易班輕應用框架服務通過get方式在易班客戶端webview或瀏覽器重定向加載應用實際地址,以提供給應用用戶授權狀態和基本信息數據, 請避免應用實際地址使用自帶get參數。加密字符串使用了AES-128-CBC對稱加密算法,其中應用的AppSecret為解密的密鑰,AppID為向量。 原32字符長度appID應用依舊采用AES-256-CBC對稱加密算法。
使用CryptoJS進行解密,CryptoJS解密base64格式的密文,返回的verify_request為16進制格式的,所以要將16進制轉為base64格式,加密方法為AES-128-CBC,填充ZeroPadding
function decrypted(data) {
var padding = '0000000000000000000';
var temp_key = AppSecret;
var temp_iv =AppID;
var key = CryptoJS.enc.Latin1.parse(temp_key.substring(0, 32));
var iv = CryptoJS.enc.Latin1.parse(temp_iv.substring(0, 16));
var decrypted = CryptoJS.AES.decrypt(sha1_to_base64(data), key, { iv: iv, padding: CryptoJS.pad.ZeroPadding });
var decodeData = decrypted.toString(CryptoJS.enc.Utf8);
return JSON.parse(decodeData);
}
function sha1_to_base64(sha1) {
var digits = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var base64_rep = "";
var cnt = 0;
var bit_arr = 0;
var bit_num = 0;
for (var n = 0; n < sha1.length; ++n) {
if (sha1[n] >= 'A' && sha1[n] <= 'Z') {
ascv = sha1.charCodeAt(n) - 55;
}
else if (sha1[n] >= 'a' && sha1[n] <= 'z') {
ascv = sha1.charCodeAt(n) - 87;
}
else {
ascv = sha1.charCodeAt(n) - 48;
}
bit_arr = (bit_arr << 4) | ascv;
bit_num += 4;
if (bit_num >= 6) {
bit_num -= 6;
base64_rep += digits[bit_arr >>> bit_num];
bit_arr &= ~(-1 << bit_num);
}
}
if (bit_num > 0) {
bit_arr <<= 6 - bit_num;
base64_rep += digits[bit_arr];
}
var padding = base64_rep.length % 4;
if (padding > 0) {
for (var n = 0; n < 4 - padding; ++n) {
base64_rep += "=";
}
}
return base64_rep;
}
完整代碼
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
<script src="crypto-js-develop/src/core.js"></script>
<script src="crypto-js-develop/src/lib-typedarrays.js"></script>
<script src="crypto-js-develop/src/x64-core.js"></script>
<script src="crypto-js-develop/src/enc-utf16.js"></script>
<script src="crypto-js-develop/src/enc-base64.js"></script>
<script src="crypto-js-develop/src/cipher-core.js"></script>
<script src="crypto-js-develop/src/pad-zeropadding.js"></script>
<script src="crypto-js-develop/src/aes.js"></script>
<script src="js/jquery.min.js">s</script>
</head>
<body>
<h1>hello</h1>
<script>
var AppSecret = '916501e0cdd6f328037951782b9198e6';
var AppID = 'd1b0b42e31d73e87';
var url = 'http://f.yiban.cn/iapp596252';
var data = getQueryVariable("verify_request");
data = "54fd38e93dcc0aeb9cf08ecb8eec6d8667db09e94450afc49e0b456c0b72602731ec3aebef83652031e624251f888170c31036d68eeee54dc82afb2ae7befd4f540a4c8126afb6f8a56fd30a8efe13b7";
var res = decrypted(data);
console.log(res);
document.write(JSON.stringify(res))
// if (!res['visit_oauth']) {
// //跳轉授權
// window.location.href = "https://oauth.yiban.cn/code/html?client_id="+AppID+"&redirect_uri="+url;
// } else {
// document.write("<br>access_token:")
// document.write(res['visit_oauth']['access_token']);
// var access_token = res['visit_oauth']['access_token'];
// $.get("/api/user/me?access_token=" + access_token, function (data, status) {
// alert("Data: " + data + "nStatus: " + status);
// });
// }
function getQueryVariable(variable) {
var query = window.location.search.substring(1);
var vars = query.split("&");
for (var i = 0; i < vars.length; i++) {
var pair = vars[i].split("=");
if (pair[0] == variable) { return pair[1]; }
}
return (false);
}
function decrypted(data) {
var padding = '0000000000000000000';
var temp_key = AppSecret;
var temp_iv =AppID;
var key = CryptoJS.enc.Latin1.parse(temp_key.substring(0, 32));
var iv = CryptoJS.enc.Latin1.parse(temp_iv.substring(0, 16));
var decrypted = CryptoJS.AES.decrypt(sha1_to_base64(data), key, { iv: iv, padding: CryptoJS.pad.ZeroPadding });
var decodeData = decrypted.toString(CryptoJS.enc.Utf8);
return JSON.parse(decodeData);
}
function sha1_to_base64(sha1) {
var digits = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var base64_rep = "";
var cnt = 0;
var bit_arr = 0;
var bit_num = 0;
for (var n = 0; n < sha1.length; ++n) {
if (sha1[n] >= 'A' && sha1[n] <= 'Z') {
ascv = sha1.charCodeAt(n) - 55;
}
else if (sha1[n] >= 'a' && sha1[n] <= 'z') {
ascv = sha1.charCodeAt(n) - 87;
}
else {
ascv = sha1.charCodeAt(n) - 48;
}
bit_arr = (bit_arr << 4) | ascv;
bit_num += 4;
if (bit_num >= 6) {
bit_num -= 6;
base64_rep += digits[bit_arr >>> bit_num];
bit_arr &= ~(-1 << bit_num);
}
}
if (bit_num > 0) {
bit_arr <<= 6 - bit_num;
base64_rep += digits[bit_arr];
}
var padding = base64_rep.length % 4;
if (padding > 0) {
for (var n = 0; n < 4 - padding; ++n) {
base64_rep += "=";
}
}
return base64_rep;
}
</script>
</body>
</html>
參考
JS:十六進制字符串轉為base64
https://blog.csdn.net/herongoal/article/details/81137895
ase在線解密
http://ctf.ssleye.com/caes.html
CryptoJS