thinkphp WeChat Development: Safe Mode message plus decryption, thinkphp decryption _php Tutorial

thinkphp Development: Safe Mode message encryption and decryption, thinkphp decryption

The use of Thinkphp official WeChat package, the use of different modes can be successful, but the safe mode is not, now will analyze the results of the record.

Tright

Analyze the problem:

Decryption Server message is always unsuccessful, download the public platform under the official given the decryption files and WechatCrypt.class.php to compare the discovery also no problem. Use the File_put_contents function to save the decrypted file for analysis. found that the official package decrypted XML is not a standard XML format, so the simplexml_load_string function cannot be processed.

/** Decrypt Ciphertext * @param string $encrypt ciphertext * @return string plaintext*/     Public functionDecrypt$encrypt){        //BASE64 decoding        $encrypt=Base64_decode($encrypt); //Open the cryptographic algorithm module        $TD= Mcrypt_module_open (mcrypt_rijndael_128, ", MCRYPT_MODE_CBC,"); //initializing cryptographic algorithm modulesMcrypt_generic_init ($TD,$this->cyptkey,substr($this->cyptkey, 0, 16)); //Perform decryption        $decrypt= Mdecrypt_generic ($TD,$encrypt); //Remove PKCS7 complement        $decrypt= self::P kcs7decode ($decrypt, Mcrypt_enc_get_key_size ($TD)); //Close the cryptographic algorithm moduleMcrypt_generic_deinit ($TD); Mcrypt_module_close ($TD); if(strlen($decrypt) < 16){            Throw New\Exception("Illegal ciphertext string!") "); }        //Remove Random string        $decrypt=substr($decrypt, 16); //Get network byte order        $size=Unpack("N",substr($decrypt, 0, 4)); $size=$size[1]; //app_id        $appid=substr($decrypt,$size+ 4); //Verify app_id        if($appid!==$this-appId) {            Throw New\Exception("Illegal app_id! "); }                //PlainText Content        $text=substr($decrypt, 4,$size); return $text; }    /** * PKCS7 padding characters * @param string $text filled characters * @param integer $size block length*/    Private Static functionPkcs7encode ($text,$size){        //string Length        $str _size=strlen($text); //Fill Length        $pad _size=$size- ($str _size%$size); $pad _size=$pad _size? :$size; //characters filled in        $pad _CHR=CHR($pad _size); //Perform a fill        $text=Str_pad($text,$str _size+$pad _size,$pad _CHR,str_pad_right); return $text; }    /** * Delete PKCS7 filled characters * @param string $text filled characters * @param integer $size block length*/    Private Static functionPkcs7decode ($text,$size){        //get a complement character        $pad _str=Ord(substr($text,-1)); if($pad _str< 1 | |$pad _str>$size) {            $pad _str= 0; }             return substr($text, 0,strlen($text) -$pad _str); }

Workaround:

The output of the XML file is like this

1 <XML>2 <Tousername> </span> <span>gh_249aeb986d99</span><span><\/tousername>\ n3 <Fromusername> </span> <span>oopvmxhzaeqkdpsrcbpwxkkh-j2q</span><span><\/fromusername>\ n4 <Createtime>1448944621<\/createtime>\ n5 <Msgtype> </span> <span>text</span><span><\/msgtype>\ n6 <Content> </span> <span>\u7ecf\u7406</span><span><\/content>\ n7 <MsgId>6223169761311044588<\/msgid>\ n8 <\/xml>

So it needs to be handled to get simplexml_load_string to handle it.

After the plaintext content of the output, add

1 //Clear text content 2         $text = substr ($decrypt, 4, $size); 3 //Remove extraneous content 4         $text =str_replace ('<\ ', '
  
    );       5         $text$text); 6         return $text; 

Safe mode can be used normally.

http://www.bkjia.com/PHPjc/1077135.html www.bkjia.com true http://www.bkjia.com/PHPjc/1077135.html techarticle thinkphp Development: Security mode message encryption and decryption, thinkphp decryption using thinkphp official WeChat package, using different modes can be successful, but safe mode is not, will now analyze the solution ...

