Code to generate the user password hash in Oracle 10G with C #?

4

I need to authenticate users in a WEB application in the Oracle 10g database, but the credentials are native to the database for running an Oracle Forms application, and we would like to keep the same password on both systems (Single Sign-On ).

For this I need to encrypt via C #, the password that the user inserts into the WEB form to be able to authenticate (validation if the generated HASH is equal to the saved in the bank!).

I found this code in PHP, but even tried to convert more without success, since PHP is not my strong:

<?php
function oracle($un, $pw)
{
    $pt  = strtoupper($un . $pw);
    $pt .= str_repeat("
<?php
function oracle($un, $pw)
{
    $pt  = strtoupper($un . $pw);
    $pt .= str_repeat("%pre%", 3 - ((strlen($pt) - 1) & 3));
    $end = strlen($pt);
    $pt .= $pt;
    for ($a = 0; $a < $end; $a++)
    {
        $pt[2 * $a] = "%pre%";
        $pt[2 * $a + 1] = $pt[$a + $end];
    }
    $ct = mcrypt_encrypt(MCRYPT_DES, hex2bin('0123456789ABCDEF'), $pt, 'cbc', "%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%");
    $ct = mcrypt_encrypt(MCRYPT_DES, substr($ct, -8), $pt, 'cbc', "%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%");
    return bin2hex(substr($ct, -8));
}
?>
", 3 - ((strlen($pt) - 1) & 3)); $end = strlen($pt); $pt .= $pt; for ($a = 0; $a < $end; $a++) { $pt[2 * $a] = "%pre%"; $pt[2 * $a + 1] = $pt[$a + $end]; } $ct = mcrypt_encrypt(MCRYPT_DES, hex2bin('0123456789ABCDEF'), $pt, 'cbc', "%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"); $ct = mcrypt_encrypt(MCRYPT_DES, substr($ct, -8), $pt, 'cbc', "%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"); return bin2hex(substr($ct, -8)); } ?>

And it really works because I tested it with the following data:

User: route

Password: test

Hash Generated: 89574FB579B04A40 (same as in the database)

If anyone can help me thank you!

    
asked by anonymous 05.12.2017 / 04:58

1 answer

1

Follow the converted PHP code for C #.

    public static string HashOracle(string usuario, string senha)
    {
        senha = (usuario + senha).ToUpper();
        senha = senha + "".PadLeft(3 - ((senha.Length - 1) & 3), '
    public static string HashOracle(string usuario, string senha)
    {
        senha = (usuario + senha).ToUpper();
        senha = senha + "".PadLeft(3 - ((senha.Length - 1) & 3), '%pre%');
        var len = senha.Length;
        var array = (senha + senha).ToCharArray();
        for (int i = 0; i < len; i++)
        {
            array[i * 2] = '%pre%';
            array[i * 2 + 1] = array[i + len];
        }

        senha = new string(array);
        string hash = Crypt(senha, "0123456789ABCDEF", "0000000000000000");
        hash = Crypt(senha, hash.Substring(hash.Length - 16), "0000000000000000");
        hash = hash.Substring(hash.Length - 16);
        return hash.ToUpper();
    }

    public static string Crypt(string text, string hexKey, string hexIV)
    {
        byte[] key = Hex2bin(hexKey);
        byte[] iv = Hex2bin(hexIV);
        System.Security.Cryptography.DES algorithm = System.Security.Cryptography.DES.Create();
        algorithm.Mode = System.Security.Cryptography.CipherMode.CBC;
        algorithm.Padding = System.Security.Cryptography.PaddingMode.None;
        System.Security.Cryptography.ICryptoTransform transform = algorithm.CreateEncryptor(key, iv);
        byte[] inputbuffer = Encoding.UTF8.GetBytes(text);
        byte[] outputBuffer = transform.TransformFinalBlock(inputbuffer, 0, inputbuffer.Length);
        return Bin2hex(outputBuffer);
    }

    public static byte[] Hex2bin(string hex)
    {
        return Enumerable.Range(0, hex.Length)
                         .Where(x => x % 2 == 0)
                         .Select(x => Convert.ToByte(hex.Substring(x, 2), 16))
                         .ToArray();
    }

    public static string Bin2hex(byte[] ba)
    {
        StringBuilder hex = new StringBuilder(ba.Length * 2);
        foreach (byte b in ba)
            hex.AppendFormat("{0:x2}", b);
        return hex.ToString();
    }
'); var len = senha.Length; var array = (senha + senha).ToCharArray(); for (int i = 0; i < len; i++) { array[i * 2] = '%pre%'; array[i * 2 + 1] = array[i + len]; } senha = new string(array); string hash = Crypt(senha, "0123456789ABCDEF", "0000000000000000"); hash = Crypt(senha, hash.Substring(hash.Length - 16), "0000000000000000"); hash = hash.Substring(hash.Length - 16); return hash.ToUpper(); } public static string Crypt(string text, string hexKey, string hexIV) { byte[] key = Hex2bin(hexKey); byte[] iv = Hex2bin(hexIV); System.Security.Cryptography.DES algorithm = System.Security.Cryptography.DES.Create(); algorithm.Mode = System.Security.Cryptography.CipherMode.CBC; algorithm.Padding = System.Security.Cryptography.PaddingMode.None; System.Security.Cryptography.ICryptoTransform transform = algorithm.CreateEncryptor(key, iv); byte[] inputbuffer = Encoding.UTF8.GetBytes(text); byte[] outputBuffer = transform.TransformFinalBlock(inputbuffer, 0, inputbuffer.Length); return Bin2hex(outputBuffer); } public static byte[] Hex2bin(string hex) { return Enumerable.Range(0, hex.Length) .Where(x => x % 2 == 0) .Select(x => Convert.ToByte(hex.Substring(x, 2), 16)) .ToArray(); } public static string Bin2hex(byte[] ba) { StringBuilder hex = new StringBuilder(ba.Length * 2); foreach (byte b in ba) hex.AppendFormat("{0:x2}", b); return hex.ToString(); }

Comments:

I used the UTF8 encoding but it may be necessary to check which encoding Oracle uses in passwords (passwords with accents may be problematic. In the code I sent previously to you, I used ASCII).

    
08.12.2017 / 13:59