Ad
What Is The PHP Equivalent Of This JS Encrypter Code?
I am trying to log in to Steam (not via the API as it's very limited) with cURL, however I got stuck at encrypting the password.
Basically the process of logging in is posting a username to https://store.steampowered.com/login/getrsakey
The response looks like this:
{"success":true,"publickey_mod":"D1CBFEDCE654EB68423E9ED9446622DE7F69A0E02523FD04B0650D79074C802A72ACC5D4BEB0AB709886B5A8B7A2813AF1B4C4A03F5C4439221F189B7039DFBEA2558F59B5B00CC53F4578668EF66C2457A90C7A54C518831CC45EA1AC84269C47E1B93A4AAF263429D789DB17FF149DFDEE7270386EDD5BC53B84A78F9AEAA67B8F137EDEC36ED81ED52EB1DD33EEC4EC01675DC044ED974E95A5054E1A33F163411E2F54063534EAE7B12D4607959AB77F36FCFAA299E81E05FABE911A019A13399413593F47A30821DC63A8B11CF40392139E1FE9DE94BD2344586424ABA4A8F1499F1DBC6F8DD2C8DF12A554F891C5D038388017E45A725A54ED1E43211B","publickey_exp":"010001","timestamp":"104490300000","token_gid":"3b54a605fa590d2"}
Then using this response, the javascript code encrypts the password.
I tried to use openssl and phpseclib, but no success. Openssl does not accept my key and with phpseclib I'm not sure what's the problem.
However I managed to find the JS code that takes care of this process:
var pubKey = RSA.getPublicKey( results.publickey_mod, results.publickey_exp );
var username = this.m_strUsernameCanonical;
var password = form.elements['password'].value;
password = password.replace( /[^\x00-\x7F]/g, '' ); // remove non-standard-ASCII characters
var encryptedPassword = RSA.encrypt( password, pubKey );
full code: https://steamstore-a.akamaihd.net/public/shared/javascript/login.js
So my final question is: How could I do this in PHP in the simpliest way?
Ad
Answer
Using phpseclib v1.0,
<?php
include('Crypt/RSA.php');
$username = 'user';
$password = 'pass';
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/getrsakey/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'donotcache' => time(),
'username' => $username
));
$result = json_decode(curl_exec($ch));
$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa->loadKey(array(
'n' => new Math_BigInteger($result->publickey_mod, 16),
'e' => new Math_BigInteger($result->publickey_exp, 16)
));
$password = base64_encode($rsa->encrypt($password));
curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/dologin/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'donotcache' => time(),
'passworopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'donotcache' => time(),
'password' => $password,
'username' => $username,
'twofactorcode' => '',
'emailauth' => '',
'loginfriendlyname' => '',
'captchagid' => -1,
'captcha_text' => '',
'emailsteamid' => '',
'rsatimestamp' => $result->timestamp,
'remember_login' => false
));
$result = json_decode(curl_exec($ch));
var_dump($result);
Ad
source: stackoverflow.com
Related Questions
- → How to update data attribute on Ajax complete
- → October CMS - Radio Button Ajax Click Twice in a Row Causes Content to disappear
- → Octobercms Component Unique id (Twig & Javascript)
- → Passing a JS var from AJAX response to Twig
- → Laravel {!! Form::open() !!} doesn't work within AngularJS
- → DropzoneJS & Laravel - Output form validation errors
- → Import statement and Babel
- → Uncaught TypeError: Cannot read property '__SECRET_DOM_DO_NOT_USE_OR_YOU_WILL_BE_FIRED' of undefined
- → React-router: Passing props to children
- → ListView.DataSource looping data for React Native
- → Can't test submit handler in React component
- → React + Flux - How to avoid global variable
- → Webpack, React & Babel, not rendering DOM
Ad