V
V
Vanik Khachatryan2018-05-19 00:52:05
PHP
Vanik Khachatryan, 2018-05-19 00:52:05

What's wrong with the RSA encoding of the password?

public function postCheckValidAuth() {
        $username = $this->request->getContent['login'];
        $password = $this->request->getContent['password'];

        
        $url = 'https://store.steampowered.com/login/getrsakey/';
        $data = ['username' => $username, 'password' => $password];
        
        $result = $this->post($url, $data);
        $result = json_decode($result);
        
        $rsa = new RSA();
        $key = [
            'modulus'        => new BigInteger($result->publickey_mod, 16),
      'publicExponent' => new BigInteger($result->publickey_exp, 16)
        ];
        
        $rsa->loadKey($key, RSA::PUBLIC_FORMAT_RAW);
        $password = base64_encode($rsa->encrypt($password, false));
        $captchaGid = -1;
        $captchaText = '';
        $emailAuth = '';
        $emailSteamId = '';

        $data = [
            'username' => $username,
            'password' => $password,
            'rsatimestamp' => $result->timestamp,
            'captcha_gid' => $captchaGid,
            'captcha_text' => $captchaText,
            'emailauth' => $emailAuth,
            'emailsteamid' => $emailSteamId
        ];
        
        $url = 'https://store.steampowered.com/login/dologin/';
        
        $result = $this->post($url, $data);
        $result= json_decode($result);
        
        $this->response->setJsonContent($result)->send();
    }
    
    private function post($url, $data) {
        $curl_handle=curl_init();
        curl_setopt($curl_handle, CURLOPT_URL, $url);
        curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 3);
        curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($curl_handle, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36');
        curl_setopt($curl_handle, CURLOPT_POST, 1);
    curl_setopt($curl_handle, CURLOPT_POSTFIELDS, http_build_query($data));
        $query = curl_exec($curl_handle);
        curl_close($curl_handle);

        return $query;
    }

What is wrong with password encoding?
Constantly gives out that the password is not correct, although it is 100% correct.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
Alino4ka, 2018-05-23
@VaniXac

$rsa = new RSA();
$key = [
      'modulus'        => new BigInteger($result->publickey_mod, 16),
      'publicExponent' => new BigInteger($result->publickey_exp, 16)
        ];
$rsa->loadKey($key, RSA::PUBLIC_FORMAT_RAW);
$rsa->setPublicKey($key);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$password = base64_encode($rsa->encrypt($password));

L
l1l1l1, 2018-05-19
@l1l1l1

$password = base64_encode($rsa->encrypt($password, false));

Your main mistake, RSA has an automatic encryption method in Base64, otherwise how you generate - the base will be decrypted

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question