Search code examples
phpbitwise-operatorsxorbitwise-xor

Xor encryption in PHP

I'm new to Xor encryption, and I'm having some trouble with the following code:

function xor_this($string) {

// Let's define our key here
 $key = ('magic_key');

 // Our plaintext/ciphertext
 $text =$string;

 // Our output text
 $outText = '';

 // Iterate through each character
 for($i=0;$i<strlen($text);)
 {
     for($j=0;$j<strlen($key);$j++,$i++)
     {
         $outText .= $text{$i} ^ $key{$j};
         //echo 'i='.$i.', '.'j='.$j.', '.$outText{$i}.'<br />'; //for debugging
     }
 }  
 return $outText;
}

When I run this it works for normal strings, like 'dog' but it only partially works for strings containing numbers, like '12345'.

To demonstrate...

xor_this('dog') = 'UYV'

xor_this('123') = ''

It's also interesting to note that xor_this( xor_this('123') ) = '123', as I expect it to. I'm pretty sure the problem resides somewhere in my shaky understanding of bitwise operators, OR possibly the way PHP handles strings that contain numbers. I'm betting there's someone clever out there that knows exactly what's wrong here. Thanks.

EDIT #1: It's not truly 'encryption'. I guess obfuscation is the correct term, which is what I'm doing. I need to pass a code containing unimportant data from a user without them being able to easily tamper with it. They're completing a timed activity off-line and submitting their time to an online scoreboard via this code. The off-line activity will obfuscate their time (in milliseconds). I need to write a script to receive this code and turn it back into the string containing their time.

Solution

  • Despite all the wise suggestions, I solved this problem in a much simpler way:

    I changed the key! It turns out that by changing the key to something more like this:

    $key = 'ISINUS0478331006';

    ...it will generate an obfuscated output of printable characters.