Jump to content

Fun(not) with Hashing (sha256)


Go to solution Solved by LarsJ,

Recommended Posts

OK, I have to access an API. The Instructions are for PHP... Don't know PHP...

This poses a problem.

Here's the part I need a wee bit of help with:

calculate the SHA256 hash of this string with your Secret Key. In PHP, this would be:

$sha256 = hash_hmac('sha256', "target=ipam&action=get&type=IP&mask=24&apiKey=32-5DAYTJQY2TZHOFOB", "48b278ec873bda4738923dbc467f8669", TRUE);

As this value has been 256-bit hashed, it will contain many unprintable characters. The solution to this is to encode it in base 64 for transport. Again, in PHP:

$hash = base64_encode($sha256);

Calculating it out yields the completed hash:

$hash = yneSFMyxPPe+3W4IOkVp50K3VStatBcRRak+2ygDUWQ=

The calculated hash can then be appended to the full API Query URL to form a completed request:

This gives me 2 functions to find/craft

1. Base64_Encode

2. Hash_Hmac

For the Base64Encode part, I found this:

?do=embed' frameborder='0' data-embedContent>

looks like it was circa 2008 an , judging by the comments in the thread, may not be stable on Win8.x

Is there a more stable way to do a Base64 Encode?

And, I think I am totally stumped on the second.

(There IS a Crypt UDF, but I have no idea if

$bHash = _Crypt_HashData("target=ipam&action=get&type=IP&mask=24&apiKey=32-5DAYTJQY2TZHOFOB", "48b278ec873bda4738923dbc467f8669", $CALG_SHA1)

will do what I want)

(edit to comment : nope, I think crypt hash data is a no go... No way to add the secret key...)

Edited by everseeker

Everseeker

Link to comment
Share on other sites

  • Solution

The above implementations all miss the mark slightly.

HMAC only works with MD5 and SHA1, I need SHA256

I tried to somehow get the SHA224_256.au3 functions to work, but I only succeeded in making a mess...

The Base64Encode/Decode link ... well... it points to a very old "Work in progress" that devolves into a C discussion...

I found another one (B64) only problem is, despite the fact that everyone is saying it's Da Bomb....

it has syntax errors that stop it in its tracks.

Local $aRet = DllCallAddress('uint', DllStructGetPtr($tMem), 'struct*', $tRevIndex, 'struct*', $tSource, 'struct*', $tOutput, 'uint', (@AutoItX64 ? $iLen : $iLen / 4))

And the demo file has this:

Local $aSize = DllCall("Crypt32.dll", "bool", 'CryptBinaryToString', 'struct*', $tByteArray, 'dword', BinaryLen($Binary), 'dword', $iFlags, 'str', Null, 'dword*', Null)

Null huh...

(Not even getting to the need for an Input file, with no info on the CONTENT requirements of this file)

Edited by everseeker

Everseeker

Link to comment
Share on other sites

The above implementations all miss the mark slightly.

HMAC only works with MD5 and SHA1, I need SHA256

I tried to somehow get the SHA224_256.au3 functions to work, but I only succeeded in making a mess...

You can try and use the HMAC UDF and use the SHA256 algorithm using this:

Global Const $CALG_SHA_256 = 0x0000800c

NOTE: BTW, as I posted in the thread you were referring to, you need to update your version of AutoIt to support the Ternary operator. It's been part of the language since the end of 2013.

Edited by BrewManNH

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites

I just updated this install 2 days ago... I HAVE the latest.... let me look... ummmm

JAW Drops...

3.3.8.1..... 
#$#@&^**#^&@@!#*&#@% Pulled the new installer, EXECUTED the old installer....
D'Oh!
will get back after I confirm it is ALL in my head.....
 
 
 

Everseeker

Link to comment
Share on other sites

OK. The first part looks like it works now. THanks.

This is what I did:

#include <Crypt.au3>

Global Const $CALG_SHA_256 = 0x0000800c

Func sha256($message)
    Return _Crypt_HashData($message, $CALG_SHA_256)
EndFunc

Func hmac($key, $message, $hash="sha256")
    Local $blocksize = 64
    Local $a_opad[$blocksize], $a_ipad[$blocksize]
    Local Const $oconst = 0x5C, $iconst = 0x36
    Local $opad = Binary(''), $ipad = Binary('')
    $key = Binary($key)
    If BinaryLen($key) > $blocksize Then $key = Call($hash, $key)
    For $i = 1 To BinaryLen($key)
        $a_ipad[$i-1] = Number(BinaryMid($key, $i, 1))
        $a_opad[$i-1] = Number(BinaryMid($key, $i, 1))
    Next
    For $i = 0 To $blocksize - 1
        $a_opad[$i] = BitXOR($a_opad[$i], $oconst)
        $a_ipad[$i] = BitXOR($a_ipad[$i], $iconst)
    Next
    For $i = 0 To $blocksize - 1
        $ipad &= Binary('0x' & Hex($a_ipad[$i],2))
        $opad &= Binary('0x' & Hex($a_opad[$i],2))
    Next
    Return Call($hash, $opad & Call($hash, $ipad & Binary($message)))
EndFunc

ConsoleWrite(hmac("key", "the", "sha256") & @CRLF)

Hope that is working (LOOKS like it is, but I have no pre-post data)

Everseeker

Link to comment
Share on other sites

OK, all my prayers have been answered :)

I have been able to use the above, in combination, to successfully create hashes for my API. Don't know what the issue is with Base64DECODE (Get a system error) but no matter... All I need to do is Encode, and that part is golden!

Edited by everseeker

Everseeker

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...