The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

Datafeed in ASP.Net

swensorswensor Member
in Help edited March 2009
Hi All,

So I want to say I think FoxyCart is super sick, I'm working on integrating it into a proprietary CMS for my company. If all goes well we should have dozens of clients using the program in tandem with ours.

Anyways, I am having a hard time decrypting the datafeed xml. I am getting it fed, un-encoding it from URL escape characters, and then attempting to decrypt it. I am using md5 encryption, a random pass-phrase that I made up, and am coding in visual basic .NET.

Long story short, I am no where close. I am creating a decryptor using System.Security.Cryptography namespace. Does anyone have any obvious pointers for using this library? I can't find ANY simple explanations for using it. Most examples implement additional salt encryption, and have like 20 different settings for the algorithm. What class do I need to be using to decrypt md5? Whats the bit-size of the encryption? Whats the initialization vector? Etc.? ETc?

Sorry, I am a noob with encryption. I attempted to re-write the example algorithm at from php to, and can not seem to get it to work. Any help would be greatly appreciated. Thanks!!
  • brettbrett FoxyCart Team
    Hi swensor.
    Not sure if you meant to say something else, but the datafeed is encrypted with RC4, not MD5. MD5 is a one-way hashing algorithm. There's a lot of good info online about hashing and encryption so I won't get into it here, but google it and see if you can get a better handle on it. Encryption's a lot of fun, and hashing is something you'll want to have at least a basic handle on.

    Back to the question... RC4 is a super widely used encryption method. We'll be moving towards AES but that's a different discussion. I'm not familiar with any .NET RC4 implementations but here's the first one that shows up in Google for ".net rc4":

    Hopefully that helps a little.
  • Hey brett,

    Thanks for the pointer. Alright so I am getting close. I am getting the data, unencoding it and I can get some stuff resembling xml, but not the rest. Here is my code:

    string fd = "" + Request.Form["FoxyData"];
    bool real = true;
    if(fd.Length > 1)
    foxy_feed = Request.Form["FoxyData"];
    real = true;

    string foxy_feed2 = Server.UrlDecode(foxy_feed);
    dHex = "";

    string eHex = foxy_feed2;
    pwd = bin2hex(pwd);

    dHex = Decrypt(pwd, eHex, true); // Assuming the key is hexadecimal

    Response.Write("Original Data :<br/><br/> " + eHex +"<br/><br/>Decrypted data:<br/><br/>" + dHex);

    string qu = "insert into foxy_test values('" + foxy_feed + "',GETDATE(),'" + db(dHex) + "')";
    SqlConnection myConn = new SqlConnection(conn);
    SqlCommand myComm = new SqlCommand(qu,myConn);
    myComm.CommandTimeout = 300;
    SqlDataReader rs;
    catch(Exception ed)

    here is my eventual decryption output:

    <?xml ve
  • lukeluke FoxyCart Team
    I'm assuming "Decrypt" is your RC4 method?

    Someone else recently had some problems using Python and it related to Python's implementation of urldecode. These posts might shed some light:

    Is this required: pwd = bin2hex(pwd); ? We encrypt with the password as a text password... so that might be the problem there.
  • Hey,

    I think there may be some validity to the URL encoding concept. I think my data is being fed with weird encoding or I am using a weird decoder or something. Let me try this. My password is "12345" and I am receiving the data below (after decoding special HTML characters via this tool), can anyone tell me if you are able to decrypt THIS data set?

    The data I have been fed from Foxy Cart (its been sent thousands of times, its the same every time) after decoding:

  • lukeluke FoxyCart Team
    swensor, can you look into the details of my last post? If you're not sure what the Decode method does or the bin2hex method, you may want to look into a different process. We don't actually provide support for which is what it looks like you need. Do you have any other developers you could connect with our request help from?
  • Hey,

    My apologies for brevity before. Yes Decrypt is the RC4.Net library you linked to me, hosted on sourceforge. It seems to be pretty well supported. When I use it to encrypt/decrypt test strings the encrypted data looks much different than the data I am getting from Foxy Cart. As for bin2hex, RC4 can handle passwords in either binary or hex, the last argument in "Decrypt" indicates the format of the password. So you are saying I need the password to be in binary when going to decrypt?

    Anyways, I am unable to tell if the above block of code I sent is valid RC4 encrypted data. I think the data is getting incorrectly decoded or something. I looked into different methods for encoding URLs in .NET, but the different methods did not give me different results. I know you don't support .NET, is there any way you can tell if the above block is a valid data feed in rc4? (pass code is 12345). Thanks again for your help, sorry to bother.

  • brettbrett FoxyCart Team
    Hey Swensor.

    Let's perhaps try a different approach. Can you take a look at these two:

    Those are both in PHP, but I think the first step (which we do mention but you may not have seen) should be to recreate those two in .NET. Neither of those scripts are all that complicated, and they're both SUPER useful for testing datafeed things. So I think before we try troubleshooting anything else we should recreate those. (And by "we" I mean "you" ;)

    Once those are recreated in .NET you can point the FoxyCart datafeed to post to your write_to_file script. Because you're having issues with the decrypting I think it'd be worthwhile to modify things slightly so that you write to _two_ files; one that just dumps the encrypted data, and one that writes the (hopefully) decrypted data.

    I think that exercise, in and of itself, will likely yield the solution to your current problems.

    The other script is just _super_ handy for testing. Once you get your decrypted data you can then post it back to your integration scripts. That way you can test at will without having to run a new transaction in FoxyCart and wait for the datafeed to come through. But the write_to_file is the first step.

    That sound like a plan?
  • swensorswensor Member
    edited March 2009
    Hey All,

    Alright, I have found a solution. So I was doing the implementation correctly (as per my second or third post) with RC4. What I WAS NOT doing correctly was transforming the encoding. Since I am using .NET I am on Windows Platform, using Western European-windows encoding. Without converting the encoding at all, I was getting the output (from above):

    [code]<?xml ve
  • brettbrett FoxyCart Team
    Ah, good find. I think I'd go for UTF-8 / unicode if at all possible, since otherwise certain characters like
  • lukeluke FoxyCart Team
    Good stuff, swenson. Yea, we should have clarified that everything should be UTF-8.
  • brettbrett FoxyCart Team
    @swensor, we'd love to see your code in the wiki if you'd like to share. I just had somebody ask about .NET so I'm sure it'd come in handy.
  • I would love to see this code. Getting ready to write an order manager app in .NET. Reading the feed is my greatest worry at this point (noob with XML)
Sign In or Register to comment.