How to solve UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa1 in position 3: invalid start byte?
How to solve UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa1 in position 3: invalid start byte?
print(cipher.decrypt(pad(base64.b64decode(encrypted_string),16)).decode('utf-8'))
UnicodeDecodeError:'utf-8' 编解码器无法解码位置 3 中的字节 0xa1:起始字节无效
数据流:
Javascript:
- 输入 = {"name":"abcd","password":"abcd"}
- JSON.stringify(输入)
- CryptoJS 使用 CBC 模式加密 AES
- Base64编码
- AJAX 到 Django
Python3/Django/PyCryptodome
- base64解码
- Crypto.pad16B
- 加密cipher.decrypt[成功]
收到的输出是
b'\xf5R\x0ck_\x90\xca\xcc\n\xe6S:\xed\xf1\x0f\x14\x1f\x8c_\x00\xd8m\x82\x96\xa3\x19K\xca\xc2\xfe\x14\x80\x8bD8\xcc\xdb\x91~\xa2~\xbf\xe5U\xe4\x12E`\xb5\r\xd8t\xbd=\xc0\x862\x837W6|\x07i\x8b\xb1"\xe9\xac}\xef\xf0\xf5\xa8\x0e\xf5z\xdc\xb0\xb5'
如何解码此字符串以获得输出。
代码:
function toWordArray(str){
return CryptoJS.enc.Utf8.parse(str);
}
function toString(words){
return CryptoJS.enc.Utf8.stringify(words);
}
function toBase64String(words){
return CryptoJS.enc.Base64.stringify(words);
}
function encrypt(input, key){
console.log("Input: " + input);
var PROTOCOL_AES256 = 2;
var secret_key = CryptoJS.SHA256(key);
var header = toWordArray("AMAZON" + String.fromCharCode(PROTOCOL_AES256));
var iv = CryptoJS.lib.WordArray.random(16);
var body = CryptoJS.AES.encrypt(input, secret_key, {mode:CryptoJS.mode.CBC,iv: iv,padding:CryptoJS.pad.Pkcs7});
// construct the packet
// HEADER + IV + BODY
header.concat(iv);
header.concat(body.ciphertext);
console.log("Bytes before Base64 encoding: " + header);
// encode in base64
return toBase64String(header);
}
$("#submitid").click(function(event) {
event.preventDefault()
// var encrypted = CryptoJS.AES(...);
// var encrypted = CryptoJS.SHA256(...);
var data = {};
data["name"] = $("#nameid").val();
data["password"] = $("#passwordid").val();
var json_payload = JSON.stringify(data);
var payload = encrypt(json_payload, key);
console.log("Payload: " + payload);
$.ajax({
type: 'GET',
url: "{% url 'Shenzen:actsignin' %}",
data: {encrypted_string: payload},
success: function(data,status,xhr){
console.log("AES sucessful withs status: "+status);
},
error: function(xhr,status,e) {
console.log("AES failed.");
},
async: true,
datatype: 'json'
})
})
},
error: function(xhr,status,e) {
console.log("error");
},
async: true,
datatype: 'json'
});
Python3
def actsignin(request):
global key
global prime
global base_num
encrypted_string = request.GET['encrypted_string']
print("Encrypted string decoded: ",base64.b64decode(encrypted_string).hex())
print("----")
protocol_aes = str(2)
header_skip = 'AMAZON'+protocol_aes
sha256_key = SHA256.new(data=bytes(key))
cipher = AES.new(sha256_key.digest(),AES.MODE_CBC)
print(cipher.decrypt(pad(base64.b64decode(encrypted_string),16)))
print('in signin')
# student = +Student.objects.get(name = name)
# salt = student.salt
# key = hashlib.pbkdf2_hmac('sha256',password.encode('utf-8'),salt,100000)
# # Hash the password here to check
# password_to_check_hashed = key
# print(key)
# print(student.password)
# if student.password == key:
return render(request,"Shenzen/display.html",{'student':'student'})
# else:
# return render(request,"Shenzen/display.html",{'status':'failed'})
base64 decode
Crypto.pad 16B
Crypto.cipher.decrypt [successful]
实施者
cipher = AES.new(sha256_key.digest(),AES.MODE_CBC)
print(cipher.decrypt(pad(base64.b64decode(encrypted_string),16)))
这没有意义。顺序是pad然后加密,解密然后unpad。取消填充通常由 decrypt 方法本身执行。
解密可能在解填充期间失败,但如果您跳过解填充,那么您只会收到垃圾。如果您填充密文,那么最后一部分是垃圾是肯定的。解码字符只是您注意到结果 是 垃圾的第一个地方。
另请注意,Python 代码默认为全零 IV,而 CryptoJS 显然使用全随机 IV,作为密文的前缀。
没有身份验证标签(由 MAC 或经过身份验证的密码生成),可能始终可以解密密文。尽管人们普遍认为,块密码解密永远不会失败。
print(cipher.decrypt(pad(base64.b64decode(encrypted_string),16)).decode('utf-8')) UnicodeDecodeError:'utf-8' 编解码器无法解码位置 3 中的字节 0xa1:起始字节无效
数据流: Javascript:
- 输入 = {"name":"abcd","password":"abcd"}
- JSON.stringify(输入)
- CryptoJS 使用 CBC 模式加密 AES
- Base64编码
- AJAX 到 Django
Python3/Django/PyCryptodome
- base64解码
- Crypto.pad16B
- 加密cipher.decrypt[成功]
收到的输出是
b'\xf5R\x0ck_\x90\xca\xcc\n\xe6S:\xed\xf1\x0f\x14\x1f\x8c_\x00\xd8m\x82\x96\xa3\x19K\xca\xc2\xfe\x14\x80\x8bD8\xcc\xdb\x91~\xa2~\xbf\xe5U\xe4\x12E`\xb5\r\xd8t\xbd=\xc0\x862\x837W6|\x07i\x8b\xb1"\xe9\xac}\xef\xf0\xf5\xa8\x0e\xf5z\xdc\xb0\xb5'
如何解码此字符串以获得输出。
代码:
function toWordArray(str){
return CryptoJS.enc.Utf8.parse(str);
}
function toString(words){
return CryptoJS.enc.Utf8.stringify(words);
}
function toBase64String(words){
return CryptoJS.enc.Base64.stringify(words);
}
function encrypt(input, key){
console.log("Input: " + input);
var PROTOCOL_AES256 = 2;
var secret_key = CryptoJS.SHA256(key);
var header = toWordArray("AMAZON" + String.fromCharCode(PROTOCOL_AES256));
var iv = CryptoJS.lib.WordArray.random(16);
var body = CryptoJS.AES.encrypt(input, secret_key, {mode:CryptoJS.mode.CBC,iv: iv,padding:CryptoJS.pad.Pkcs7});
// construct the packet
// HEADER + IV + BODY
header.concat(iv);
header.concat(body.ciphertext);
console.log("Bytes before Base64 encoding: " + header);
// encode in base64
return toBase64String(header);
}
$("#submitid").click(function(event) {
event.preventDefault()
// var encrypted = CryptoJS.AES(...);
// var encrypted = CryptoJS.SHA256(...);
var data = {};
data["name"] = $("#nameid").val();
data["password"] = $("#passwordid").val();
var json_payload = JSON.stringify(data);
var payload = encrypt(json_payload, key);
console.log("Payload: " + payload);
$.ajax({
type: 'GET',
url: "{% url 'Shenzen:actsignin' %}",
data: {encrypted_string: payload},
success: function(data,status,xhr){
console.log("AES sucessful withs status: "+status);
},
error: function(xhr,status,e) {
console.log("AES failed.");
},
async: true,
datatype: 'json'
})
})
},
error: function(xhr,status,e) {
console.log("error");
},
async: true,
datatype: 'json'
});
Python3
def actsignin(request):
global key
global prime
global base_num
encrypted_string = request.GET['encrypted_string']
print("Encrypted string decoded: ",base64.b64decode(encrypted_string).hex())
print("----")
protocol_aes = str(2)
header_skip = 'AMAZON'+protocol_aes
sha256_key = SHA256.new(data=bytes(key))
cipher = AES.new(sha256_key.digest(),AES.MODE_CBC)
print(cipher.decrypt(pad(base64.b64decode(encrypted_string),16)))
print('in signin')
# student = +Student.objects.get(name = name)
# salt = student.salt
# key = hashlib.pbkdf2_hmac('sha256',password.encode('utf-8'),salt,100000)
# # Hash the password here to check
# password_to_check_hashed = key
# print(key)
# print(student.password)
# if student.password == key:
return render(request,"Shenzen/display.html",{'student':'student'})
# else:
# return render(request,"Shenzen/display.html",{'status':'failed'})
base64 decode
Crypto.pad 16B
Crypto.cipher.decrypt [successful]
实施者
cipher = AES.new(sha256_key.digest(),AES.MODE_CBC)
print(cipher.decrypt(pad(base64.b64decode(encrypted_string),16)))
这没有意义。顺序是pad然后加密,解密然后unpad。取消填充通常由 decrypt 方法本身执行。
解密可能在解填充期间失败,但如果您跳过解填充,那么您只会收到垃圾。如果您填充密文,那么最后一部分是垃圾是肯定的。解码字符只是您注意到结果 是 垃圾的第一个地方。
另请注意,Python 代码默认为全零 IV,而 CryptoJS 显然使用全随机 IV,作为密文的前缀。
没有身份验证标签(由 MAC 或经过身份验证的密码生成),可能始终可以解密密文。尽管人们普遍认为,块密码解密永远不会失败。