dcsimg
Results 1 to 10 of 10
  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    Oct 2008
    Posts
    958

    I wonder if there's an easy way to hash?

    I remember reading that CryptGenRandom (which requires a handle to a Cryptographic Provider to be used) is actually just a shortcut to RtlGenRandom (which does not require any Cryptographic Provider handle). I'm wondering if there are similar shortcuts to the hashing functions. For example I would like to hash some data with SHA256, but currently I have a lot of code surrounding the actual function to hash the data. This means first setting up the hash with a call to CryptCreateHash (which requires a Cryptographic Provider handle to use), followed by CryptHashData, and then CryptGetHashParam. I'm wondering, is there any alternative to these? In particular, is there something like an undocumented (but discovered by reverse engineers) alternative to CryptCreateHash, one which doesn't require a Cryptographic Provider handle?

  2. #2
    PowerPoster
    Join Date
    Feb 2002
    Location
    Canada, Toronto
    Posts
    5,783

    Re: I wonder if there's an easy way to hash?

    You can find a class for SHA256 in the attachment of this thread: http://www.vbforums.com/showthread.p...HA1-and-SHA256

  3. #3

    Thread Starter
    Fanatic Member
    Join Date
    Oct 2008
    Posts
    958

    Re: I wonder if there's an easy way to hash?

    Quote Originally Posted by CVMichael View Post
    You can find a class for SHA256 in the attachment of this thread: http://www.vbforums.com/showthread.p...HA1-and-SHA256
    I'm looking for a hidden Windows API function (possibly one which can only be accessed by ordinal) which allows the calculation of an SHA256 hash.

  4. #4
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    5,284

    Re: I wonder if there's an easy way to hash?

    If for some reason you do not want someone see the .net function you are using to hash then you can hash in a C++ dll and import the dll, you'll be somewhat like calling a windows API.
    Or you can get a free C++ library and import that. I found this one with a quick search: https://www.cryptopp.com/
    Slow as hell.

  5. #5
    Hyperactive Member 2kaud's Avatar
    Join Date
    May 2014
    Location
    England
    Posts
    505

    Re: I wonder if there's an easy way to hash?

    Quote Originally Posted by Ben321 View Post
    I'm looking for a hidden Windows API function (possibly one which can only be accessed by ordinal) which allows the calculation of an SHA256 hash.
    If an unofficial exported api is found in a Microsoft .dll then I would advise against its use as it is almost certainly not a Microsoft supported function and may change/be deleted at any-time in the future and hence cannot be relied upon.
    All advice is offered in good faith only. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/

    C++17 Compiler: Microsoft VS2017 (15.7.4)

  6. #6

    Thread Starter
    Fanatic Member
    Join Date
    Oct 2008
    Posts
    958

    Re: I wonder if there's an easy way to hash?

    Quote Originally Posted by 2kaud View Post
    If an unofficial exported api is found in a Microsoft .dll then I would advise against its use as it is almost certainly not a Microsoft supported function and may change/be deleted at any-time in the future and hence cannot be relied upon.

    When I use the official crypto API functions in Windows, I have to use CreateHash and other related functions, but those all require I previously got a handle to a cryptographic provider. Imagine being able to skip that step, and instead go directly to CreateHash. I've had some people test out my programs before and the one program that depended on hashing failed to work (worked on my computer, but not theirs), and eventually I figured out that they weren't even getting a handle to a cryptographic context. So I had them start the program with Run As Administrator, but they told me it was still failing. This tells me that the function CryptAcquireContext does not work on everybody's PC. If I'm going to release software (especially if I start doing my own professional work and eventually sell my software) I need to make sure my software will run on everybody's computer. So as far as I'm concerned, any function that depends on CryptAcquireContext being called first, is a function that I won't use. But if there's some way to avoid the need to first get a handle to a crypto context, and instead directly perform the desired action, this would be nice.

    In particulare, it would be great to be able to create an SHA2-512 hash or SHA2-256 hash, without having to first call CryptAcquireContext. It would be great if the function CreateHash (that depends on a crypto context) actually internally was calling another function that did NOT depend on a handle to a crypto context. There must be some function internally that is the core function for performing the SHA2-512 hash calculation. If I'm lucky, this will be maybe an undocumented function which can be imported via its ordinal, even if it doesn't have an exported function name.

    I already know of a similar function that allows me to skip the step of first calling CryptAcquireContext, when it comes to just generating random numbers. It actually has the exported function name SystemFunction036 (usually programs calling it though rename it to RtlGenRandom via aliasing), and this mysterious SystemFunction name completely hides its true functionality. You see, it performs the same action as CryptGenRandom (a function that DOES require a handle to a crypto context). I'm hoping maybe there are some other undocumented crypto functions in Windows that allow me to avoid the use of CryptAcquireContext, particularly for useful things like creating an SHA2-512 hash.
    Last edited by Ben321; Jan 26th, 2018 at 01:23 AM.

  7. #7
    Frenzied Member
    Join Date
    May 2014
    Location
    Central Europe
    Posts
    1,259

    Re: I wonder if there's an easy way to hash?

    I'd say your perception is distorted. If you want your program to run as many Windows Version as possible, using undocumented apis is NOT the right way. using undocumented apis may make your program fail on some installations, fail suddenly from one day to the other after updates had been installed or fail on newer Versions of Windows.
    Using only the documented apis will save you from most of These issues.
    Using no api at all (like using 3rd Party classes that do the hashing without Windows api as posted by some) will save you from all the above (but may create some other issues, like with all 3rd Party pieces).

    I guess your call to CryptAcquireContext failed because you requested a Service Provider that was not installed on the target machine.
    Here a snipet of code of mine:
    Code:
    'installed Providers can be found at:
    'HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider
    Private Const MS_DEF_PROV As String = _
                        "Microsoft Base Cryptographic Provider v1.0"
    Private Const MS_ENHANCED_PROV As String = _
                        "Microsoft Enhanced Cryptographic Provider v1.0"
    Private Const MS_ENH_RSA_AES_PROV_PT As String = _
                        "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" 'XP
    Private Const MS_ENH_RSA_AES_PROV As String = _
                        "Microsoft Enhanced RSA and AES Cryptographic Provider" 'Vista+?
    
    
        'Provider Kontext anfordern:
        If CryptAcquireContext(hCryptProv, vbNullString, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT) <> 0 Then
            'Enhanced RSA and AES Provider vorhanden
            sProviderName = MS_ENH_RSA_AES_PROV
        ElseIf CryptAcquireContext(hCryptProv, vbNullString, MS_ENH_RSA_AES_PROV_PT, PROV_RSA_AES, CRYPT_VERIFYCONTEXT) <> 0 Then
            'Enhanced RSA and AES Provider Prototype vorhanden
            sProviderName = MS_ENH_RSA_AES_PROV_PT
        ElseIf CryptAcquireContext(hCryptProv, vbNullString, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) <> 0 Then
            'Enhanced Provider vorhanden
            sProviderName = MS_ENHANCED_PROV
        ElseIf CryptAcquireContext(hCryptProv, vbNullString, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) <> 0 Then
            'Base Provider vorhanden
            sProviderName = MS_DEF_PROV
        Else
            'auch kein Base Provider->fail
            Err.Raise Err.LastDllError, , "CryptAcquireContext Error"
        End If
    So, you should try the better Providers first that will be available on newer Versions of Windows and fall back to the base Provider if you cannot get hold of any better ones. But be Aware that the base Provider will not have all the Features that the newer ones have. i recall AES, RSA and maybe the better hashing functions being not available with the base Provider.

  8. #8
    Hyperactive Member 2kaud's Avatar
    Join Date
    May 2014
    Location
    England
    Posts
    505

    Re: I wonder if there's an easy way to hash?

    Note that the function CryptAcquireContext() is now depreciated and may be removed from future Windows releases. See https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx for more info about the replacement.
    All advice is offered in good faith only. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/

    C++17 Compiler: Microsoft VS2017 (15.7.4)

  9. #9
    PowerPoster
    Join Date
    Feb 2002
    Location
    Canada, Toronto
    Posts
    5,783

    Re: I wonder if there's an easy way to hash?

    What's wrong with using the class in the link I posted in post #2 ? it does not use any APIs...

  10. #10

    Thread Starter
    Fanatic Member
    Join Date
    Oct 2008
    Posts
    958

    Re: I wonder if there's an easy way to hash?

    Quote Originally Posted by CVMichael View Post
    What's wrong with using the class in the link I posted in post #2 ? it does not use any APIs...
    That was for SHA2-256. What about SHA2-512? An easy to use crypto DLL with all StdCall functions would go a long way to making it easy to implement crypto functionality in VB6. To be easy to use, it wouldn't require handles to crypto objects or any other stuff. It would simply perform the specified operation. For example, if there was a DLL with the functions AES_Encrypt, AES_Decrypt, RSA_GenKeypair, RSA_Encrypt, RSA_Decrypt, RSA_Sign, RSA_Validate, MD5_Calculate, SHA1_Calculate, SHA256_Calculate, SHA512_Calculate, and those functions could easily be added to my program with a few Declare statements then that would go a LONG WAY toward making cryptography easy to use in VB6. For example, the hash calculate functions would automatically keep everything they need to use in memory allocations internal, and not expect me to keep handles or pointers to its internal objects. I'd just give it a byte array pointer and the number of bytes, and it would return the hash for that data. That would make crypto so MUCH easier to use in VB6 than anything that Microsoft has ever given us.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width


×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.