Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Delphi 2007 code that decrypts IW service params not working in Delphi DX?


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 7 - Last Post: Apr 7, 2016 1:43 AM Last Post By: Alexandre Machado
Riaan Jutte

Posts: 3
Registered: 4/16/11
Delphi 2007 code that decrypts IW service params not working in Delphi DX?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 24, 2016 3:57 AM
We are migrating Delphi 2007\IW 9 services to Delphi DX\IW 14, and have run into a problem with decrypting parameters. I'm not sure whether it's due to Intraweb or Delphi. I assume it's related to Unicode and\or codepages, but I'm at a loss as to how to resolve the issue.

We use a very simple Vigenère-based cipher to obfuscate the parameters we pass to the IW services. Using the below code in Delphi 2007 I can encrypt & decrypt any value without problem, however, decrypting a value in Delphi DX that was encrypted in Delphi 2007 produces garbage.

You may wonder why we don't simply use a different cipher in Delphi DX, but many of our IW services are accessed from third party applications that provides encrypted parameters compatible with the cipher code in Delphi 2007.

//==============================================
function Trans( Ch: Char; k: Byte ): Char;
var i: integer;
begin
i := ord(ch) + k;
if i < 0 then
i := i + 256
else if i > 255 then
i := i - 256;
result := char(i);
end;

function Decrypt( St: string; Key: string ): string;
var i, j: byte;
begin
result := '';
j := 1;
if length(key) > 0 then
for i := 1 to length(st) do begin
result := result + trans(st[i],-ord(key[j]));
if j = length(key) then j := 1 else inc(j);
end;
end;

function Encrypt( St: string; Key: string ): string;
var i, j: byte;
begin
result := '';
j := 1;
if length(key) > 0 then
for i := 1 to length(st) do begin
result := result + trans(st[i],ord(key[j]));
if j = length(key) then j := 1 else inc(j);
end;
end;
//==============================================

Thanks in advance!
Daniel Fields

Posts: 622
Registered: 11/29/04
Re: Delphi 2007 code that decrypts IW service params not working in Delphi DX?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 24, 2016 10:58 AM   in response to: Riaan Jutte in response to: Riaan Jutte
I think it may be related to use of the string type. In D2007 the string type was an ANSI string with a maximum width of 255 characters. Since D2009 that default type is now a Unicode string limited only by system memory. What used to be called a string is now a ShortString. You will have to change your procedure parameter types to ShortString to make them work.

There is a lot of detail on this in your RAD Studio help file. Open the help system and expand the tree like this:

-RAD Studio,
-RAD Studio Topics,
-What's New,
-What's New in Past Releases,
-What's New in Delphi and C++Builder 2009
Riaan Jutte

Posts: 3
Registered: 4/16/11
Re: Delphi 2007 code that decrypts IW service params not working in Delphi DX?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 31, 2016 2:45 AM   in response to: Daniel Fields in response to: Daniel Fields
Daniel Fields wrote:
I think it may be related to use of the string type. In D2007 the string type was an ANSI string with a maximum width of 255 characters. Since D2009 that default type is now a Unicode string limited only by system memory. What used to be called a string is now a ShortString. You will have to change your procedure parameter types to ShortString to make them work.

There is a lot of detail on this in your RAD Studio help file. Open the help system and expand the tree like this:

-RAD Studio,
-RAD Studio Topics,
-What's New,
-What's New in Past Releases,
-What's New in Delphi and C++Builder 2009

Thank you for the feedback, however using ShortString has not resolved the issue. I think the problem is occurring BEFORE the attempt to decrypt, because when I inspect the parameters in TIWUserSession.IWUserSessionBaseCreate(), WebApplication.RunParams.ValueFromIndex[0] = "??V?", but the value I'm actually sending in the parameter is "„V‡". Performing the same parameter check in D2007 does show the correct encrypted value before decryption is performed.

I will look into the help system to read up more about the topic as suggested.
Dan Barclay

Posts: 889
Registered: 11/9/03
Re: Delphi 2007 code that decrypts IW service params not working in Delphi DX?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 31, 2016 10:11 AM   in response to: Riaan Jutte in response to: Riaan Jutte
Riaan Jutte wrote:

Daniel Fields wrote:
I think it may be related to use of the string type. In D2007 the
string type was an ANSI string with a maximum width of 255
characters. Since D2009 that default type is now a Unicode string
limited only by system memory. What used to be called a string is
now a ShortString. You will have to change your procedure
parameter types to ShortString to make them work.

There is a lot of detail on this in your RAD Studio help file.
Open the help system and expand the tree like this:

-RAD Studio,
-RAD Studio Topics,
-What's New,
-What's New in Past Releases,
-What's New in Delphi and C++Builder 2009

Thank you for the feedback, however using ShortString has not
resolved the issue. I think the problem is occurring BEFORE the
attempt to decrypt, because when I inspect the parameters in
TIWUserSession.IWUserSessionBaseCreate(),
WebApplication.RunParams.ValueFromIndex[0] = "??V?", but the value
I'm actually sending in the parameter is "„V‡". Performing the same
parameter check in D2007 does show the correct encrypted value before
decryption is performed.

I will look into the help system to read up more about the topic as
suggested.

I'm pretty sure you will find that the problem results from "automatic"
conversions between unicode and ansi strings. The changes made to
Delphi are far too "helpful". String handling functions throughout
Delphi were changed. In fact, if you look at functions like
AnsiLeftStr() parameters are listed as String even though "Ansi" is in
the name. When used, our Ansistring parameters are converted to
unicode, the function is executed, and returned to your ansistring
variable after another conversion.

That's just to say, you're going to have to follow your message packet
through its journey and find where it is being whacked. You are likely
to find the problem somewhere in the runtime where it is processing the
message as unicode.

If you have control of both the source and destination your best bet is
to encode the packet with something like base64 that limits to a
smaller subset of codes. It looks like your current method uses the
entire 256 code spectrum.

The addition of Unicode to Delphi should have been handled quite
differently, but it wasn't. It's a Delphi issue, not IW.

Dan
Jose Nilton Pace


Posts: 122
Registered: 5/15/98
Re: Delphi 2007 code that decrypts IW service params not working in Delphi DX?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 31, 2016 3:10 PM   in response to: Riaan Jutte in response to: Riaan Jutte
Riaan, you try this test too:

AnsiString( WebApplication.RunParams.ValueFromIndex[0] ) = "„V‡"
Alexandre Machado

Posts: 1,754
Registered: 8/10/13
Re: Delphi 2007 code that decrypts IW service params not working in Delphi DX?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 7, 2016 1:42 AM   in response to: Riaan Jutte in response to: Riaan Jutte
First, you should not use a different cipher. You should use HTTPS, the standard for web communication security. Everything else will just give you a false perception of security. Enable HTTPS in both ends using free OpenSSL, and then you can use plain parameters without any custom encryption. It just doesn't make sense.

Thank you for the feedback, however using ShortString has not resolved the issue. I think the problem is occurring BEFORE the attempt to decrypt, because when I inspect the parameters in TIWUserSession.IWUserSessionBaseCreate(), WebApplication.RunParams.ValueFromIndex[0] = "??V?", but the value I'm actually sending in the parameter is "„V‡". Performing the same parameter check in D2007 does show the correct encrypted value before decryption is performed.

If you insist with this approach, though (I'm strongly against it, anyway)...
Is the client (UA) a browser or another application? If the later, is it encoding non ASCII chars correctly? IW application will just expect to receive it encoded just like any browser does.

If you provide the source code of a simple test case application showing the problem I can have a look at it. But it has to compile and cannot depend on 3rd party code/components.

Edited by: Alexandre Machado on Apr 7, 2016 1:42 AM
Jose Nilton Pace


Posts: 122
Registered: 5/15/98
Re: Delphi 2007 code that decrypts IW service params not working in Delphi DX?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 24, 2016 2:25 PM   in response to: Riaan Jutte in response to: Riaan Jutte
hi Riaan, try in Trans()
result := char(i);
to
result := AnsiChar(i);

Other tests are convert the String to AnsiString()

Maybe it Works.
Riaan Jutte

Posts: 3
Registered: 4/16/11
Re: Delphi 2007 code that decrypts IW service params not working in Delphi DX?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 31, 2016 2:47 AM   in response to: Jose Nilton Pace in response to: Jose Nilton Pace
Jose Nilton Pace wrote:
hi Riaan, try in Trans()
result := char(i);
to
result := AnsiChar(i);

Other tests are convert the String to AnsiString()

Maybe it Works.

Thanks, this unfortunately also hasn't resolved the issue. Please refer to my response to Daniel.
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02