Crypto-Js different output from mcrypt

Question

I have a js script which encrypts data which is 'Blader'. If I encrypt it it returns an output of

JS-SCRIPT RESULT

uqnOrevjCc2YCvY3uKNjzA==

Now, being this answer as a base for comparison, I wrote or rather say searched for a equivalent script in PHP similar to my JS script. What confuses me is that the logic is fine and correct but the answer is different. On my php script which is by the uses mcrypt, I have this result in

mcrypt RESULT

HzfWFNKcAmkO6zJEYjbG4Q==

If you notice, the length are the same which means that the logic/modification on the code I did was correct. Now As i have said before I copied the script over some posts here.

Here's the JS Script which i think uses the crypto-JS

function crypto_encrypt(text) {                                                                        //This is for JS
var keyBase64 = CryptoJS.enc.Base64.parse("ITU2NjNhI0tOc2FmZExOTQ==");
var iv = CryptoJS.enc.Base64.parse('AAAAAAAAAAAAAAAAAAAAAA==');

var encrypted = CryptoJS.AES.encrypt(CryptoJS.enc.Utf8.parse(text), keyBase64,
    {
        keySize: 128 / 8,
        iv: iv,
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
        //padding: CryptoJS.pad.ZeroPadding
    });

// Returns a Base64 encoded string.
return encrypted;
}

And here's the code I found in mcrypt/mycrypt

<?php
$encrypted = "Blader";
$iv        = "0000000000000000";   // iv_base64 from JS
$key       = hexdec("213536363361234b4e736166644c4e4d");  // key_base64 from JS
$plaintext = mcrypt_decrypt( MCRYPT_RIJNDAEL_128, $key, $encrypted, MCRYPT_MODE_CBC, $iv );
echo base64_encode($plaintext);
?>

Now the question is, I tried from UTF8_encode upto everything base64_encode and decode but still can't find what's wrong and I'm curios that is this attainable or not since I notice that the IV from JS-Script is different from the IV in mcryp(PHP) everything I tried to echo it. Any advice, comments and suggestion will be highly be thanked.

Peace out.

Answer 1

First, you have to use exactly the same key and IV in PHP as you do in CryptoJS, or it's just not going to work. Did you compare values of the key and IV? They don't match.

Second, you have to use the same padding on each side. Did you check how MCrypt pads? It uses zero-padding. Your two plaintexts are different , because padding is part of the plaintext.

Finally, don't you want to use mcrypt_ encrypt instead of mcrypt_decrypt here?

If you match the key and IV, and the padding, and encrypt in PHP, you'll get the same result (I've manually padded with \\x0a -- 10 -- to match your PKCS#7 padding):

$encrypted = "Blader\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a";
$iv = base64_decode('AAAAAAAAAAAAAAAAAAAAAA==');
$key = base64_decode('ITU2NjNhI0tOc2FmZExOTQ==');
$plaintext = mcrypt_encrypt( MCRYPT_RIJNDAEL_128, $key, $encrypted, MCRYPT_MODE_CBC, $iv );
echo base64_encode($plaintext);

uqnOrevjCc2YCvY3uKNjzA==