본문 바로가기
해킹-보안

CryptoJS PHP 암복호화 통신

▲안전제일▲ 2022. 1. 16. 21:37
반응형

클라이언트에서 Cryptojs로 데이터 암호화 후 PHP에서 복호화하는 예제

cryptojs.zip
0.02MB

 

Client JS

<html>
<script src="cryptoJS.js"></script>
<head>
<script>
function encryptFunc(text){
	const encKey = "secret phrase";
	const iv = CryptoJS.enc.Hex.parse("IvData1zqywxz2345");
	let encryptedText = CryptoJS.AES.encrypt(text, encKey, { iv: iv }).toString();
	return encryptedText;
}

	// 서버로 암호화 데이터 전송
	const client = new XMLHttpRequest();
	const uu = 'https://test.com/';
	client.open("POST", "https://test.com/decrypt.php?l="+encryptedText, true);
	client.send();
	
</script>
</head>
<body> </body>
</html>

 

Server PHP

<?php

function evpKDF($password, $salt, $keySize = 8, $ivSize = 4, $iterations = 1, $hashAlgorithm = "md5") {
    $targetKeySize = $keySize + $ivSize;
    $derivedBytes = "";
    $numberOfDerivedWords = 0;
    $block = NULL;
    $hasher = hash_init($hashAlgorithm);
    while ($numberOfDerivedWords < $targetKeySize) {
        if ($block != NULL) {
            hash_update($hasher, $block);
        }
        hash_update($hasher, $password);
        hash_update($hasher, $salt);
        $block = hash_final($hasher, TRUE);
        $hasher = hash_init($hashAlgorithm);
        // Iterations
        for ($i = 1; $i < $iterations; $i++) {
            hash_update($hasher, $block);
            $block = hash_final($hasher, TRUE);
            $hasher = hash_init($hashAlgorithm);
        }
        $derivedBytes .= substr($block, 0, min(strlen($block), ($targetKeySize - $numberOfDerivedWords) * 4));
        $numberOfDerivedWords += strlen($block)/4;
    }
    return array(
        "key" => substr($derivedBytes, 0, $keySize * 4),
        "iv"  => substr($derivedBytes, $keySize * 4, $ivSize * 4)
    );
}

function decrypt($ciphertext, $password) {
    $ciphertext = base64_decode($ciphertext);
    if (substr($ciphertext, 0, 8) != "Salted__") {
        return false;
    }
    $salt = substr($ciphertext, 8, 8);
    $keyAndIV = evpKDF($password, $salt);
    $decryptPassword = openssl_decrypt(
        substr($ciphertext, 16),
        "aes-256-cbc",
        $keyAndIV["key"],
        OPENSSL_RAW_DATA, // base64 was already decoded
        $keyAndIV["iv"]);
    return $decryptPassword;
}

$key  =  "secret phrase";
$strg = $_POST['l'];
$rawText = decrypt($strg, $key);
echo "decrypt: " . $rawText;

?>

 

 

 

 

 

 

 

반응형
저작자표시 비영리 변경금지

'해킹-보안' 카테고리의 다른 글

cs 진단 프로그램 - Echo Mirage  (0) 2022.07.07
fiddler 모바일 핫스팟 통신  (0) 2022.01.17
frida dex 파일 추출  (0) 2022.01.07
IOS 앱 추출 및 바이너리 복호화  (0) 2022.01.07
웹소켓 메시지 수정/전송 (burpsuite, chrome 확장 플러그인)  (2) 2021.12.14

'해킹-보안' Related Articles

티스토리툴바