search
HomeBackend DevelopmentPHP Tutorialthinkphp WeChat development: safe mode message encryption and decryption, thinkphp decryption_PHP tutorial
thinkphp WeChat development: safe mode message encryption and decryption, thinkphp decryption_PHP tutorial
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jul 12, 2016 am 09:03 AM
thinkphpuseaddSafetydevelopWeChatmodelinformationDecrypt

thinkphp WeChat development: safe mode message encryption and decryption, thinkphp decryption

Using thinkphp’s official WeChat package, different modes can be used successfully, but the safe mode does not work. Now Record the analysis and solution results.

                                                                                                                                             

Analysis of the problem:

Decrypting WeChat server messages is always unsuccessful. Download the official decrypted file provided by the WeChat public platform and compare it with WechatCrypt.class.php and find that there is no problem. Use the file_put_contents function to save the decrypted file for analysis. It was found that the xml decrypted by the official package is not in the standard xml format, so the simplexml_load_string function cannot handle it. 

<span>/*</span><span>*
     * 对密文进行解密
     * @param  string $encrypt 密文
     * @return string          明文
     </span><span>*/</span>
    <span>public</span> <span>function</span> decrypt(<span>$encrypt</span><span>){
        </span><span>//</span><span>BASE64解码</span>
        <span>$encrypt</span> = <span>base64_decode</span>(<span>$encrypt</span><span>);

        </span><span>//</span><span>打开加密算法模块</span>
        <span>$td</span> = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''<span>);

        </span><span>//</span><span>初始化加密算法模块</span>
        mcrypt_generic_init(<span>$td</span>, <span>$this</span>->cyptKey, <span>substr</span>(<span>$this</span>->cyptKey, 0, 16<span>));

        </span><span>//</span><span>执行解密</span>
        <span>$decrypt</span> = mdecrypt_generic(<span>$td</span>, <span>$encrypt</span><span>);
       
        </span><span>//</span><span>去除PKCS7补位</span>
        <span>$decrypt</span> = self::PKCS7Decode(<span>$decrypt</span>, mcrypt_enc_get_key_size(<span>$td</span><span>));

        </span><span>//</span><span>关闭加密算法模块</span>
        mcrypt_generic_deinit(<span>$td</span><span>);
        mcrypt_module_close(</span><span>$td</span><span>);

        </span><span>if</span>(<span>strlen</span>(<span>$decrypt</span>) < 16<span>){
            </span><span>throw</span> <span>new</span> \<span>Exception</span>("非法密文字符串!"<span>);
        }

        </span><span>//</span><span>去除随机字符串</span>
        <span>$decrypt</span> = <span>substr</span>(<span>$decrypt</span>, 16<span>);

        </span><span>//</span><span>获取网络字节序</span>
        <span>$size</span> = <span>unpack</span>("N", <span>substr</span>(<span>$decrypt</span>, 0, 4<span>));
        </span><span>$size</span> = <span>$size</span>[1<span>];

        </span><span>//</span><span>APP_ID</span>
        <span>$appid</span> = <span>substr</span>(<span>$decrypt</span>, <span>$size</span> + 4<span>);

        </span><span>//</span><span>验证APP_ID</span>
        <span>if</span>(<span>$appid</span> !== <span>$this</span>-><span>appId){
            </span><span>throw</span> <span>new</span> \<span>Exception</span>("非法APP_ID!"<span>);
        }
        
        </span><span>//</span><span>明文内容</span>
        <span>$text</span> = <span>substr</span>(<span>$decrypt</span>, 4, <span>$size</span><span>);
        </span><span>return</span> <span>$text</span><span>;
    }

    </span><span>/*</span><span>*
     * PKCS7填充字符
     * @param string  $text 被填充字符
     * @param integer $size Block长度
     </span><span>*/</span>
    <span>private</span> <span>static</span> <span>function</span> PKCS7Encode(<span>$text</span>, <span>$size</span><span>){
        </span><span>//</span><span>字符串长度</span>
        <span>$str_size</span> = <span>strlen</span>(<span>$text</span><span>);

        </span><span>//</span><span>填充长度</span>
        <span>$pad_size</span> = <span>$size</span> - (<span>$str_size</span> % <span>$size</span><span>);
        </span><span>$pad_size</span> = <span>$pad_size</span> ? : <span>$size</span><span>;
        
        </span><span>//</span><span>填充的字符</span>
        <span>$pad_chr</span> = <span>chr</span>(<span>$pad_size</span><span>);

        </span><span>//</span><span>执行填充</span>
        <span>$text</span> = <span>str_pad</span>(<span>$text</span>, <span>$str_size</span> + <span>$pad_size</span>, <span>$pad_chr</span>,<span> STR_PAD_RIGHT);

        </span><span>return</span> <span>$text</span><span>;
    }

    </span><span>/*</span><span>*
     * 删除PKCS7填充的字符
     * @param string  $text 已填充的字符
     * @param integer $size Block长度
     </span><span>*/</span>
    <span>private</span> <span>static</span> <span>function</span> PKCS7Decode(<span>$text</span>, <span>$size</span><span>){
        </span><span>//</span><span>获取补位字符</span>
        <span>$pad_str</span> = <span>ord</span>(<span>substr</span>(<span>$text</span>, -1<span>));

        </span><span>if</span> (<span>$pad_str</span> < 1 || <span>$pad_str</span> > <span>$size</span><span>) {
            </span><span>$pad_str</span>= 0<span>;
        } 
            </span><span>return</span> <span>substr</span>(<span>$text</span>, 0, <span>strlen</span>(<span>$text</span>) - <span>$pad_str</span><span>);
        
    }</span>
Solution:

The output xml file is like this 

<span>1</span> <span><</span><span>xml</span><span>></span>
<span>2</span> <span><</span><span>ToUserName</span><span>></span><span><![CDATA[</span><span>gh_249aeb986d99</span><span>]]></span><span><</span><span>\/ToUserName</span><span>></span><span>\n
</span><span>3</span> <span><</span><span>FromUserName</span><span>></span><span><![CDATA[</span><span>oopVmxHZaeQkDPsRcbpwXKkH-J2Q</span><span>]]></span><span><</span><span>\/FromUserName</span><span>></span><span>\n
</span><span>4</span> <span><</span><span>CreateTime</span><span>></span>1448944621<span><</span><span>\/CreateTime</span><span>></span><span>\n
</span><span>5</span> <span><</span><span>MsgType</span><span>></span><span><![CDATA[</span><span>text</span><span>]]></span><span><</span><span>\/MsgType</span><span>></span><span>\n
</span><span>6</span> <span><</span><span>Content</span><span>></span><span><![CDATA[</span><span>\u7ecf\u7406</span><span>]]></span><span><</span><span>\/Content</span><span>></span><span>\n
</span><span>7</span> <span><</span><span>MsgId</span><span>></span>6223169761311044588<span><</span><span>\/MsgId</span><span>></span><span>\n
</span><span>8</span> <span><</span><span>\/xml</span><span>></span>
So it needs to be processed in order for simplexml_load_string to process

Add

after the output plain text content 

<span>1</span> <span>//明文内容
</span><span>2</span> <span>        $text = substr($decrypt, 4, $size);
</span><span>3</span> <span>//去掉多余的内容
</span><span>4</span>         $text=str_replace('<span><</span><span>\/','</', $text</span><span>);      
</span><span>5</span> <span>        $text</span><span>=str_replace('>\n','>', </span><span>$text);
</span><span>6</span> <span>        return $text;</span>

Safe mode can be used normally.

http://www.bkjia.com/PHPjc/1077135.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1077135.htmlTechArticlethinkphp WeChat development: safe mode message encryption and decryption, thinkphp decryption uses thinkphp official WeChat package, different modes can be used successfully , but the safe mode just doesn’t work, now I’ll analyze it...
Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Related Article
thinkphp是不是国产框架thinkphp是不是国产框架Sep 26, 2022 pm 05:11 PM

thinkphp是国产框架。ThinkPHP是一个快速、兼容而且简单的轻量级国产PHP开发框架,是为了简化企业级应用开发和敏捷WEB应用开发而诞生的。ThinkPHP从诞生以来一直秉承简洁实用的设计原则,在保持出色的性能和至简的代码的同时,也注重易用性。

一起聊聊thinkphp6使用think-queue实现普通队列和延迟队列一起聊聊thinkphp6使用think-queue实现普通队列和延迟队列Apr 20, 2022 pm 01:07 PM

本篇文章给大家带来了关于thinkphp的相关知识,其中主要介绍了关于使用think-queue来实现普通队列和延迟队列的相关内容,think-queue是thinkphp官方提供的一个消息队列服务,下面一起来看一下,希望对大家有帮助。

thinkphp的mvc分别指什么thinkphp的mvc分别指什么Jun 21, 2022 am 11:11 AM

thinkphp基于的mvc分别是指:1、m是model的缩写,表示模型,用于数据处理;2、v是view的缩写,表示视图,由View类和模板文件组成;3、c是controller的缩写,表示控制器,用于逻辑处理。mvc设计模式是一种编程思想,是一种将应用程序的逻辑层和表现层进行分离的方法。

实例详解thinkphp6使用jwt认证实例详解thinkphp6使用jwt认证Jun 24, 2022 pm 12:57 PM

本篇文章给大家带来了关于thinkphp的相关知识,其中主要介绍了使用jwt认证的问题,下面一起来看一下,希望对大家有帮助。

thinkphp 怎么查询库是否存在thinkphp 怎么查询库是否存在Dec 05, 2022 am 09:40 AM

thinkphp查询库是否存在的方法:1、打开相应的tp文件;2、通过“ $isTable=db()->query('SHOW TABLES LIKE '."'".$data['table_name']."'");if($isTable){...}else{...}”方式验证表是否存在即可。

thinkphp扩展插件有哪些thinkphp扩展插件有哪些Jun 13, 2022 pm 05:45 PM

thinkphp扩展有:1、think-migration,是一种数据库迁移工具;2、think-orm,是一种ORM类库扩展;3、think-oracle,是一种Oracle驱动扩展;4、think-mongo,一种MongoDb扩展;5、think-soar,一种SQL语句优化扩展;6、porter,一种数据库管理工具;7、tp-jwt-auth,一个jwt身份验证扩展包。

一文教你ThinkPHP使用think-queue实现redis消息队列一文教你ThinkPHP使用think-queue实现redis消息队列Jun 28, 2022 pm 03:33 PM

本篇文章给大家带来了关于ThinkPHP的相关知识,其中主要整理了使用think-queue实现redis消息队列的相关问题,下面一起来看一下,希望对大家有帮助。

thinkphp3.2怎么关闭调试模式thinkphp3.2怎么关闭调试模式Apr 25, 2022 am 10:13 AM

在thinkphp3.2中,可以利用define关闭调试模式,该标签用于变量和常量的定义,将入口文件中定义调试模式设为FALSE即可,语法为“define('APP_DEBUG', false);”;开启调试模式将参数值设置为true即可。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Show More

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
How Long Does It Take To Beat Split Fiction?
3 weeks agoByDDD
R.E.P.O. Save File Location: Where Is It & How to Protect It?
3 weeks agoByDDD
Show More

Hot Tools

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

Show More

Hot Topics

Where is the login entrance for gmail email?
7323
9
Java Tutorial
1625
14
CakePHP Tutorial
1350
46
Laravel Tutorial
1262
25
PHP Tutorial
1209
29
Show More