thinkphp WeChat development: safe mode message encryption and decryption, thinkphp decryption

Table of Contents

Home

Backend Development

PHP Tutorial

thinkphp WeChat development: safe mode message encryption and decryption, thinkphp decryption_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 12, 2016 am 09:03 AM

thinkphp use add Safety develop WeChat model information Decrypt

thinkphp WeChat development: safe mode message encryption and decryption, thinkphp decryption

Using thinkphp’s official WeChat package, different modes can be used successfully, but the safe mode does not work. Now Record the analysis and solution results.

Analysis of the problem:

Decrypting WeChat server messages is always unsuccessful. Download the official decrypted file provided by the WeChat public platform and compare it with WechatCrypt.class.php and find that there is no problem. Use the file_put_contents function to save the decrypted file for analysis. It was found that the xml decrypted by the official package is not in the standard xml format, so the simplexml_load_string function cannot handle it.

<span>/*</span><span>*
     * 对密文进行解密
     * @param  string $encrypt 密文
     * @return string          明文
     </span><span>*/</span>
    <span>public</span> <span>function</span> decrypt(<span>$encrypt</span><span>){
        </span><span>//</span><span>BASE64解码</span>
        <span>$encrypt</span> = <span>base64_decode</span>(<span>$encrypt</span><span>);

        </span><span>//</span><span>打开加密算法模块</span>
        <span>$td</span> = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''<span>);

        </span><span>//</span><span>初始化加密算法模块</span>
        mcrypt_generic_init(<span>$td</span>, <span>$this</span>->cyptKey, <span>substr</span>(<span>$this</span>->cyptKey, 0, 16<span>));

        </span><span>//</span><span>执行解密</span>
        <span>$decrypt</span> = mdecrypt_generic(<span>$td</span>, <span>$encrypt</span><span>);
       
        </span><span>//</span><span>去除PKCS7补位</span>
        <span>$decrypt</span> = self::PKCS7Decode(<span>$decrypt</span>, mcrypt_enc_get_key_size(<span>$td</span><span>));

        </span><span>//</span><span>关闭加密算法模块</span>
        mcrypt_generic_deinit(<span>$td</span><span>);
        mcrypt_module_close(</span><span>$td</span><span>);

        </span><span>if</span>(<span>strlen</span>(<span>$decrypt</span>) < 16<span>){
            </span><span>throw</span> <span>new</span> \<span>Exception</span>("非法密文字符串！"<span>);
        }

        </span><span>//</span><span>去除随机字符串</span>
        <span>$decrypt</span> = <span>substr</span>(<span>$decrypt</span>, 16<span>);

        </span><span>//</span><span>获取网络字节序</span>
        <span>$size</span> = <span>unpack</span>("N", <span>substr</span>(<span>$decrypt</span>, 0, 4<span>));
        </span><span>$size</span> = <span>$size</span>[1<span>];

        </span><span>//</span><span>APP_ID</span>
        <span>$appid</span> = <span>substr</span>(<span>$decrypt</span>, <span>$size</span> + 4<span>);

        </span><span>//</span><span>验证APP_ID</span>
        <span>if</span>(<span>$appid</span> !== <span>$this</span>-><span>appId){
            </span><span>throw</span> <span>new</span> \<span>Exception</span>("非法APP_ID！"<span>);
        }
        
        </span><span>//</span><span>明文内容</span>
        <span>$text</span> = <span>substr</span>(<span>$decrypt</span>, 4, <span>$size</span><span>);
        </span><span>return</span> <span>$text</span><span>;
    }

    </span><span>/*</span><span>*
     * PKCS7填充字符
     * @param string  $text 被填充字符
     * @param integer $size Block长度
     </span><span>*/</span>
    <span>private</span> <span>static</span> <span>function</span> PKCS7Encode(<span>$text</span>, <span>$size</span><span>){
        </span><span>//</span><span>字符串长度</span>
        <span>$str_size</span> = <span>strlen</span>(<span>$text</span><span>);

        </span><span>//</span><span>填充长度</span>
        <span>$pad_size</span> = <span>$size</span> - (<span>$str_size</span> % <span>$size</span><span>);
        </span><span>$pad_size</span> = <span>$pad_size</span> ? : <span>$size</span><span>;
        
        </span><span>//</span><span>填充的字符</span>
        <span>$pad_chr</span> = <span>chr</span>(<span>$pad_size</span><span>);

        </span><span>//</span><span>执行填充</span>
        <span>$text</span> = <span>str_pad</span>(<span>$text</span>, <span>$str_size</span> + <span>$pad_size</span>, <span>$pad_chr</span>,<span> STR_PAD_RIGHT);

        </span><span>return</span> <span>$text</span><span>;
    }

    </span><span>/*</span><span>*
     * 删除PKCS7填充的字符
     * @param string  $text 已填充的字符
     * @param integer $size Block长度
     </span><span>*/</span>
    <span>private</span> <span>static</span> <span>function</span> PKCS7Decode(<span>$text</span>, <span>$size</span><span>){
        </span><span>//</span><span>获取补位字符</span>
        <span>$pad_str</span> = <span>ord</span>(<span>substr</span>(<span>$text</span>, -1<span>));

        </span><span>if</span> (<span>$pad_str</span> < 1 || <span>$pad_str</span> > <span>$size</span><span>) {
            </span><span>$pad_str</span>= 0<span>;
        } 
            </span><span>return</span> <span>substr</span>(<span>$text</span>, 0, <span>strlen</span>(<span>$text</span>) - <span>$pad_str</span><span>);
        
    }</span>

Copy after login

Solution:

The output xml file is like this

<span>1</span> <span><</span><span>xml</span><span>></span>
<span>2</span> <span><</span><span>ToUserName</span><span>></span><span><![CDATA[</span><span>gh_249aeb986d99</span><span>]]></span><span><</span><span>\/ToUserName</span><span>></span><span>\n
</span><span>3</span> <span><</span><span>FromUserName</span><span>></span><span><![CDATA[</span><span>oopVmxHZaeQkDPsRcbpwXKkH-J2Q</span><span>]]></span><span><</span><span>\/FromUserName</span><span>></span><span>\n
</span><span>4</span> <span><</span><span>CreateTime</span><span>></span>1448944621<span><</span><span>\/CreateTime</span><span>></span><span>\n
</span><span>5</span> <span><</span><span>MsgType</span><span>></span><span><![CDATA[</span><span>text</span><span>]]></span><span><</span><span>\/MsgType</span><span>></span><span>\n
</span><span>6</span> <span><</span><span>Content</span><span>></span><span><![CDATA[</span><span>\u7ecf\u7406</span><span>]]></span><span><</span><span>\/Content</span><span>></span><span>\n
</span><span>7</span> <span><</span><span>MsgId</span><span>></span>6223169761311044588<span><</span><span>\/MsgId</span><span>></span><span>\n
</span><span>8</span> <span><</span><span>\/xml</span><span>></span>

Copy after login

So it needs to be processed in order for simplexml_load_string to process

Add

after the output plain text content

<span>1</span> <span>//明文内容
</span><span>2</span> <span>        $text = substr($decrypt, 4, $size);
</span><span>3</span> <span>//去掉多余的内容
</span><span>4</span>         $text=str_replace('<span><</span><span>\/','</', $text</span><span>);      
</span><span>5</span> <span>        $text</span><span>=str_replace('>\n','>', </span><span>$text);
</span><span>6</span> <span>        return $text;</span>

Copy after login

Safe mode can be used normally.

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Repo: How To Revive Teammates

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

3 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7323

Java Tutorial

1625

CakePHP Tutorial

1350

Laravel Tutorial

1262

PHP Tutorial

1209

Related knowledge

There are rumors that 'iPhone 16 may not support WeChat', and Apple's technical consultant in China said that it is communicating with Tencent about app store commissions Sep 02, 2024 pm 10:45 PM

Thanks to netizens Qing Qiechensi, HH_KK, Satomi Ishihara and Wu Yanzu of South China for submitting clues! According to news on September 2, there are recent rumors that "iPhone 16 may not support WeChat." In response to this, a reporter from Shell Finance called Apple's official hotline. Apple's technical consultant in China responded that whether iOS systems or Apple devices can continue to use WeChat, and WeChat The issue of whether it can continue to be listed and downloaded on the Apple App Store requires communication and discussion between Apple and Tencent to determine the future situation. Software App Store and WeChat Problem Description Software App Store technical consultant pointed out that developers may need to pay fees to put software on the Apple Store. After reaching a certain number of downloads, Apple will need to pay corresponding fees for subsequent downloads. Apple is actively communicating with Tencent,

deepseek image generation tutorial Feb 19, 2025 pm 04:15 PM

DeepSeek: A powerful AI image generation tool! DeepSeek itself is not an image generation tool, but its powerful core technology provides underlying support for many AI painting tools. Want to know how to use DeepSeek to generate images indirectly? Please continue reading! Generate images with DeepSeek-based AI tools: The following steps will guide you to use these tools: Launch the AI Painting Tool: Search and open a DeepSeek-based AI Painting Tool (for example, search "Simple AI"). Select the drawing mode: select "AI Drawing" or similar function, and select the image type according to your needs, such as "Anime Avatar", "Landscape"

People familiar with the matter responded that 'WeChat may not support Apple iPhone 16': Rumors are rumors Sep 02, 2024 pm 10:43 PM

Rumors of WeChat supporting iPhone 16 were debunked. Thanks to netizens Xi Chuang Jiu Shi and HH_KK for submitting clues! According to news on September 2, there are rumors today that WeChat may not support iPhone 16. Once the iPhone is upgraded to the iOS 18.2 system, it will not be able to use WeChat. According to "Daily Economic News", it was learned from people familiar with the matter that this rumor is a rumor. Apple's response: According to Shell Finance, Apple's technical consultant in China responded that the issue of whether WeChat can continue to be used on iOS systems or Apple devices, and whether WeChat can continue to be listed and downloaded in the Apple App Store, needs to be resolved between Apple and Tencent. Only through communication and discussion can we determine the future situation. Currently, Apple is actively communicating with Tencent to confirm whether Tencent will continue to

gateio Chinese official website gate.io trading platform website Feb 21, 2025 pm 03:06 PM

Gate.io, a leading cryptocurrency trading platform founded in 2013, provides Chinese users with a complete official Chinese website. The website provides a wide range of services, including spot trading, futures trading and lending, and provides special features such as Chinese interface, rich resources and community support.

Download the top ten trading digital currency apps in the currency circle. The latest rankings of the four trading apps in the currency circle. Feb 20, 2025 pm 06:15 PM

The top ten trading digital currency apps in the currency circle: Binance, OKX, Gate.io, Bitget, Huobi, Bybit, KuCoin, MEXC, Poloniex, BitMart. Among them, the four major trading apps in the currency circle are: Binance, OKX, Gate.io, and Bitget, which provide a wide range of cryptocurrency options, low transaction fees, a powerful trading platform and advanced trading functions.

What are the top ten exchange apps for digital currency? Ranking of the top ten exchange apps in the currency circle Feb 20, 2025 pm 02:03 PM

This article summarizes the top ten leading exchange applications in the currency circle and highlights their advantages and features. These exchanges include Binance, Huobi, OKX, Binance USA, Coinbase, Kraken, Bitfinex, KuCoin, Gate.io and Crypto.com. They offer a wide range of trading pairs, trading tools and security features that cater to different investors.

gateio exchange app old version gateio exchange app old version download channel Mar 04, 2025 pm 11:36 PM

Gateio Exchange app download channels for old versions, covering official, third-party application markets, forum communities and other channels. It also provides download precautions to help you easily obtain old versions and solve the problems of discomfort in using new versions or device compatibility.

Sesame Open Door Login Registration Entrance gate.io Exchange Registration Official Website Entrance Mar 04, 2025 pm 04:51 PM

Gate.io (Sesame Open Door) is the world's leading cryptocurrency trading platform. This article provides a complete tutorial on spot trading of Gate.io. The tutorial covers steps such as account registration and login, KYC certification, fiat currency and digital currency recharge, trading pair selection, limit/market transaction orders, and orders and transaction records viewing, helping you quickly get started on the Gate.io platform for cryptocurrency trading. Whether a beginner or a veteran, you can benefit from this tutorial and easily master the Gate.io trading skills.

See all articles