Deep Dive in RC4 (RC4 Source Code in C#)

RC4 (Rivest Cipher 4) was designed by Ron Rivest. It is remarkable for its speed and simplicity. It widely used in many applications and protocols. Though, there are multiple Vulnerability has been discovered in RC4. 

It is a stream cipher type. It encrypt/decrypt input data one by one. In this way, the encryption or decryption can be implemented on the length of the variable. This algorithm does not have to wait a certain amount of data input before it is processed or add extra bytes to encrypt.

RC4 encryption and decryption process mainly divided into 2 part:

Key-scheduling algorithm (KSA)

In key scheduling algorithm it generates random key is for 256 char called as s-box initialization where first, S [0], S [1], …, S [255], with the numbers 0 to 255. Key will be created in another array K [0], K [1], …, K [255] to create s-box;

Below is S-Box initialization process:

for i from 0 to 255
  S[i] := i

j := 0
for i from 0 to 255
  j := (j + S[i] + key[i mod keylength]) mod 256
  swap values of S[i] and

Pseudo-random generation algorithm:

It uses to encrypt/decrypt the data one by one, so each key byte S[i] algorithm swap it with another byte in S[j] then bitwise exclusive or XOR two binary bits

i := 0
j := 0
while GeneratingOutput:
  i := (i + 1) mod 256
  j := (j + S[i]) mod 256
  swap values of S[i] and S[j]
  K := S[(S[i] + S[j]) mod 256]
  output keybyte ^ K

For more details refer RC4 article on wiki

Below is RC4 source code IN C#:

using System;
using System.Linq;
using System.Text;

namespace RC4
    class Program
        static void Main()
            Console.WriteLine(" RC4 Algorithm - Encryption and Decryption      |");

            Console.WriteLine("Enter Key for Password:");
            var passwordKey = Console.ReadLine();

            Console.WriteLine("Enter Message to Encrypt:");
            var plainText = Console.ReadLine();

            if (string.IsNullOrEmpty(passwordKey) || string.IsNullOrEmpty(plainText))

            var asciiKeyBytes = Encoding.ASCII.GetBytes(passwordKey);
            var sBox = Enumerable.Range(0, 256).ToArray();

            //Generate sBox
            var j = 0;
            for (var i = 0; i < 256; i++)
                j = (j + sBox[i] + asciiKeyBytes[i % asciiKeyBytes.Length]) % 256;
                sBox[j] = sBox[i];
                sBox[i] = j;

            var encryptBytes = PseudoRandomRc4(sBox, Encoding.ASCII.GetBytes(plainText));
            Console.WriteLine("RC4 Encrypted Text: {0}", Encoding.ASCII.GetString(encryptBytes));
            var decryptedString = PseudoRandomRc4(sBox, encryptBytes);
            Console.WriteLine("RC4 Decrypted Text: {0}", Encoding.ASCII.GetString(decryptedString));

        static byte[] PseudoRandomRc4(int[] sBox, byte[] messageBytes)
            var i = 0;
            var j = 0;
            var cnt = 0;
            var tempBox = new int[sBox.Length];
            var result = new byte[messageBytes.Length];

            Array.Copy(sBox, tempBox, tempBox.Length);

            foreach (var textByte in messageBytes)
                i = (i + 1) % 256;
                j = (j + tempBox[i]) % 256;
                var temp = tempBox[i];
                tempBox[i] = tempBox[j];
                tempBox[j] = temp;
                var t = (tempBox[i] + tempBox[j]) % 256;
                var k = tempBox[t];

                var ss = textByte ^ k;
                result[cnt] = (byte)ss;
            return result;

Output of above RC4 Source Code C#

Output of RC4 source code

Disclaimer: RC4 Code written above is only for Educational Purposes;

Leave a Reply

Your email address will not be published. Required fields are marked *