I am trying to emulate a working CryptoAPI RC4 encrypt/decrypt routine in PHP. When doing so, I've run into a problem trying to recreate the CryptCreateHash +CryptHashData process. I'm trying to figure out how CryptoAPI orders/combines the raw data when calling CryptHashData multiple times.
I have tried to concatenate the two input values to the key in different ways as well as reverse the byte order, but I'm not sure how to emulate the exact steps that CryptHashData performs.
For example:
// I create the hash variable, then hash a binary string using CryptHashData and then hash a secret using CryptHashData again.
BYTE baKeyRandom[10] = {87,253, ...};
::CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hSaveHash);
::CryptHashData(hSaveHash, baKeyRandom, (DWORD)sizeof(baKeyRandom), 0);
::CryptHashData(hSaveHash, (LPBYTE)T2CW(pszSecret), (DWORD)_tcslen(pszSecret) * sizeof(WCHAR), 0);
Then in PHP I'm trying to do something similar
// server key secret
$secret = 'ABCDEF-G...';
// random byte string
$random = pack('c*', 87,253, ...);
// simple concat does not work to generate an MD5 key
$key = md5($random.$secret);
So the question is how to emulate this step and match the C++ CryptoApi MD5 hash key in php, I have been unable to decrypt using this key or match the php key against the C++ exported key