The Arcive of Official vBulletin Modifications Site.

PMCrypt - Private Message Encryption · **Released**: 02-20-2007

Keywords: Private, Message, PM, Encrypt, Encode, Security

Description:
Encrypts Private Messages within the MySQL database. Allows for on-the-fly decryption without the need for a shared key.

Details:
This hack will encrypt sent messages within your MySQL database. No longer will they be viewable in plaintext, thus affording your members a little more security with their private correspondance.

Please be aware that this is not a total security solution. This was devised with simplicity as well as security in mind -- such as that the encryption method used is NOT to be assumed "unbreakable" by any stretch of the imagination.

The messages are encrypted using a method developed and credited to AITOR SOLOZABAL MERIN by where text is encrypted/decrypted using a simple but powerful XOR method without a known key. Implicitly, the key is defined by the string itself in a character by character way. There are 4 items to compose the unknown key for the character in the algorithim:

The ascii code of every character of the string itself
The position in the string of the character to encrypt
The length of the string that include the character
Any special formula added by the programmer to the algorithm to calculate the key to use

This product does not explicitly rely on any vBulletin functions, thus there should not be any problems with future upgrades, etc.

This product was developed by request of FGENETICS and DOOGIE88.

Installation:
1. Download and import the product-pmcrypt1.1.0.xml file via the Product Manager.

2. Enable the product via the AdminCP (vBulletin Options > Private Message Encryption)

3. ???

4. Profit

Version History:
v1.0.0 - Initial Release
v1.0.1 - Fixed bug when replying to an encrypted message.
v1.1.0 - Fixed issue with reply and preview. Encapsulated encryption within base64_encode(); for storage. Smilies no longer run risk of breaking encryption.

* Once enabled, all PM's sent thereafter will be encrypted. This means that should you choose to disable and/or uninstall the product, said PM's will remain encrypted -- rendering them unreadable.

* Please note that this modification was developed on a forum with a userbase of 1 (myself). I've tested it for basic functionality but I cannot guarantee functionality or behavior on your forum. So, please -- make backups before installing this product!

magnus · #12 02-22-2007, 12:36 AM

Ok, updated. Fixed the reply bug, however I did run into an issue with smilies during replies. You may want to check the "disable smilies" when replying for the time being, I'll devise a fix for that tomorrow.

doogie88 · #13 02-22-2007, 12:48 AM

What do I need to do to upgrade it? Uninstall it and re-install?

magnus · #14 02-22-2007, 01:35 AM

You can just install the new version over the old one, just select "Allow Overwrite" on the Product Import page.

doogie88 · #15 02-22-2007, 02:40 AM

Very buggy, having a lot of problems with it.
Most messages aren't being decrypted.

magnus · #16 02-22-2007, 10:13 AM

If you encrypted messages with 1.0, uninstalled, then installed 1.1 -- that would happen. By uninstalling you remove the added 'encrypt' row to the 'pmtext' table. When you re-install, the 'encrypt' row is added but without the correct integer for the previously encrypted messages. So when viewing those earlier encrypted messages, the decryption engine doesn't know to decrypt them.

I've installed, upgraded, uninstalled, reinstalled, reupgraded, etc.. about a dozen times, and each time the encryption/decryption works fine. The only problem, that I'm aware of currently, is occasionally the encryption text will contain a smiley bbcode (ie.

), thus preventing the message from being DEcrypted.

So, until that bug is fixed I would recommend checking "Disable smilies" when sending PM's. Also, keep in mind that this is still Beta, as noted in the original post.

Once I get into my office this morning, I'll go through the code. It was late last night, so God knows.

doogie88 · #17 02-22-2007, 01:22 PM

Hello
I tested a brand new message with the new version and it didn't encrypt, maybe it had to do with smilies though.

Snake · #18 02-22-2007, 02:14 PM

Oh my god! This is a great hack!

magnus · #19 02-22-2007, 04:02 PM

Ok, I've found the problem. I'm removing this for download until I upload the new version -- which should be in the next 20 minutes or so.

I would suggest deleting any encrypted PM's you've sent, as the new version will be unable to read them. I've had to wrap the encryption with base64_encode(); to allow for smoother storage within the SQL db.

OpikGer · #20 02-22-2007, 04:12 PM

hm, perhaps I'm too stupid, but if the boardsoft can decrypt the pm for the user - why
can't someone who has access to the db decrypt it?

magnus · #21 02-22-2007, 04:26 PM

Quote:

Originally Posted by OpikGer

hm, perhaps I'm too stupid, but if the boardsoft can decrypt the pm for the user - why
can't someone who has access to the db decrypt it?

As stated in the original post:

Quote:

Please be aware that this is not a total security solution. This was devised with simplicity as well as security in mind -- such as that the encryption method used is NOT to be assumed "unbreakable" by any stretch of the imagination.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.07796 seconds Memory Usage 2,307KB Queries Executed 25 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (11)post_thanks_box (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (11)post_thanks_postbit_info (10)postbit (11)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!