f396f2061b19ec72f4a560

    String after ROT13 calculation: 中国语 puvarfr

    String after SHA1 calculation: 989458983d7b646306f37599830e4d5daa75b78a

    String after TEA encryption: 79de0e9adaaa67bdded940cb
    String after TEA decryption: -KD¬chinese
    String after Rijndael encryption: 6bc5a391b5fa07eca44c77255f0632db892e8a8aa81fad1b2aa1d6e375bc8b52b89e896d622982013f3b8d6e290731e7f250c7c6123c508341ff066c0ddf415e
    String after Rijndael decryption: ¥Â chinese

    youyee

    6 Aug 07 at 5:07 AM

  5. I think it’used to encrypt the string vars.But not the source code.Right?(also frome china)

    Chuyue

    10 Aug 07 at 10:55 AM

  6. Hi there
    just came across your wrapper class ASCrypt and it looks very useful indeed.

    My problem is that I cant get php/Mcrypt to encrypt content that ASCrypt will decode successfully….
    I;m trying both TEA and Rijndael as they look the most secure for my purposes.

    Any pointers would be appreciated :)
    Thanks
    Gerard

    Gerard

    12 Oct 07 at 1:06 PM

  7. Hi

    I have tried the AS3 BASE64 and the encryption and decryption is working great! BUT I get a lot of warnings! Is it some thing I should care about or not?

    I get the following types of warnings:

    Warning: 1012: Variables of type Number cannot be undefined. The value undefined will be type coerced to Number before comparison.
    Warning: 1102: null used where a Number value was expected.
    Warning: 3596: Duplicate variable definition.

    Totally I get 15 Warnings…thus the trace output is correct regards the ecrypted and decrypted data…

    Kind regards,
    Pablo

    Pablo

    15 Nov 07 at 7:15 PM

  8. I had the same problem with my Asian characters failing encryption/decryption using the TEA encryption. I checked out the original Javascript source, and in that code the input string is escaped, so to the TEA.as script here, I added as the first line of the encrypt function:
    var asciitext:String = escape(src);

    Now the encryption/decryption works like a charm with Asian characters just as it does with English characters.

    Thanks, Sven, for this excellent and highly useful solution!

    Joe

    30 Nov 07 at 7:27 PM

  9. And, of course, in the decrypt function, I had to use unescape on the return string to get all my characters back to normal.

    Joe

    30 Nov 07 at 7:41 PM

  10. Yes, I have the same problem with russian. During my investingation I found that meychi classes doesnt support utf8 encoding wich is needed when you use languages other than english…

    Have anyone seen encryption classes for asctionscript2-3 with utf8 support?

    Forrest Gump

    10 Jan 08 at 2:08 PM

  11. Hi Sven,

    I would like to use this Encryption code but the download link is down. Do you have an other download location?
    Thanks in advance.

    Dean

    20 Oct 08 at 3:38 PM

Leave a Reply