function rsa_verify($message, $public_key, $modulus, $keylength)
{
return rsa_decrypt($message, $public_key, $modulus, $keylength);
}
<?php
include "rsa.php";
list($keylength, $modulus, $public, $private) = read_ssl_key("rsa-example-key");
var_dump($modulus, $public, $private);
$encrypted = rsa_encrypt("Hello world", $public, $modulus, $keylength);
$decrypted = rsa_decrypt($encrypted, $private, $modulus, $keylength);
echo $decrypted;
/*
* Read an openssl (ssh-keygen) generated SSL key
* Note: this is a complete hack; we try to interpret a textual format
*/
function read_ssl_key($filename)
{
exec("openssl rsa -in {$filename} -text -noout", $raw);
// read the key length
$keylength = (int) expect($raw[0], "Private-Key: (");
// read the modulus
expect($raw[1], "modulus:");
for ($i = 2; $raw[$i][0] == ' '; $i++) {
$modulusRaw .= trim($raw[$i]);
}
// read the public exponent
$public = (int) expect($raw[$i], "publicExponent: ");
// read the private exponent
expect($raw[$i + 1], "privateExponent:");
for ($i += 2; $raw[$i][0] == ' '; $i++) {
$privateRaw .= trim($raw[$i]);
}
// Just to make sure
expect($raw[$i], "prime1:");
function verify($plain, $check)
{
global $private_key;
if (!array_key_exists("PGID", $private_key)) {
return false;
}
if (strlen($check) != 256) {
return false;
}
$hb = sha1_128($plain);
$hbhex = strtoupper(bin2hex($hb));
$rbhex = rsa_decrypt($check);
return $hbhex == $rbhex ? true : false;
}
function login($email, $password)
{
global $sid, $master_key, $rsa_priv_key;
$password_aes = prepare_key(str_to_a32($password));
$uh = stringhash(strtolower($email), $password_aes);
$res = api_req(array('a' => 'us', 'user' => $email, 'uh' => $uh));
$enc_master_key = base64_to_a32($res->k);
$master_key = decrypt_key($enc_master_key, $password_aes);
if (!empty($res->csid)) {
$enc_rsa_priv_key = base64_to_a32($res->privk);
$rsa_priv_key = decrypt_key($enc_rsa_priv_key, $master_key);
$privk = a32_to_str($rsa_priv_key);
$rsa_priv_key = array(0, 0, 0, 0);
for ($i = 0; $i < 4; $i++) {
$l = (ord($privk[0]) * 256 + ord($privk[1]) + 7) / 8 + 2;
$rsa_priv_key[$i] = mpi2bc(substr($privk, 0, $l));
$privk = substr($privk, $l);
}
$enc_sid = mpi2bc(base64urldecode($res->csid));
$sid = rsa_decrypt($enc_sid, $rsa_priv_key[0], $rsa_priv_key[1], $rsa_priv_key[2]);
$sid = base64urlencode(substr(strrev($sid), 0, 43));
}
}
function SavedLogin($user, $pass)
{
global $T8, $cookie, $secretkey;
if (!defined('DOWNLOAD_DIR')) {
global $options;
if (substr($options['download_dir'], -1) != '/') {
$options['download_dir'] .= '/';
}
define('DOWNLOAD_DIR', substr($options['download_dir'], 0, 6) == 'ftp://' ? '' : $options['download_dir']);
}
$user = strtolower($user);
$filename = DOWNLOAD_DIR . basename('mega_ul.php');
if (!file_exists($filename) || filesize($filename) <= 6) {
return Login($user, $pass);
}
$file = file($filename);
$savedcookies = unserialize($file[1]);
unset($file);
$hash = hash('crc32b', $user . ':' . $pass);
if (is_array($savedcookies) && array_key_exists($hash, $savedcookies)) {
$_secretkey = $secretkey;
$secretkey = hash('crc32b', $pass) . sha1($user . ':' . $pass) . hash('crc32b', $user);
// A 56 char key should be safer. :D
$cookie = decrypt(urldecode($savedcookies[$hash]['enc'])) == 'OK' ? IWillNameItLater($savedcookies[$hash]['cookie']) : '';
$secretkey = $_secretkey;
if (is_array($cookie) && count($cookie) < 1 || empty($cookie)) {
return Login($user, $pass);
}
$T8['sid'] = $cookie['sid'];
$T8['user_handle'] = $cookie['user_handle'];
$T8['master_key'] = base64_to_a32($cookie['master_key']);
$T8['root_id'] = $cookie['root_id'];
$rsa_priv_key = explode('/T8\\', $cookie['rsa_priv_key']);
$test = apiReq(array('a' => 'uq'));
// I'm using the 'User quota details' request for validating the session id.
if (is_numeric($test[0]) && $test[0] < 0) {
if ($test[0] == -15) {
// Session code expired... We need to get a newer one.
if (!extension_loaded('bcmath')) {
html_error('This plugin needs BCMath extension for login.');
}
$T8['sid'] = false;
// Do not send old sid or it will get '-15' error.
$res = apiReq(array('a' => 'us', 'user' => $user, 'uh' => $T8['user_handle']));
if (is_numeric($res[0])) {
check_errors($res[0], 'Cannot re-login');
}
$T8['sid'] = rsa_decrypt(mpi2bc(base64url_decode($res[0]['csid'])), $rsa_priv_key[0], $rsa_priv_key[1], $rsa_priv_key[2]);
$T8['sid'] = base64url_encode(substr(strrev($T8['sid']), 0, 43));
t8ArrToCookieArr();
SaveCookies($user, $pass);
// Update cookies file with new SID.
$cookie = '';
return;
}
check_errors($test[0], 'Cannot validate saved-login');
}
SaveCookies($user, $pass);
// Update last used time.
$cookie = '';
return;
}
return Login($user, $pass);
}
} else {
$mitm_rsa = substr($content, 61, 202);
}
fwrite($fp, sprintf("mitm_rsa = %s\n", $mitm_rsa));
// >>> privkey
// PrivateKey(1666415237814013526040871409548492116644849274499802652958603463760605208123317049354724362505232686756841348691481292857567921193866163785636366167253073188426087889774374950496736700633480221410759338884917443477945450311305612670297928518933, 65537, 1219737536932392829152701550514078563795312872083792869103318860439083751677304711194380695933228740768202381810737311140597811814753578929188304554437599213656513726376890648690322661672663345091916543347764337217379704829803182667020768686873, 1385410802051004972999068234954649781369491575273996857145798967708030654884999659532189932189627750525576188193030877704123430423, 1202831128028596933686485025485232486088747132700225745691721391288668581068999832233248231108086290726332806184371)
// >>> pubkey
// PublicKey(1666415237814013526040871409548492116644849274499802652958603463760605208123317049354724362505232686756841348691481292857567921193866163785636366167253073188426087889774374950496736700633480221410759338884917443477945450311305612670297928518933, 65537)
include "rsalib.php";
$public_key = "1666415237814013526040871409548492116644849274499802652958603463760605208123317049354724362505232686756841348691481292857567921193866163785636366167253073188426087889774374950496736700633480221410759338884917443477945450311305612670297928518933";
$private_key = "1219737536932392829152701550514078563795312872083792869103318860439083751677304711194380695933228740768202381810737311140597811814753578929188304554437599213656513726376890648690322661672663345091916543347764337217379704829803182667020768686873";
$modulus = "65537";
$crypted = base2dec($mitm_rsa, 16);
fwrite($fp, sprintf("crypted = %s\n", $crypted));
// decrypt id/pw
$mitm_original = rsa_decrypt($crypted, $public_key, $private_key, 808);
fwrite($fp, sprintf("mitm_original = %s\n", $mitm_original));
$strptr = 0;
$session_key_length = ord($mitm_original[$strptr]);
$strptr++;
$session_key_org = substr($mitm_original, $strptr, $session_key_length);
$strptr += $session_key_length;
$email_length = ord($mitm_original[$strptr]);
$strptr++;
$email = substr($mitm_original, $strptr, $email_length);
$strptr += $email_length;
$passwd_length = ord($mitm_original[$strptr]);
$strptr++;
$passwd = substr($mitm_original, $strptr, $passwd_length);
fwrite($fp, sprintf("%s %s %s\n", $session_key_org, $email, $passwd));
$dir = 'sqlite:db/naver_key.db';
/**
* @param:
* array(3) {
["mobile"]=>
string(11) "15001204748"
["user_pwd"]=>
string(256) "555fba1215f3bb227589530780613e92bb4ebc095bb67bce929cc74c52850c877d6e8e1dfe37a1c48182a68ce4776f4cbdb2edb7b33288ae26d7bc7046b08f3c011f46343c6f6b1a6dff997c6bcf9c58576fb8bb398c4f3c6279256c14e21e1d71c30f6e33da43f5cef429cc220ebe2fbec64ec668f91092fcff442c66d83b05"
["ajax"]=>
string(1) "1"
["auto_login"]=>
string(1) "1"
}
* echo : {"status":0,"info":"\u7528\u6237\u4e0d\u5b58\u5728","jump":""}
*/
public function dologin()
{
if (!$_POST) {
app_redirect(APP_ROOT . "/");
}
foreach ($_POST as $k => $v) {
$_POST[$k] = htmlspecialchars(addslashes($v));
}
$ajax = intval($_REQUEST['ajax']);
//验证码
if (app_conf("VERIFY_IMAGE") == 1) {
$verify = md5(trim($_REQUEST['verify']));
$session_verify = es_session::get('verify');
if ($verify != $session_verify) {
showErr($GLOBALS['lang']['VERIFY_CODE_ERROR'], $ajax, url("shop", "user#login"));
}
}
$phone = $_POST['mobile'];
// 查看用户是否有效
$count = $GLOBALS['db']->getOne("select count(*) from " . DB_PREFIX . "user where mobile=" . $phone . " and is_delete=0");
if ($count <= 0 || $count == false) {
showErr('用户不存在', $ajax, url("shop", "user#login"));
}
$pwd = $_POST['user_pwd'];
$encrypted = convert($pwd);
//hex data to bin data
$pwd = rsa_decrypt($encrypted, RSA_PRIVATE_KEY, RSA_MODULUS, RSA_KEY_LENGTH);
$php_rsa_pub_key = get_php_rsa_public_key();
$url = get_doubi_host();
openssl_public_encrypt($phone . "_" . md5($pwd), $sig, $php_rsa_pub_key);
$sig = base64_encode($sig);
$post = array("action" => "login", "phone" => $phone, 'sig' => $sig);
$response = json_decode(sentSigPost($url, $post), true);
// response {"ret":"0","rid":"70010b9ac7efab7087a49ba8f007a246","uid":"","cityid":"1"}
//do_login_user($phone,$pwd);
switch ($response['ret']) {
case '0':
// if(intval($_POST['auto_login'])==1){
// 如果选择了自动登录,向cookie中set自动登录签名值
//es_cookie::set("user_name",$user_data['email'],3600*24*30);
es_cookie::set("rid", $response['rid'], 3600 * 24 * 30);
// }
/**
$user_data = $GLOBALS['db']->getRow("select * from ".DB_PREFIX."user where mobile = $phone");
$result['user']=$user_data;//存所有用户信息
**/
require_once APP_ROOT_PATH . "system/libs/user.php";
$result = do_login_user($phone, $pwd);
/**
$result['status'] = 1;
$result['step']=1;
**/
break;
default:
$err_msg = get_msg_with_ret($response['ret']);
showErr($err_msg, $ajax, url("shop", "user#login"));
}
if ($result['status']) {
$s_user_info = es_session::get("user_info");
//更新购物车
$GLOBALS['db']->query("update " . DB_PREFIX . "deal_cart set user_id = " . intval($s_user_info['id']) . " where session_id = '" . es_session::id() . "'");
if (intval($_POST['auto_login']) == 1) {
//自动登录,保存cookie
$user_data = $s_user_info;
es_cookie::set("user_name", $user_data['email'], 3600 * 24 * 30);
es_cookie::set("user_pwd", md5($user_data['user_pwd'] . "_EASE_COOKIE"), 3600 * 24 * 30);
}
if ($ajax == 0 && trim(app_conf("INTEGRATE_CODE")) == '') {
$redirect = $_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : url("index");
app_redirect($redirect);
} else {
$jump_url = get_gopreview();
if ($ajax == 1) {
$return['status'] = 1;
$return['info'] = $GLOBALS['lang']['LOGIN_SUCCESS'];
$return['data'] = $result['msg'];
$return['jump'] = $jump_url;
ajax_return($return);
} else {
$GLOBALS['tmpl']->assign('integrate_result', $result['msg']);
showSuccess($GLOBALS['lang']['LOGIN_SUCCESS'], $ajax, $jump_url);
}
}
} else {
if ($result['data'] == ACCOUNT_NO_EXIST_ERROR) {
$err = $GLOBALS['lang']['USER_NOT_EXIST'];
}
if ($result['data'] == ACCOUNT_PASSWORD_ERROR) {
$err = $GLOBALS['lang']['PASSWORD_ERROR'];
}
if ($result['data'] == ACCOUNT_NO_VERIFY_ERROR) {
$err = $GLOBALS['lang']['USER_NOT_VERIFY'];
if (app_conf("MAIL_ON") == 1 && $ajax == 0) {
$GLOBALS['tmpl']->assign("page_title", $err);
$GLOBALS['tmpl']->assign("user_info", $result['user']);
$GLOBALS['tmpl']->display("verify_user.html");
exit;
}
}
showErr($err, $ajax);
}
}
public function do_modify_password()
{
if (empty($_POST['phone'])) {
echo json_encode(array('ret' => '-1'));
} else {
$phone = $_POST['phone'];
$url = get_doubi_host();
$encrypted = convert($_POST['new_pass']);
//hex data to bin data
$pwd = rsa_decrypt($encrypted, RSA_PRIVATE_KEY, RSA_MODULUS, RSA_KEY_LENGTH);
$php_rsa_pub_key = get_php_rsa_public_key();
openssl_public_encrypt($phone . "_" . md5($pwd), $sig, $php_rsa_pub_key);
$newsig = base64_encode($sig);
$post = array("action" => "resetpass", "phone" => $phone, 'vrcode' => $_POST['msg'], 'newsig' => $newsig);
$response = json_decode(sentSigPost($url, $post), true);
switch ($response['ret']) {
case '0':
showSuccess($GLOBALS['lang']['PASSWORD_MODIFY_SUCCESS'], 0, url("biz", "profile#password"));
break;
default:
$err_msg = get_msg_with_ret($response['ret']);
showErr($err_msg, 0, url("shop", "user#getpassword"));
}
}
}
<?php
require "rsa.php";
require "BigInteger.php";
$text = "hi man";
$public = 65537;
$modulus = "D192471B8699640F931FE6F4FACC3E990B894F894CEA5BEE0DCBD7A4B76752F7345CF9B5F1271001B724F7A0ABF0A6E911E309536F4BE4749E92DCC531B8E36B95969D206649C9DD2371B413A8DFD9B92569660B1499A5CD310B86A8FDE24988E456897A416D2E7B0B649F0714F322C57EF92563B21A448D1072FF3806C34C75";
$keylength = 1024;
$modulus_16 = new Math_BigInteger($modulus, 16);
$mend = $modulus_16->toString();
echo "now we are going to eccrypt ' {$text} '\n";
$encrypted = rsa_encrypt($text, $public, $mend, $keylength);
echo bin2hex($encrypted);
echo "\n";
echo "now wo are going to decrypt it";
$decrypted = rsa_decrypt();
