Day 0x6 - Message 解密

0x1 前言

今天因为时间不是很够，所以很快地介绍 Message 解密的部分

0x2 Message 解密

• 因为 AES 是对称性加密，所以能被还原。
• 加密时运用到的有两个东西，分别为 Hash Id 以及 IV，而昨天有看到同为挑战此次的铁人赛的文章，里面有提到这里用的填充方式是 PKCS7 标准，所以只要读讯息的最後一位，就能知道要移除多少被填充的字元

https://ithelp.ithome.com.tw/articles/10263469

• 流程如下
  1. 取得 Nonce : 会在回覆内文附上
  2. 计算 Hash Id : 这里跟第 4 天的计算方式一样，银行提供的 4 把 key 来做 XOR 运算
  3. 计算 IV : 根据第一步的 Nonce 来计算
  4. 解密内文

范例提供的回覆内容

{
    "Version": "1.0.0",
    "ShopNo": "BA0026_001",
    "APIService": "OrderCreate",
    "Sign": "24CBD10DC8752BF5AEB55EC930F1D57638312D2BD1A7E3EBF0E45DA78721CF04",
    "Nonce": "NjM2NjA0MzI4ODU1MDcuMzo1MzE5ZWIwNGZjNzZlZGJhOGM5M2U1YTM0Nzk2MGM5NThhZjJiMTFiYjNiYmZmNjk1ZGMzYTFlMTEyMDA0MGU2",
    "Message": "8C3CFD579B58FDAC6C1DF8C8EB8B79F49DD533F8D8C5DC181074397D21E7364E26D347DF264C76A59886DEA58F742C068BB66D6918791797B4DC31245E8E621F3791938F0A716AC20BFDC50A268CF9FDAF01149B73F8E5A2D61928AB79E30CA35C7DD55698010FEC071C2628444348C7B628ED4DCEE281234C31617B5441A3C64466A824BC8907A2D8571F58C4F780EBBB5D6DD98631A867A807718FDD34833FFB2C72F2731D715A35F1BA145C8D1E656136623FFD60EFDAAB87EF1674EA1BD19868DCBC6552D48D9728AB020E75AA6E7804FB9D7FB4AA7E92F89DFFCFA9D263EE9B043AA7A8DB22ECA894F8D5621BF8E6DF5B250CCA9D1C499EF8896B64617FD9FCF142665EA3A660DC6B7296CFE03C80B6FC96CA5B805ADEE4AF9784FF1A6886FCE42C7FA4575FFF4D3AD302B583D08346DD4F876A7BF2B60D514CA021F62293E960458BF886C6CB746A6EEE0EBB3916EE6B861B32D75CE93F8988215D76DEFEE72F4429B2ED48A5AB8FF04683B409FF8072EB1C5E5162EDC625557328F506520AE3DBD2C19F6327AA97911BF2789373CE4DBBB6EC52A2EB9263ADAB1767B4FC7646440BA34E3716BC25E81A86FE5EF432E0C8D40A5BC25EDE8E2D1CC56A2C"
}

节省时间，直接参考范例程序，加密反向操作

function DecryptAesCBC($data, $key, $iv) {
    $result = '';

    $encrypt = hex2bin($data);

    $decrypt = openssl_decrypt($encrypt, 'AES-256-CBC', $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv);

    $padding = ord($decrypt[strlen($decrypt) - 1]);
    $result = substr($decrypt, 0, -$padding);

    return $result;
}

搭配自己前两天写的函数

$responce = WebApi($nonce_url, ['ShopNo' => "BA0026_001"]);
$hash_id = calcHashID($a1, $a2, $b1, $b2);
$iv = calcurateIv($responce['Nonce']);

$message = DecryptAesCBC($responce['Message'], $hash_id, $iv);
$reply = json_decode($message, true);
/* result: [
    "OrderNo" => "A201804270001",
    "ShopNo" => "BA0026_001",
    "TSNo" => "BA002600000037",
    "PayType" => "A",
    "Amount" => 50000,
    "Status" => "S",
    "Description" => "S0000 – 处理成功",
    "ATMParam" => [
    "AtmPayNo" => "99922511001200",
    "WebAtmURL" => "http://10.11.34.58:7101/QPay.WebPaySite/Bridge/PayWebATM?TD=BA002600000037&TK=6fecec25-daae-4b5b-b45e-80bc9ee6f7ed",
    "OtpURL" => "http://10.11.34.58:7101/QPay.WebPaySite/Bridge/PayOTP?TD=BA002600000037&TK=6fecec25-daae-4b5b-b45e-80bc9ee6f7ed",
    ],
]
*/

0x3 今日小结

今天突然挤一堆事情进来，没想到要连续发文真的很困难，才第六天就想放弃了

明天会先针 Laravel 连接资料库的设定，以及资料表的开立
今天就先这样，明天见