这个 JS 加密器代码的 PHP 等价物是什么?
What is the PHP equivalent of this JS encrypter code?
我正在尝试使用 cURL 登录 Steam(不是通过 API,因为它非常有限),但是我在加密密码时卡住了。
登录过程基本上是将用户名发布到 https://store.steampowered.com/login/getrsakey
响应如下所示:
{"success":true,"publickey_mod":"D1CBFEDCE654EB68423E9ED9446622DE7F69A0E02523FD04B0650D79074C802A72ACC5D4BEB0AB709886B5A8B7A2813AF1B4C4A03F5C4439221F189B7039DFBEA2558F59B5B00CC53F4578668EF66C2457A90C7A54C518831CC45EA1AC84269C47E1B93A4AAF263429D789DB17FF149DFDEE7270386EDD5BC53B84A78F9AEAA67B8F137EDEC36ED81ED52EB1DD33EEC4EC01675DC044ED974E95A5054E1A33F163411E2F54063534EAE7B12D4607959AB77F36FCFAA299E81E05FABE911A019A13399413593F47A30821DC63A8B11CF40392139E1FE9DE94BD2344586424ABA4A8F1499F1DBC6F8DD2C8DF12A554F891C5D038388017E45A725A54ED1E43211B","publickey_exp":"010001","timestamp":"104490300000","token_gid":"3b54a605fa590d2"}
然后使用此响应,javascript 代码加密密码。
我尝试使用 openssl 和 phpseclib,但没有成功。 Openssl 不接受我的密钥和 phpseclib 我不确定是什么问题。
但是我设法找到了处理这个过程的 JS 代码:
var pubKey = RSA.getPublicKey( results.publickey_mod, results.publickey_exp );
var username = this.m_strUsernameCanonical;
var password = form.elements['password'].value;
password = password.replace( /[^\x00-\x7F]/g, '' ); // remove non-standard-ASCII characters
var encryptedPassword = RSA.encrypt( password, pubKey );
完整代码:https://steamstore-a.akamaihd.net/public/shared/javascript/login.js
所以我的最后一个问题是:如何以最简单的方式在 PHP 中做到这一点?
使用 phpseclib v1.0,
<?php
include('Crypt/RSA.php');
$username = 'user';
$password = 'pass';
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/getrsakey/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'donotcache' => time(),
'username' => $username
));
$result = json_decode(curl_exec($ch));
$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa->loadKey(array(
'n' => new Math_BigInteger($result->publickey_mod, 16),
'e' => new Math_BigInteger($result->publickey_exp, 16)
));
$password = base64_encode($rsa->encrypt($password));
curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/dologin/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'donotcache' => time(),
'password' => $password,
'username' => $username,
'twofactorcode' => '',
'emailauth' => '',
'loginfriendlyname' => '',
'captchagid' => -1,
'captcha_text' => '',
'emailsteamid' => '',
'rsatimestamp' => $result->timestamp,
'remember_login' => false
));
$result = json_decode(curl_exec($ch));
var_dump($result);
我正在尝试使用 cURL 登录 Steam(不是通过 API,因为它非常有限),但是我在加密密码时卡住了。
登录过程基本上是将用户名发布到 https://store.steampowered.com/login/getrsakey
响应如下所示:
{"success":true,"publickey_mod":"D1CBFEDCE654EB68423E9ED9446622DE7F69A0E02523FD04B0650D79074C802A72ACC5D4BEB0AB709886B5A8B7A2813AF1B4C4A03F5C4439221F189B7039DFBEA2558F59B5B00CC53F4578668EF66C2457A90C7A54C518831CC45EA1AC84269C47E1B93A4AAF263429D789DB17FF149DFDEE7270386EDD5BC53B84A78F9AEAA67B8F137EDEC36ED81ED52EB1DD33EEC4EC01675DC044ED974E95A5054E1A33F163411E2F54063534EAE7B12D4607959AB77F36FCFAA299E81E05FABE911A019A13399413593F47A30821DC63A8B11CF40392139E1FE9DE94BD2344586424ABA4A8F1499F1DBC6F8DD2C8DF12A554F891C5D038388017E45A725A54ED1E43211B","publickey_exp":"010001","timestamp":"104490300000","token_gid":"3b54a605fa590d2"}
然后使用此响应,javascript 代码加密密码。
我尝试使用 openssl 和 phpseclib,但没有成功。 Openssl 不接受我的密钥和 phpseclib 我不确定是什么问题。
但是我设法找到了处理这个过程的 JS 代码:
var pubKey = RSA.getPublicKey( results.publickey_mod, results.publickey_exp );
var username = this.m_strUsernameCanonical;
var password = form.elements['password'].value;
password = password.replace( /[^\x00-\x7F]/g, '' ); // remove non-standard-ASCII characters
var encryptedPassword = RSA.encrypt( password, pubKey );
完整代码:https://steamstore-a.akamaihd.net/public/shared/javascript/login.js
所以我的最后一个问题是:如何以最简单的方式在 PHP 中做到这一点?
使用 phpseclib v1.0,
<?php
include('Crypt/RSA.php');
$username = 'user';
$password = 'pass';
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/getrsakey/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'donotcache' => time(),
'username' => $username
));
$result = json_decode(curl_exec($ch));
$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa->loadKey(array(
'n' => new Math_BigInteger($result->publickey_mod, 16),
'e' => new Math_BigInteger($result->publickey_exp, 16)
));
$password = base64_encode($rsa->encrypt($password));
curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/dologin/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'donotcache' => time(),
'password' => $password,
'username' => $username,
'twofactorcode' => '',
'emailauth' => '',
'loginfriendlyname' => '',
'captchagid' => -1,
'captcha_text' => '',
'emailsteamid' => '',
'rsatimestamp' => $result->timestamp,
'remember_login' => false
));
$result = json_decode(curl_exec($ch));
var_dump($result);