thinkphp微信开发:安全模式消息加解密,thinkphp解密
thinkphp微信开发:安全模式消息加解密,thinkphp解密
使用thinkphp官方的WeChat包,使用不同模式可以成功,但是安全模式就是不行,现将分析解决结果做下记录。
TRight
分析问题:
解密微信服务器消息老是不成功,下载下微信公众平台官方给出的解密文件和WechatCrypt.class.php进行比对发现也没有问题。用file_put_contents函数保存下解密后的文件进行分析。发现官方包解密的xml不是标准的xml格式,所以simplexml_load_string函数无法处理。
<span>/*</span><span>*
* 对密文进行解密
* @param string $encrypt 密文
* @return string 明文
</span><span>*/</span>
<span>public</span> <span>function</span> decrypt(<span>$encrypt</span><span>){
</span><span>//</span><span>BASE64解码</span>
<span>$encrypt</span> = <span>base64_decode</span>(<span>$encrypt</span><span>);
</span><span>//</span><span>打开加密算法模块</span>
<span>$td</span> = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''<span>);
</span><span>//</span><span>初始化加密算法模块</span>
mcrypt_generic_init(<span>$td</span>, <span>$this</span>->cyptKey, <span>substr</span>(<span>$this</span>->cyptKey, 0, 16<span>));
</span><span>//</span><span>执行解密</span>
<span>$decrypt</span> = mdecrypt_generic(<span>$td</span>, <span>$encrypt</span><span>);
</span><span>//</span><span>去除PKCS7补位</span>
<span>$decrypt</span> = self::PKCS7Decode(<span>$decrypt</span>, mcrypt_enc_get_key_size(<span>$td</span><span>));
</span><span>//</span><span>关闭加密算法模块</span>
mcrypt_generic_deinit(<span>$td</span><span>);
mcrypt_module_close(</span><span>$td</span><span>);
</span><span>if</span>(<span>strlen</span>(<span>$decrypt</span>) < 16<span>){
</span><span>throw</span> <span>new</span> \<span>Exception</span>("非法密文字符串!"<span>);
}
</span><span>//</span><span>去除随机字符串</span>
<span>$decrypt</span> = <span>substr</span>(<span>$decrypt</span>, 16<span>);
</span><span>//</span><span>获取网络字节序</span>
<span>$size</span> = <span>unpack</span>("N", <span>substr</span>(<span>$decrypt</span>, 0, 4<span>));
</span><span>$size</span> = <span>$size</span>[1<span>];
</span><span>//</span><span>APP_ID</span>
<span>$appid</span> = <span>substr</span>(<span>$decrypt</span>, <span>$size</span> + 4<span>);
</span><span>//</span><span>验证APP_ID</span>
<span>if</span>(<span>$appid</span> !== <span>$this</span>-><span>appId){
</span><span>throw</span> <span>new</span> \<span>Exception</span>("非法APP_ID!"<span>);
}
</span><span>//</span><span>明文内容</span>
<span>$text</span> = <span>substr</span>(<span>$decrypt</span>, 4, <span>$size</span><span>);
</span><span>return</span> <span>$text</span><span>;
}
</span><span>/*</span><span>*
* PKCS7填充字符
* @param string $text 被填充字符
* @param integer $size Block长度
</span><span>*/</span>
<span>private</span> <span>static</span> <span>function</span> PKCS7Encode(<span>$text</span>, <span>$size</span><span>){
</span><span>//</span><span>字符串长度</span>
<span>$str_size</span> = <span>strlen</span>(<span>$text</span><span>);
</span><span>//</span><span>填充长度</span>
<span>$pad_size</span> = <span>$size</span> - (<span>$str_size</span> % <span>$size</span><span>);
</span><span>$pad_size</span> = <span>$pad_size</span> ? : <span>$size</span><span>;
</span><span>//</span><span>填充的字符</span>
<span>$pad_chr</span> = <span>chr</span>(<span>$pad_size</span><span>);
</span><span>//</span><span>执行填充</span>
<span>$text</span> = <span>str_pad</span>(<span>$text</span>, <span>$str_size</span> + <span>$pad_size</span>, <span>$pad_chr</span>,<span> STR_PAD_RIGHT);
</span><span>return</span> <span>$text</span><span>;
}
</span><span>/*</span><span>*
* 删除PKCS7填充的字符
* @param string $text 已填充的字符
* @param integer $size Block长度
</span><span>*/</span>
<span>private</span> <span>static</span> <span>function</span> PKCS7Decode(<span>$text</span>, <span>$size</span><span>){
</span><span>//</span><span>获取补位字符</span>
<span>$pad_str</span> = <span>ord</span>(<span>substr</span>(<span>$text</span>, -1<span>));
</span><span>if</span> (<span>$pad_str</span> < 1 || <span>$pad_str</span> > <span>$size</span><span>) {
</span><span>$pad_str</span>= 0<span>;
}
</span><span>return</span> <span>substr</span>(<span>$text</span>, 0, <span>strlen</span>(<span>$text</span>) - <span>$pad_str</span><span>);
}</span>
解决方法:
输出的xml文件是这样的
<span>1</span> <span><</span><span>xml</span><span>></span> <span>2</span> <span><</span><span>ToUserName</span><span>></span><span><![CDATA[</span><span>gh_249aeb986d99</span><span>]]></span><span><</span><span>\/ToUserName</span><span>></span><span>\n </span><span>3</span> <span><</span><span>FromUserName</span><span>></span><span><![CDATA[</span><span>oopVmxHZaeQkDPsRcbpwXKkH-J2Q</span><span>]]></span><span><</span><span>\/FromUserName</span><span>></span><span>\n </span><span>4</span> <span><</span><span>CreateTime</span><span>></span>1448944621<span><</span><span>\/CreateTime</span><span>></span><span>\n </span><span>5</span> <span><</span><span>MsgType</span><span>></span><span><![CDATA[</span><span>text</span><span>]]></span><span><</span><span>\/MsgType</span><span>></span><span>\n </span><span>6</span> <span><</span><span>Content</span><span>></span><span><![CDATA[</span><span>\u7ecf\u7406</span><span>]]></span><span><</span><span>\/Content</span><span>></span><span>\n </span><span>7</span> <span><</span><span>MsgId</span><span>></span>6223169761311044588<span><</span><span>\/MsgId</span><span>></span><span>\n </span><span>8</span> <span><</span><span>\/xml</span><span>></span>
所以需要进行处理才能让simplexml_load_string处理
在输出的明文内容后面加上
<span>1</span> <span>//明文内容
</span><span>2</span> <span> $text = substr($decrypt, 4, $size);
</span><span>3</span> <span>//去掉多余的内容
</span><span>4</span> $text=str_replace('<span><</span><span>\/','</', $text</span><span>);
</span><span>5</span> <span> $text</span><span>=str_replace('>\n','>', </span><span>$text);
</span><span>6</span> <span> return $text;</span>
安全模式就能正常使用了。
Alat AI Hot
Undresser.AI Undress
Apl berkuasa AI untuk mencipta foto bogel yang realistik
AI Clothes Remover
Alat AI dalam talian untuk mengeluarkan pakaian daripada foto.
Undress AI Tool
Gambar buka pakaian secara percuma
Clothoff.io
Penyingkiran pakaian AI
AI Hentai Generator
Menjana ai hentai secara percuma.
Artikel Panas
Alat panas
Penyesuai Pelayan SAP NetWeaver untuk Eclipse
Integrasikan Eclipse dengan pelayan aplikasi SAP NetWeaver.
Hantar Studio 13.0.1
Persekitaran pembangunan bersepadu PHP yang berkuasa
SecLists
SecLists ialah rakan penguji keselamatan muktamad. Ia ialah koleksi pelbagai jenis senarai yang kerap digunakan semasa penilaian keselamatan, semuanya di satu tempat. SecLists membantu menjadikan ujian keselamatan lebih cekap dan produktif dengan menyediakan semua senarai yang mungkin diperlukan oleh penguji keselamatan dengan mudah. Jenis senarai termasuk nama pengguna, kata laluan, URL, muatan kabur, corak data sensitif, cangkerang web dan banyak lagi. Penguji hanya boleh menarik repositori ini ke mesin ujian baharu dan dia akan mempunyai akses kepada setiap jenis senarai yang dia perlukan.
Dreamweaver CS6
Alat pembangunan web visual
MantisBT
Mantis ialah alat pengesan kecacatan berasaskan web yang mudah digunakan yang direka untuk membantu dalam pengesanan kecacatan produk. Ia memerlukan PHP, MySQL dan pelayan web. Lihat perkhidmatan demo dan pengehosan kami.
