ihue ihue - 2 months ago 8
PHP Question

Hash MD5 via PHP showing different result than via Unix Terminal

Goal



I tried to make a hash out of my user device mac + URI that they attempt to visit




Tried



I tried in Terminal on my Mac OS by executing

echo -n "00:00:11:22:33:44||http://www.bunlongheng.com" | openssl dgst -md5 -binary | base64 | tr -d "=" | tr "+/" "-_"


I got

QNyia8Q2VvKNJapAAVfXQw





I tried it in php

$client_mac = Session::get('client_mac');
$original_uri = Session::get('original_uri');
$clean_uri = urldecode($original_uri);
$cmd = 'echo -n "'.$client_mac.'||'.$clean_uri.'" | openssl dgst -md5 -binary | base64 | tr -d "=" | tr "+/" "-_"';

//cmd = echo -n "00:00:11:22:33:44||http://www.bunlongheng.com" | openssl dgst -md5 -binary | base64 | tr -d "=" | tr "+/" "-_"

$clean_url_hash = exec($cmd);
//$clean_url_hash = t7Xnq9ClfRWciqFAYXbu7g


I've tried
exec()
and
shell_exec()
- same result.

I got

t7Xnq9ClfRWciqFAYXbu7g





Result



Terminal


QNyia8Q2VvKNJapAAVfXQw


PHP


t7Xnq9ClfRWciqFAYXbu7g





Why is that ? Any ideas, anyone ?




More details






Detail PHP function

public function forward(){

$cp_host = env('CAPTIVE_PORTAL_HOST');
$client_mac = Session::get('client_mac');
$original_uri = Session::get('original_uri');
$clean_uri = urldecode($original_uri);

$cmd = 'echo -n "'.$client_mac.'||'.$clean_uri.'" | openssl dgst -md5 -binary | base64 | tr -d "=" | tr "+/" "-_"';

$clean_url_hash = exec($cmd);

//dd($clean_url_hash); <--- I got t7Xnq9ClfRWciqFAYXbu7g
//dd(get_defined_vars());

Session::put('c_'.$clean_url_hash,$original_uri);
Session::put('clean_url_hash',$clean_url_hash);
return Redirect::to($cp_host.'fbwifi/auth?c='.$clean_url_hash);

}





Variables Value of the function

dd(get_defined_vars()); will return

array:6 [▼
"cp_host" => "http://localhost:8888/"
"client_mac" => "00:00:11:22:33:44"
"original_uri" => "http%3A%2F%2Fwww.bunlongheng.com"
"clean_uri" => "http://www.bunlongheng.com"
"cmd" => "echo -n "00:00:11:22:33:44||http://www.bunlongheng.com" | openssl dgst -md5 -binary | base64 | tr -d "=" | tr "+/" "-_""
"clean_url_hash" => "t7Xnq9ClfRWciqFAYXbu7g"
]

Answer

You can generate this same hash using PHP functions, with no shell call.

Like this:

$hash = rtrim(base64_encode(md5("00:00:11:22:33:44||http://www.bunlongheng.com", true)),'=');
// QNyia8Q2VvKNJapAAVfXQw

Working example: https://3v4l.org/KkR9v