[Plugin] Ajax RSA

Hi,

(First, sorry for the spelling, I do not speak English fluently).

This is my first plugin Construct 2: Ajax RSA

The purpose of this plugin is to encrypt the data flowing between Ajax (encryption) and PHP (decryption).

Unfortunately, This plugin Does not Provide a foolproof method against hacks but tries to approach.

What is RSA ?

RSA is a cryptosystem (Public-key cryptography), also known as asymmetric cryptography, refers to a cryptographic algorithm which requires two separate keys, one of which is secret (or private) and one of which is public.

20 Oct. 2014: tested on Release 184

Guide page: http://www.payondev.fr/projet/ajaxrsa/index.html

Demonstration: http://www.payondev.fr/projet/ajaxrsa/demonstration/index.html

I hope this plugin will be useful for some "constructors".

Bonne journée.

Thank you so much for sharing your work with us. It is always nice to see so many always trying to help. Wonderful

Intel XDK (1199) / Construct2 (r174 beta) compiled with Crosswalk for Android tested (on Samsung Galaxy S4) as of 8/6/2014!

I must say Shakalu, this could be the best plugin for encryption for Construct2! Not to mention it's updated, and has a beautiful guide to go along with it... Just perfect. I was stuck doing a bunch of research in this part of my game (security) until I found this plugin! I even looked through Kyatric's huge list, but honestly most of those are dated now. Dug through tons of tutorials (new and old). Nothing was like this plugin! This was everything I needed.

This is a must-use for any serious C2 game developers trying to reach the mass audience (as for me, I'm trying to get onto Android devices via Google Play Market). It's hard to find quality C2 plugins that actually work when compiled through a wrapper...Anyway, can't go sending private data just in any old fashion if you're trying to hit 100k game members .

Thanks a ton Shakalu, you rock. Keep up the excellent work!

Hey, looks awesome will try it soon!

omg. yes. awesome.

Thanks a lot guys. I hope this is helpful in your projects.

Plugin updated and tested !

Works on release 184

Local test doesn't work due to an issue with the PHP Session. Project need to be uploaded to test.

Manual update (for older version than 20 Oct. 2014)

Need only remove 1 line in file Construct 2\exporters\html5\plugins\ajaxrsa\runtime.js

remove line 116 :

console.log(data_);[/code:3srh47ay]This line can cause a javascript crash with IE9 and older versions.

Download link remains the same : [url=http://www.payondev.fr/projet/ajaxrsa/index.html]http://www.payondev.fr/projet/ajaxrsa/index.html[/url]

It doesn't work on cocoonjs android, but on ios fine for me. Is this because like you said, the local test? I am using the older version before 20 October.

I'm very new to this stuff. If i'm sending multiple requests, do i need to first do a get token and wait for that to complete for each request i want to make or can i use the last data from the last request?

I'm not sure I understand. ^^

It is necessary to create a new token for each request.

If you want only one token for all your queries (not recommended but possible), just change the following lines in your PHP code:

// Remove current token (expired or not)
unset($_SESSION['token'][$k]);

$expiration = explode("_", $arr_data['token']); 
$delayToken = time() - $expiration[1];
[/code:rz8q533q]become...
[code:rz8q533q]
// Remove current token (expired or not)
//unset($_SESSION['token'][$k]);

//$expiration = explode("_", $arr_data['token']); 
$delayToken = 0;
[/code:rz8q533q]
Then you can do it :
[url=http://image.noelshack.com/fichiers/2014/46/1416137703-sans-titre-1.jpg][img="http://image.noelshack.com/fichiers/2014/46/1416137703-sans-titre-1.jpg"][/url]
However, the interest of the token becomes much less interesting

Thank you for this useful plugin! Shakalu

I have a question related with encryption methods. If our MySQL passwords are encrypted with other methods, this plugin works fine?

You are welcome.

If I understand your question : Yes, you can use this plugin to encrypt data which are already encrypted (sha-1, md5, etc...).

Ex:

MySQL Password = HelloWorld = 68e109f0f40ca72a15e05cc22786f8e6 (md5 encryption)

• With the Ajax-RSA plugin you call your URL :

http://www.domain.com/ajax.php?login=root&password=68e109f0f40ca72a15e05cc22786f8e6&token=abc132...[/code:1q4n1zvf]
[ul]
	[li]In the Chrome debug console you will see something like that :[/li]
[/ul][code:1q4n1zvf]http://www.domain.com/ajax.php?d=sdf56gs1dg65aze4fqsd5g13fq65zef1qs5d1g564...[/code:1q4n1zvf]
[ul]
	[li]In the PHP script, after decryption, you will get this :[/li]
[/ul][code:1q4n1zvf]$arr_data["login"] = root
$arr_data["password"] = 68e109f0f40ca72a15e05cc22786f8e6
$arr_data["token"] = abc132...[/code:1q4n1zvf]

I hope I have correctly answered your question. 
Hey that reminds me that I need to test with JSON data too...

Shakalu, looks like RSA.php is throwing a PHP Notice:

PHP Notice: Decryption error in /rsa/Crypt/RSA.php on line 2230

PHP Warning: array_search() expects parameter 2 to be array, null given in /rsa/ajax.php on line 64

It is online, so I'm not sure why it's throwing the errors. Any ideas?

Update: 5:29 PM CST.

I narrowed down the problem to this line

if( ($k = array_search($arr_data['token'], $_SESSION['token'])) !== FALSE )[/code:12trc521]

Specifically, $_SESSION['token'] does not hold a value. I couldn't find anywhere in any of the files where $_SESSION['token'] was assigned a value, thus the array_search wasn't matching anything. Also note, that array_search's second parameter must be the array, so it'd actually be array_search($_SESSION['token'], $arr_data['token']) for valid syntax. There is a value in $arr_data['token'], just none in $_SESSION['token'].

Shakalu Merci beaucoup! I've been thinking about how I was going to handle this when I came across this plugin. Very much appreciated.

Nice plugin, great work!

I must be the only one that has integrated this plugin and tested it thoroughly enough... I'm guessing nobody else found this error. I guess I'll try to debug it later.