什么是这个JS加密代码的PHP等价物?

时间:2015-12-26 03:31:32

标签: javascript php openssl steam phpseclib

我正在尝试使用cURL登录Steam(不是通过API,因为它非常有限),但是我在加密密码时遇到了困难。

登录过程基本上是将用户名发布到https://store.steampowered.com/login/getrsakey

响应如下:

{"success":true,"publickey_mod":"D1CBFEDCE654EB68423E9ED9446622DE7F69A0E02523FD04B0650D79074C802A72ACC5D4BEB0AB709886B5A8B7A2813AF1B4C4A03F5C4439221F189B7039DFBEA2558F59B5B00CC53F4578668EF66C2457A90C7A54C518831CC45EA1AC84269C47E1B93A4AAF263429D789DB17FF149DFDEE7270386EDD5BC53B84A78F9AEAA67B8F137EDEC36ED81ED52EB1DD33EEC4EC01675DC044ED974E95A5054E1A33F163411E2F54063534EAE7B12D4607959AB77F36FCFAA299E81E05FABE911A019A13399413593F47A30821DC63A8B11CF40392139E1FE9DE94BD2344586424ABA4A8F1499F1DBC6F8DD2C8DF12A554F891C5D038388017E45A725A54ED1E43211B","publickey_exp":"010001","timestamp":"104490300000","token_gid":"3b54a605fa590d2"}

然后使用此响应,javascript代码加密密码。

我尝试使用openssl和phpseclib,但没有成功。 Openssl不接受我的密钥和phpseclib我不确定是什么问题。

但是我设法找到了负责这个过程的JS代码:

var pubKey = RSA.getPublicKey( results.publickey_mod, results.publickey_exp );
var username = this.m_strUsernameCanonical;
var password = form.elements['password'].value;
password = password.replace( /[^\x00-\x7F]/g, '' ); // remove non-standard-ASCII characters
var encryptedPassword = RSA.encrypt( password, pubKey );

完整代码:https://steamstore-a.akamaihd.net/public/shared/javascript/login.js

所以我的最后一个问题是:我怎样才能以最简单的方式在PHP中做到这一点?

1 个答案:

答案 0 :(得分:2)

使用phpseclib v1.0,

<?php
include('Crypt/RSA.php');

$username = 'user';
$password = 'pass';

$ch = curl_init();

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/getrsakey/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
    'donotcache' => time(),
    'username' => $username
));

$result = json_decode(curl_exec($ch));

$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa->loadKey(array(
    'n' => new Math_BigInteger($result->publickey_mod, 16),
    'e' => new Math_BigInteger($result->publickey_exp, 16)
));

$password = base64_encode($rsa->encrypt($password));

curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/dologin/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
    'donotcache' => time(),
    'password' => $password,
    'username' => $username,
    'twofactorcode' => '',
    'emailauth' => '',
    'loginfriendlyname' => '',
    'captchagid' => -1,
    'captcha_text' => '',
    'emailsteamid' => '',
    'rsatimestamp' => $result->timestamp,
    'remember_login' => false
));

$result = json_decode(curl_exec($ch));
var_dump($result);