WeChat applet user data decryption (favorites)

This article mainly introduces the detailed information about user data decryption of applets. For more information, see this article, for more information, see

Applet user data decryption

Official Guide:

OnLoad: function (options) {// The parameter let that = this wx brought about by page initialization options for page navigation. login ({success: function (res) {// success let code = res. code that. setData ({code: code}) wx. getUserInfo ({success: function (res) {// success that. setData ({userInfo: res. userInfo}) that. setData ({iv: res. iv}) that. setData ({encryptedData: res. encryptedData}) that. get3rdSession ()}})}})}

2. send the code to a third-party server to obtain the 3rd_session

Get3rdSession: function () {let that = this wx. request ({url: 'https: // localhost: 8443/get3rdSession ', data: {code: this. data. code}, method: 'GET', // OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT // header :{}, // Set the request header success: function (res) {// success var sessionId = res. data. session; that. setData ({sessionId: sessionId}) wx. setStorageSync ('sessionid', sessionId) that. decodeUserInfo ()}})}

3. send appid, appsecret, and code to the server on a third-party server in exchange for session_key and openid

The JFinal server is used here.

Redis configuration

Public void configPlugin (Plugins me) {// redis service RedisPlugin userInfoRedis = new RedisPlugin ("userinfo", "localhost"); me. add (userInfoRedis );}

Obtain a third-party session

Public void get3rdSession () {// Get the Redis Cache object Cache userInfoCache = Redis named userInfo. use ("userInfo"); String sessionId = ""; JSONObject json = new JSONObject (); String code = getPara ("code"); String url =" https://api.weixin.qq.com/sns/jscode2session?appid=wx7560b8008e2c445d&secret=f1af3312b7038513fd17dd9cbc3b357c&js_code= "+ Code +" & grant_type = authorization_code "; // execute the command to generate 3rd_session String session = ExecLinuxCMDUtil.instance.exe c ("cat/dev/urandom | od-x | tr-d'' | head-n 1 "). toString (); json. put ("session", session); // create the default httpClient instance CloseableHttpClient httpClient = getHttpClient (); try {// use the get method to send the http request HttpGet = new HttpGet (url); System. out. println ("execute get request :.... "+ get. getURI (); CloseableHttpRespons E httpResponse = null; // send the get request httpResponse = httpClient.exe cute (get); try {// response entity HttpEntity entity = httpResponse. getEntity (); if (null! = Entity) {String result = EntityUtils. toString (entity); System. out. println (result); JSONObject resultJson = JSONObject. fromObject (result); String session_key = resultJson. getString ("session_key"); String openid = resultJson. getString ("openid"); // session stores userInfoCache. set (session, session_key + "," + openid) ;}} finally {httpResponse. close () ;}} catch (Exception e) {e. printStackTrace ();} finall Y {try {closeHttpClient (httpClient);} catch (IOException e) {e. printStackTrace () ;}} renderJson (json);} private CloseableHttpClient getHttpClient () {return HttpClients. createDefault ();} private void closeHttpClient (CloseableHttpClient client) throws IOException {if (client! = Null) {client. close ();}}

ExecLinuxCMDUtil. Java

Import java. io. InputStreamReader; import java. io. LineNumberReader;/*** java runs the linux command in the linux environment and then returns the return value of the command. * Created by LJaer on 16/12/22. */public class ExecLinuxCMDUtil {public static final ExecLinuxCMDUtil instance = new ExecLinuxCMDUtil (); public static Object exec (String cmd) {try {String [] cmdA = {"/bin/sh", "-c", cmd}; Process process = runtime.getruntime(cmd.exe c (cmdA ); lineNumberReader br = new LineNumberReader (new InputStreamReader (process. getInputStream (); StringBuffer sb = new StringB Uffer (); String line; while (line = br. readLine ())! = Null) {System. out. println (line); sb. append (line ). append ("\ n");} return sb. toString ();} catch (Exception e) {e. printStackTrace ();} return null ;}}

4. decrypt user data

DecodeUserInfo: function () {let that = this wx. request ({url: 'https: // localhost: 8443/decodeuserinfo', data: {encryptedData: that. data. encryptedData, iv: that. data. iv, session: wx. getStorageSync ('sessionid')}, method: 'GET', // OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT // header :{}, // Set the request header success: function (res) {// success console. log (res )}})}

Console output result:

/*** Decrypt sensitive user data */public void decodeUserInfo () {String encryptedData = getPara ("encryptedData"); String iv = getPara ("iv "); string session = getPara ("session"); // Obtain session_key from the Cache // Obtain the Redis Cache object Cache userInfoRedis = Redis named userInfo. use ("userInfo"); Object wxSessionObj = userInfoRedis. get (session); if (null = wxSessionObj) {renderNull ();} String wxSessionStr = (String) wxSessionObj; String sessi On_key = wxSessionStr. split (",") [0]; try {byte [] resultByte = AESUtil. instance. decrypt (Base64.decodeBase64 (encryptedData), Base64.decodeBase64 (session_key), Base64.decodeBase64 (iv); if (null! = ResultByte & resultByte. length> 0) {String userInfo = new String (resultByte, "UTF-8"); System. out. println (userInfo); JSONObject json = JSONObject. fromObject (userInfo); // convert the string {"id": 1} renderJson (json) ;}} catch (InvalidAlgorithmParameterException e) {e. printStackTrace ();} catch (UnsupportedEncodingException e) {e. printStackTrace ();}}

AESUtil. java

Import org. bouncycastle. jce. provider. bouncyCastleProvider; import javax. crypto. badPaddingException; import javax. crypto. cipher; import javax. crypto. illegalBlockSizeException; import javax. crypto. noSuchPaddingException; import javax. crypto. spec. ivParameterSpec; import javax. crypto. spec. secretKeySpec; import java. security. *; public class AESUtil {public static final AESUtil instance = new AESUtil (); public static boolean initialized = false; /*** AES decryption * @ param content ciphertext * @ return * @ throws InvalidAlgorithmParameterException * @ throws NoSuchProviderException */public byte [] decrypt (byte [] content, byte [] keyByte, byte [] ivByte) throws InvalidAlgorithmParameterException {initialize (); try {Cipher cipher = Cipher. getInstance ("AES/CBC/PKCS7Padding"); Key sKeySpec = new SecretKeySpec (keyByte, "AES"); cipher. init (Cipher. DECRYPT_MODE, sKeySpec, generateIV (ivByte); // initialize byte [] result = cipher. doFinal (content); return result;} catch (NoSuchAlgorithmException e) {e. printStackTrace ();} catch (NoSuchPaddingException e) {e. printStackTrace ();} catch (InvalidKeyException e) {e. printStackTrace ();} catch (IllegalBlockSizeException e) {e. printStackTrace ();} catch (BadPaddingException e) {e. printStackTrace ();} catch (NoSuchProviderException e) {// TODO Auto-generated catch block e. printStackTrace ();} catch (Exception e) {// TODO Auto-generated catch block e. printStackTrace ();} return null;} public static void initialize () {if (initialized) return; Security. addProvider (new BouncyCastleProvider (); initialized = true;} // Generate iv public static AlgorithmParameters generateIV (byte [] iv) throws Exception {AlgorithmParameters params = AlgorithmParameters. getInstance ("AES"); params. init (new IvParameterSpec (iv); return params ;}}

Thank you for reading this article. I hope it will help you. thank you for your support for this site!

The above is the detailed content of user data decryption (favorites) for small programs. For more information, see other related articles in the first PHP community!