User avatar
johan
GpsGate
Posts: 14733
Joined: Wed Aug 04, 2004 10:40 pm
Location: Sweden
Contact: Website

GUIDE: Password algorithm for GpsGate.com client

Sun Jul 08, 2007 9:23 pm

Password algorithm for GpsGate.com client

Password sent over UDP, TCP/IP or HTTP to GpsGate.com, GpsGate Server or your own custom server are encrypted with the following algorithm. Running the algorithm on an encrypted password will decrypt it to clear text again.

The intention of the algorithm is only to avoid having passwords in cleartext displayed in logs, etc.

In C#, for other languages, you need to port the algorithm

Code: Select all

private string m_InvertString(string strToInvert)
{
    StringBuilder builder = null;

    if (strToInvert != null)
    {
        builder = new StringBuilder();

        int iLength = strToInvert.Length;

        for (int iIndex = iLength - 1; iIndex >= 0; iIndex--)
        {
            char c = strToInvert[iIndex];

            if (c >= '0' && c <= '9')
            {
                builder.Append((char)(9 - (c - '0') + '0'));
            }
            else if (c >= 'a' && c <= 'z')
            {
                builder.Append((char)(('z' - 'a') - (c - 'a') + 'A'));
            }
            else if (c >= 'A' && c <= 'Z')
            {
                builder.Append((char)(('Z' - 'A') - (c - 'A') + 'a'));
            }
        }
    }

    return builder != null ? builder.ToString() : null;
}

Regards,
Johan

Franson Support

foxdie
Posts: 16
Joined: Fri Jul 27, 2007 1:38 pm
Location: United Kingdom
Contact: Website

RE: GUIDE: Password algorithm for GpsGate.com client

Wed Sep 12, 2007 7:20 pm

This is the same function ported to PHP with a quick example:

Code: Select all

<?php

$password="VGZtHKt";

function invertString($str) {
	for ($i=strlen($str) - 1; $i >= 0; $i--) {
		$char = substr($str, $i, 1);
		if (preg_match("/[0-9]/", $char) > 0) {
			$newStr = $newStr . chr(9-(ord($char) - ord("0")) + ord("0"));
		}
		else if (preg_match("/[a-z]/", $char) > 0) {
			$newStr = $newStr . chr((ord("z") - ord("a")) - (ord($char) - ord("a")) + ord("A"));
		}
		else if (preg_match("/[A-Z]/", $char) > 0) {
			$newStr = $newStr . chr((ord("Z") - ord("A")) - (ord($char) - ord("A")) + ord("a"));
		}
	}
	return $newStr;
}

echo invertString($password);
	
?>
The above would print "GpsGate" on a web page, hope this helps!

Jason "Foxdie" Gaunt

foxdie
Posts: 16
Joined: Fri Jul 27, 2007 1:38 pm
Location: United Kingdom
Contact: Website

RE: GUIDE: Password algorithm for GpsGate.com client

Thu Sep 13, 2007 2:06 pm

And the same code ported to JavaScript (only works in JavaScript ver 1.2 and later, IE5 / Firefox / Safari all seem to support it) with a working example.

Code: Select all

<html>
<head>
<SCRIPT LANGUAGE="JavaScript1.2">

var charArray = new Array(
	'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', ':', ';',
	'<', '=', '>', '?', '@', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I',
	'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W',
	'X', 'Y', 'Z', '[', '\\', ']', '^', '_', '`', 'a', 'b', 'c', 'd', 'e',
	'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's',
	't', 'u', 'v', 'w', 'x', 'y', 'z', '{', '|', '}', '~');

function chr(n)
{
	if(n < 32 || n > 127) return " ";
	return charArray[n-48];
}

function ord(c)
{
	var i;
	for(i=0; i < charArray.length; i++) {
		if(c == charArray[i]) return i+48;
	}
	return 0;
}

function invertString(str) {
	var newStr = "";

	for (var i=str.length; i >= 0; i--) {
		var newChar = str.substring(i, i+1);
		if (newChar.match("[0-9]")) {
			newStr += chr(9-(ord(newChar) - ord("0")) + ord("0"));
		}
		else if (newChar.match("[a-z]")) {
			newStr += chr((ord("z") - ord("a")) - (ord(newChar) - ord("a")) + ord("A"));
		}
		else if (newChar.match("[A-Z]")) {
			newStr += chr((ord("Z") - ord("A")) - (ord(newChar) - ord("A")) + ord("a"));
		}
	}
	
	return newStr;
}

function update() {
  document.invertForm.outputbox.value = invertString(document.invertForm.inputbox.value);
}

</SCRIPT>
</head>
<body>
<form name="invertForm"><input type="text" name="inputbox" value="Enter some data here" onClick="this.value='';" onChange="update();"> Input<br>
<input type="text" name="outputbox"> Output</form>
</body>
</html>
It's a little long and I'm sure it could be cleaned up somewhat but it works, feel free to make a better version and post it here :)



Jason "Foxdie" Gaunt

apetrescu
Posts: 9
Joined: Wed Sep 26, 2007 1:06 am

RE: GUIDE: Password algorithm for GpsGate.com client

Tue Oct 02, 2007 1:53 pm

Can anyone seeing my traffic decrypt the password? Can anyone see my username/latitude/longitude by looking at http traffic, not even needing to decrypt?

Wouldn't it be better to simply encrypt all traffic (des is fast, maybe aes) with the gpsgate.com password?

User avatar
johan
GpsGate
Posts: 14733
Joined: Wed Aug 04, 2004 10:40 pm
Location: Sweden
Contact: Website

RE: GUIDE: Password algorithm for GpsGate.com client

Tue Oct 02, 2007 2:12 pm

The purpose of the "encryption" is not to make it impossible to read the password, it is just that to avoid it being written in plain text in logs etc.

If you want to encrypt all http traffic you can configure your web to use https. You can do this on your own Gpsgate Server installation. GpsGate.com does currently not support https.

Regards,
Johan

Franson Support

jpalten
Posts: 2
Joined: Thu Nov 29, 2007 12:53 pm

RE: GUIDE: Password algorithm for GpsGate.com client

Wed May 04, 2011 12:45 pm

This algorithm drops all non-alphanum characters, is that intentional?
It makes the algorithm non-reversible.

example: "test#!#!#password" will be encrypted as "WILDHHZKGHVG" and decrypted into "testpassword"

I know the user can only use alphanum characters when registering, but now you're stuck with this constraint for ever...
I'd add the following lines to the algorithm to make sure the algorithm is reversable:

Code: Select all

            else
            {
                builder.Append(c);
            }

Return to “GpsGate for Developers”