user3210615 user3210615 - 1 month ago 16
PHP Question

What is the PHP equivalent of this JS encrypter code?

I am trying to log in to Steam (not via the API as it's very limited) with cURL, however I got stuck at encrypting the password.

Basically the process of logging in is posting a username to https://store.steampowered.com/login/getrsakey

The response looks like this:

{"success":true,"publickey_mod":"D1CBFEDCE654EB68423E9ED9446622DE7F69A0E02523FD04B0650D79074C802A72ACC5D4BEB0AB709886B5A8B7A2813AF1B4C4A03F5C4439221F189B7039DFBEA2558F59B5B00CC53F4578668EF66C2457A90C7A54C518831CC45EA1AC84269C47E1B93A4AAF263429D789DB17FF149DFDEE7270386EDD5BC53B84A78F9AEAA67B8F137EDEC36ED81ED52EB1DD33EEC4EC01675DC044ED974E95A5054E1A33F163411E2F54063534EAE7B12D4607959AB77F36FCFAA299E81E05FABE911A019A13399413593F47A30821DC63A8B11CF40392139E1FE9DE94BD2344586424ABA4A8F1499F1DBC6F8DD2C8DF12A554F891C5D038388017E45A725A54ED1E43211B","publickey_exp":"010001","timestamp":"104490300000","token_gid":"3b54a605fa590d2"}


Then using this response, the javascript code encrypts the password.

I tried to use openssl and phpseclib, but no success. Openssl does not accept my key and with phpseclib I'm not sure what's the problem.

However I managed to find the JS code that takes care of this process:

var pubKey = RSA.getPublicKey( results.publickey_mod, results.publickey_exp );
var username = this.m_strUsernameCanonical;
var password = form.elements['password'].value;
password = password.replace( /[^\x00-\x7F]/g, '' ); // remove non-standard-ASCII characters
var encryptedPassword = RSA.encrypt( password, pubKey );


full code: https://steamstore-a.akamaihd.net/public/shared/javascript/login.js

So my final question is: How could I do this in PHP in the simpliest way?

Answer

Using phpseclib v1.0,

<?php
include('Crypt/RSA.php');

$username = 'user';
$password = 'pass';

$ch = curl_init();

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/getrsakey/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
    'donotcache' => time(),
    'username' => $username
));

$result = json_decode(curl_exec($ch));

$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa->loadKey(array(
    'n' => new Math_BigInteger($result->publickey_mod, 16),
    'e' => new Math_BigInteger($result->publickey_exp, 16)
));

$password = base64_encode($rsa->encrypt($password));

curl_setopt($ch, CURLOPT_URL, 'https://store.steampowered.com/login/dologin/');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
    'donotcache' => time(),
    'password' => $password,
    'username' => $username,
    'twofactorcode' => '',
    'emailauth' => '',
    'loginfriendlyname' => '',
    'captchagid' => -1,
    'captcha_text' => '',
    'emailsteamid' => '',
    'rsatimestamp' => $result->timestamp,
    'remember_login' => false
));

$result = json_decode(curl_exec($ch));
var_dump($result);
Comments