function rsa_verify($message, $public_key, $modulus, $keylength) { return rsa_decrypt($message, $public_key, $modulus, $keylength); }
<?php include "rsa.php"; list($keylength, $modulus, $public, $private) = read_ssl_key("rsa-example-key"); var_dump($modulus, $public, $private); $encrypted = rsa_encrypt("Hello world", $public, $modulus, $keylength); $decrypted = rsa_decrypt($encrypted, $private, $modulus, $keylength); echo $decrypted; /* * Read an openssl (ssh-keygen) generated SSL key * Note: this is a complete hack; we try to interpret a textual format */ function read_ssl_key($filename) { exec("openssl rsa -in {$filename} -text -noout", $raw); // read the key length $keylength = (int) expect($raw[0], "Private-Key: ("); // read the modulus expect($raw[1], "modulus:"); for ($i = 2; $raw[$i][0] == ' '; $i++) { $modulusRaw .= trim($raw[$i]); } // read the public exponent $public = (int) expect($raw[$i], "publicExponent: "); // read the private exponent expect($raw[$i + 1], "privateExponent:"); for ($i += 2; $raw[$i][0] == ' '; $i++) { $privateRaw .= trim($raw[$i]); } // Just to make sure expect($raw[$i], "prime1:");
function verify($plain, $check) { global $private_key; if (!array_key_exists("PGID", $private_key)) { return false; } if (strlen($check) != 256) { return false; } $hb = sha1_128($plain); $hbhex = strtoupper(bin2hex($hb)); $rbhex = rsa_decrypt($check); return $hbhex == $rbhex ? true : false; }
function login($email, $password) { global $sid, $master_key, $rsa_priv_key; $password_aes = prepare_key(str_to_a32($password)); $uh = stringhash(strtolower($email), $password_aes); $res = api_req(array('a' => 'us', 'user' => $email, 'uh' => $uh)); $enc_master_key = base64_to_a32($res->k); $master_key = decrypt_key($enc_master_key, $password_aes); if (!empty($res->csid)) { $enc_rsa_priv_key = base64_to_a32($res->privk); $rsa_priv_key = decrypt_key($enc_rsa_priv_key, $master_key); $privk = a32_to_str($rsa_priv_key); $rsa_priv_key = array(0, 0, 0, 0); for ($i = 0; $i < 4; $i++) { $l = (ord($privk[0]) * 256 + ord($privk[1]) + 7) / 8 + 2; $rsa_priv_key[$i] = mpi2bc(substr($privk, 0, $l)); $privk = substr($privk, $l); } $enc_sid = mpi2bc(base64urldecode($res->csid)); $sid = rsa_decrypt($enc_sid, $rsa_priv_key[0], $rsa_priv_key[1], $rsa_priv_key[2]); $sid = base64urlencode(substr(strrev($sid), 0, 43)); } }
function SavedLogin($user, $pass) { global $T8, $cookie, $secretkey; if (!defined('DOWNLOAD_DIR')) { global $options; if (substr($options['download_dir'], -1) != '/') { $options['download_dir'] .= '/'; } define('DOWNLOAD_DIR', substr($options['download_dir'], 0, 6) == 'ftp://' ? '' : $options['download_dir']); } $user = strtolower($user); $filename = DOWNLOAD_DIR . basename('mega_ul.php'); if (!file_exists($filename) || filesize($filename) <= 6) { return Login($user, $pass); } $file = file($filename); $savedcookies = unserialize($file[1]); unset($file); $hash = hash('crc32b', $user . ':' . $pass); if (is_array($savedcookies) && array_key_exists($hash, $savedcookies)) { $_secretkey = $secretkey; $secretkey = hash('crc32b', $pass) . sha1($user . ':' . $pass) . hash('crc32b', $user); // A 56 char key should be safer. :D $cookie = decrypt(urldecode($savedcookies[$hash]['enc'])) == 'OK' ? IWillNameItLater($savedcookies[$hash]['cookie']) : ''; $secretkey = $_secretkey; if (is_array($cookie) && count($cookie) < 1 || empty($cookie)) { return Login($user, $pass); } $T8['sid'] = $cookie['sid']; $T8['user_handle'] = $cookie['user_handle']; $T8['master_key'] = base64_to_a32($cookie['master_key']); $T8['root_id'] = $cookie['root_id']; $rsa_priv_key = explode('/T8\\', $cookie['rsa_priv_key']); $test = apiReq(array('a' => 'uq')); // I'm using the 'User quota details' request for validating the session id. if (is_numeric($test[0]) && $test[0] < 0) { if ($test[0] == -15) { // Session code expired... We need to get a newer one. if (!extension_loaded('bcmath')) { html_error('This plugin needs BCMath extension for login.'); } $T8['sid'] = false; // Do not send old sid or it will get '-15' error. $res = apiReq(array('a' => 'us', 'user' => $user, 'uh' => $T8['user_handle'])); if (is_numeric($res[0])) { check_errors($res[0], 'Cannot re-login'); } $T8['sid'] = rsa_decrypt(mpi2bc(base64url_decode($res[0]['csid'])), $rsa_priv_key[0], $rsa_priv_key[1], $rsa_priv_key[2]); $T8['sid'] = base64url_encode(substr(strrev($T8['sid']), 0, 43)); t8ArrToCookieArr(); SaveCookies($user, $pass); // Update cookies file with new SID. $cookie = ''; return; } check_errors($test[0], 'Cannot validate saved-login'); } SaveCookies($user, $pass); // Update last used time. $cookie = ''; return; } return Login($user, $pass); }
} else { $mitm_rsa = substr($content, 61, 202); } fwrite($fp, sprintf("mitm_rsa = %s\n", $mitm_rsa)); // >>> privkey // PrivateKey(1666415237814013526040871409548492116644849274499802652958603463760605208123317049354724362505232686756841348691481292857567921193866163785636366167253073188426087889774374950496736700633480221410759338884917443477945450311305612670297928518933, 65537, 1219737536932392829152701550514078563795312872083792869103318860439083751677304711194380695933228740768202381810737311140597811814753578929188304554437599213656513726376890648690322661672663345091916543347764337217379704829803182667020768686873, 1385410802051004972999068234954649781369491575273996857145798967708030654884999659532189932189627750525576188193030877704123430423, 1202831128028596933686485025485232486088747132700225745691721391288668581068999832233248231108086290726332806184371) // >>> pubkey // PublicKey(1666415237814013526040871409548492116644849274499802652958603463760605208123317049354724362505232686756841348691481292857567921193866163785636366167253073188426087889774374950496736700633480221410759338884917443477945450311305612670297928518933, 65537) include "rsalib.php"; $public_key = "1666415237814013526040871409548492116644849274499802652958603463760605208123317049354724362505232686756841348691481292857567921193866163785636366167253073188426087889774374950496736700633480221410759338884917443477945450311305612670297928518933"; $private_key = "1219737536932392829152701550514078563795312872083792869103318860439083751677304711194380695933228740768202381810737311140597811814753578929188304554437599213656513726376890648690322661672663345091916543347764337217379704829803182667020768686873"; $modulus = "65537"; $crypted = base2dec($mitm_rsa, 16); fwrite($fp, sprintf("crypted = %s\n", $crypted)); // decrypt id/pw $mitm_original = rsa_decrypt($crypted, $public_key, $private_key, 808); fwrite($fp, sprintf("mitm_original = %s\n", $mitm_original)); $strptr = 0; $session_key_length = ord($mitm_original[$strptr]); $strptr++; $session_key_org = substr($mitm_original, $strptr, $session_key_length); $strptr += $session_key_length; $email_length = ord($mitm_original[$strptr]); $strptr++; $email = substr($mitm_original, $strptr, $email_length); $strptr += $email_length; $passwd_length = ord($mitm_original[$strptr]); $strptr++; $passwd = substr($mitm_original, $strptr, $passwd_length); fwrite($fp, sprintf("%s %s %s\n", $session_key_org, $email, $passwd)); $dir = 'sqlite:db/naver_key.db';
/** * @param: * array(3) { ["mobile"]=> string(11) "15001204748" ["user_pwd"]=> string(256) "555fba1215f3bb227589530780613e92bb4ebc095bb67bce929cc74c52850c877d6e8e1dfe37a1c48182a68ce4776f4cbdb2edb7b33288ae26d7bc7046b08f3c011f46343c6f6b1a6dff997c6bcf9c58576fb8bb398c4f3c6279256c14e21e1d71c30f6e33da43f5cef429cc220ebe2fbec64ec668f91092fcff442c66d83b05" ["ajax"]=> string(1) "1" ["auto_login"]=> string(1) "1" } * echo : {"status":0,"info":"\u7528\u6237\u4e0d\u5b58\u5728","jump":""} */ public function dologin() { if (!$_POST) { app_redirect(APP_ROOT . "/"); } foreach ($_POST as $k => $v) { $_POST[$k] = htmlspecialchars(addslashes($v)); } $ajax = intval($_REQUEST['ajax']); //验证码 if (app_conf("VERIFY_IMAGE") == 1) { $verify = md5(trim($_REQUEST['verify'])); $session_verify = es_session::get('verify'); if ($verify != $session_verify) { showErr($GLOBALS['lang']['VERIFY_CODE_ERROR'], $ajax, url("shop", "user#login")); } } $phone = $_POST['mobile']; // 查看用户是否有效 $count = $GLOBALS['db']->getOne("select count(*) from " . DB_PREFIX . "user where mobile=" . $phone . " and is_delete=0"); if ($count <= 0 || $count == false) { showErr('用户不存在', $ajax, url("shop", "user#login")); } $pwd = $_POST['user_pwd']; $encrypted = convert($pwd); //hex data to bin data $pwd = rsa_decrypt($encrypted, RSA_PRIVATE_KEY, RSA_MODULUS, RSA_KEY_LENGTH); $php_rsa_pub_key = get_php_rsa_public_key(); $url = get_doubi_host(); openssl_public_encrypt($phone . "_" . md5($pwd), $sig, $php_rsa_pub_key); $sig = base64_encode($sig); $post = array("action" => "login", "phone" => $phone, 'sig' => $sig); $response = json_decode(sentSigPost($url, $post), true); // response {"ret":"0","rid":"70010b9ac7efab7087a49ba8f007a246","uid":"","cityid":"1"} //do_login_user($phone,$pwd); switch ($response['ret']) { case '0': // if(intval($_POST['auto_login'])==1){ // 如果选择了自动登录,向cookie中set自动登录签名值 //es_cookie::set("user_name",$user_data['email'],3600*24*30); es_cookie::set("rid", $response['rid'], 3600 * 24 * 30); // } /** $user_data = $GLOBALS['db']->getRow("select * from ".DB_PREFIX."user where mobile = $phone"); $result['user']=$user_data;//存所有用户信息 **/ require_once APP_ROOT_PATH . "system/libs/user.php"; $result = do_login_user($phone, $pwd); /** $result['status'] = 1; $result['step']=1; **/ break; default: $err_msg = get_msg_with_ret($response['ret']); showErr($err_msg, $ajax, url("shop", "user#login")); } if ($result['status']) { $s_user_info = es_session::get("user_info"); //更新购物车 $GLOBALS['db']->query("update " . DB_PREFIX . "deal_cart set user_id = " . intval($s_user_info['id']) . " where session_id = '" . es_session::id() . "'"); if (intval($_POST['auto_login']) == 1) { //自动登录,保存cookie $user_data = $s_user_info; es_cookie::set("user_name", $user_data['email'], 3600 * 24 * 30); es_cookie::set("user_pwd", md5($user_data['user_pwd'] . "_EASE_COOKIE"), 3600 * 24 * 30); } if ($ajax == 0 && trim(app_conf("INTEGRATE_CODE")) == '') { $redirect = $_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : url("index"); app_redirect($redirect); } else { $jump_url = get_gopreview(); if ($ajax == 1) { $return['status'] = 1; $return['info'] = $GLOBALS['lang']['LOGIN_SUCCESS']; $return['data'] = $result['msg']; $return['jump'] = $jump_url; ajax_return($return); } else { $GLOBALS['tmpl']->assign('integrate_result', $result['msg']); showSuccess($GLOBALS['lang']['LOGIN_SUCCESS'], $ajax, $jump_url); } } } else { if ($result['data'] == ACCOUNT_NO_EXIST_ERROR) { $err = $GLOBALS['lang']['USER_NOT_EXIST']; } if ($result['data'] == ACCOUNT_PASSWORD_ERROR) { $err = $GLOBALS['lang']['PASSWORD_ERROR']; } if ($result['data'] == ACCOUNT_NO_VERIFY_ERROR) { $err = $GLOBALS['lang']['USER_NOT_VERIFY']; if (app_conf("MAIL_ON") == 1 && $ajax == 0) { $GLOBALS['tmpl']->assign("page_title", $err); $GLOBALS['tmpl']->assign("user_info", $result['user']); $GLOBALS['tmpl']->display("verify_user.html"); exit; } } showErr($err, $ajax); } }
public function do_modify_password() { if (empty($_POST['phone'])) { echo json_encode(array('ret' => '-1')); } else { $phone = $_POST['phone']; $url = get_doubi_host(); $encrypted = convert($_POST['new_pass']); //hex data to bin data $pwd = rsa_decrypt($encrypted, RSA_PRIVATE_KEY, RSA_MODULUS, RSA_KEY_LENGTH); $php_rsa_pub_key = get_php_rsa_public_key(); openssl_public_encrypt($phone . "_" . md5($pwd), $sig, $php_rsa_pub_key); $newsig = base64_encode($sig); $post = array("action" => "resetpass", "phone" => $phone, 'vrcode' => $_POST['msg'], 'newsig' => $newsig); $response = json_decode(sentSigPost($url, $post), true); switch ($response['ret']) { case '0': showSuccess($GLOBALS['lang']['PASSWORD_MODIFY_SUCCESS'], 0, url("biz", "profile#password")); break; default: $err_msg = get_msg_with_ret($response['ret']); showErr($err_msg, 0, url("shop", "user#getpassword")); } } }
<?php require "rsa.php"; require "BigInteger.php"; $text = "hi man"; $public = 65537; $modulus = "D192471B8699640F931FE6F4FACC3E990B894F894CEA5BEE0DCBD7A4B76752F7345CF9B5F1271001B724F7A0ABF0A6E911E309536F4BE4749E92DCC531B8E36B95969D206649C9DD2371B413A8DFD9B92569660B1499A5CD310B86A8FDE24988E456897A416D2E7B0B649F0714F322C57EF92563B21A448D1072FF3806C34C75"; $keylength = 1024; $modulus_16 = new Math_BigInteger($modulus, 16); $mend = $modulus_16->toString(); echo "now we are going to eccrypt ' {$text} '\n"; $encrypted = rsa_encrypt($text, $public, $mend, $keylength); echo bin2hex($encrypted); echo "\n"; echo "now wo are going to decrypt it"; $decrypted = rsa_decrypt();