Jump to content
Sign in to follow this  
AlwaysLearning

Request Headers with WinHTTP HMAC SHA256

Recommended Posts

Hello,

I have been struggling with this for nearly 20 hours, and I just cannot seem to figure out the formatting for the header request.
To test this, you will need to use this api key I set up for your testing purposes. (note, I sent tracexx a direct message about this as I didn't realize I could limit API restrictions until just now, so I am now hoping on of you may have the answer on hand)

I need to be able to GET balance and POST orders.
Right now, I can't get past the 401/403 errors on my own.
I believe the Content is formatted for JSON, but using the JSON format didn't work for me ( although that may be because I'm an idiot and formatted something wrong).

I want to get:

  1. GET balance page
  2. POST delete order page

Here is a temporary API key + Secret API key with only the "View Balance Page" and "Delete Order" functions enabled:

Access-key: tq6GeUrEvfxyF-LG

Secret Access-Key: cZlz75K1wb8-Ed67pRaXvUWTPW6RTH9q

Here is the site's API guide (I followed this closely and doubt the error is there): https://coincheck.com/documents/exchange/api#libraries

 

And here is running source code (needs those keys inputted) which will hash the above keys to the required HMAC SHA256:

#include <Crypt.au3>
#include<WinHttp.au3>

Global Const $CALG_SHA_256 = 0x0000800c

;; =====

$api = "/api/accounts/balance"

$accessNonCE = _TimeGetStamp()
$url = "https://coincheck.com/api/accounts/balance"
$body = ""

WinHTTP($url, $body)

Func WinHTTP($sUrl, $sBody)
    Local $hOpen = _WinHttpOpen()
    Local $hConnect = _WinHttpConnect($hOpen, "https://coincheck.com/api/accounts/balance")
    ; Specify the reguest:
    ;Local $hRequest = _WinHttpOpenRequest($hConnect, Default, $sApi)

    $accessKey = "" ;; Add the key from above
    $secretKey = "" ;; Add the secret key from above
    $message = $accessNonCE & $sUrl
    $BinarySignature = HMAC($secretKey, $message)

    $signature = _Base64Encode($BinarySignature) ;Encode signature

    Local $hRequest = _WinHttpOpenRequest($hConnect, "GET")

    _WinHttpAddRequestHeaders($hRequest, 'ACCESS-KEY: '&$accessKey)
    _WinHttpAddRequestHeaders($hRequest, 'ACCESS-NONCE: '&$accessNonCE)
    _WinHttpAddRequestHeaders($hRequest, 'ACCESS-SIGNATURE: '&$signature)

    ; Send request
    _WinHttpSendRequest($hRequest)

    ; Wait for the response
    _WinHttpReceiveResponse($hRequest)

    Local $sHeader = _WinHttpQueryHeaders($hRequest) ; ...get full header
    Local $sData =  _WinHttpReadData($hRequest)

    ; Clean
    _WinHttpCloseHandle($hRequest)
    _WinHttpCloseHandle($hConnect)
    _WinHttpCloseHandle($hOpen)

    ; Display retrieved data
    MsgBox(0, "Data", $sData)
EndFunc


Func sha256($message)
    Return _Crypt_HashData($message, $CALG_SHA_256)
EndFunc

Func HMAC($key, $message, $hash="sha256")
    Local $blocksize = 64
    Local $a_opad[$blocksize], $a_ipad[$blocksize]
    Local Const $oconst = 0x5C, $iconst = 0x36
    Local $opad = Binary(''), $ipad = Binary('')
    $key = Binary($key)
    If BinaryLen($key) > $blocksize Then $key = Call($hash, $key)
    For $i = 1 To BinaryLen($key)
        $a_ipad[$i-1] = Number(BinaryMid($key, $i, 1))
        $a_opad[$i-1] = Number(BinaryMid($key, $i, 1))
    Next
    For $i = 0 To $blocksize - 1
        $a_opad[$i] = BitXOR($a_opad[$i], $oconst)
        $a_ipad[$i] = BitXOR($a_ipad[$i], $iconst)
    Next
    For $i = 0 To $blocksize - 1
        $ipad &= Binary('0x' & Hex($a_ipad[$i],2))
        $opad &= Binary('0x' & Hex($a_opad[$i],2))
    Next
    Return Call($hash, $opad & Call($hash, $ipad & Binary($message)))
EndFunc


Func _TimeGetStamp()
    Local $av_Time
    $av_Time = DllCall('CrtDll.dll', 'long:cdecl', 'time', 'ptr', 0)
    If @error Then
        SetError(99)
        Return False
    EndIf
    Return $av_Time[0]
EndFunc

Func _Base64Encode($input)

    $input = Binary($input)

    Local $struct = DllStructCreate("byte[" & BinaryLen($input) & "]")

    DllStructSetData($struct, 1, $input)

    Local $strc = DllStructCreate("int")

    Local $a_Call = DllCall("Crypt32.dll", "int", "CryptBinaryToString", _
            "ptr", DllStructGetPtr($struct), _
            "int", DllStructGetSize($struct), _
            "int", 1, _
            "ptr", 0, _
            "ptr", DllStructGetPtr($strc))

    If @error Or Not $a_Call[0] Then
        Return SetError(1, 0, "") ; error calculating the length of the buffer needed
    EndIf

    Local $a = DllStructCreate("char[" & DllStructGetData($strc, 1) & "]")

    $a_Call = DllCall("Crypt32.dll", "int", "CryptBinaryToString", _
            "ptr", DllStructGetPtr($struct), _
            "int", DllStructGetSize($struct), _
            "int", 1, _
            "ptr", DllStructGetPtr($a), _
            "ptr", DllStructGetPtr($strc))

    If @error Or Not $a_Call[0] Then
        Return SetError(2, 0, ""); error encoding
    EndIf

    Return DllStructGetData($a, 1)

EndFunc   ;==>_Base64Encode


 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • By Surya
      Hi everyone its been loooong since I posted here 
      I have been trying to convert this curl executable parameters into autoit using the winhttp com object;
      curl -F data_file=@my_audio_file.mp3 -F model=en-US "https://api.speechmatics.com/v1.0/user/41049/jobs/?auth_token=MmQ5MTk4jdsgjhgghstOGU5YS00OWFhLWghdgjshgdhbshj017###" any ideas guys
       
      PS: I am excited to post here after a looong time
    • By Ascer
      Hello
      Opertation Sys: Win7 x64
      Problem: Connecting to webs using TLS 1.1 +
      Description: WinHttp.WinHttpRequest.5.1 using TLS 1.0 by default, i need higher version to connect into some webs.
      Dim $oHttp = ObjCreate("WinHTTP.WinHTTPRequest.5.1") $oHttp.open ("GET", "https://howsmyssl.com/a/check", False) $oHttp.Option(9) = 128 ; 128 - TLS 1.0, 512 - TLS 1.1, 2048 - TLS 1.2, 2056 - TLS 1.1 & TLS 1.2 $oHttp.Send ConsoleWrite($oHttp.responseText & @CRLF) ; at end of the respond you can check your TLS version. Mine is: {"tls_version":"TLS 1.0","rating":"Bad"} Error: $oHttp.Option works only with parameter 128 (TLS 1.0) other values make error {Bad parameter}
      Additional: I've done this tutorial about enabling TLS in registry: <link>
      Thanks for support.
      Ascer
    • By islandspapand
      Hi All
      i am currently trying to add a function to my project that can send SMS, i have gone with Twilio for the sms service that use a REST API.
      I have never worked with an API before, and could use some help.
      I can get my function working with using cURL.exe and copy past command from the website with the following code. And thats great unfortunately i am have issue with character like æøå when sending a SMS appears like a box or ?. this does not happen if i do it from the website so it looks like a Unicode issue in curl.exe.
      I have done some searching on the forum and understand that i should be able to implement this curl command with the WinHTTP UDF from @trancexx so i don't need a third part exe and it might fix my charater issue.
      Unfortunately i really don't understand how i am to change curl commands to the WinHTTP and i was hoping some good maybe give me an example i could learn from.
      Thanks in advanced
      i have removed the AuthToken number from the script.
      _SendSMS("00000000","SomeOne","SMS body info") Func _SendSMS($SendTo,$SendFrom,$Msgtxt) $AccountSID = "ACbb765b3180d5938229eff8b8f63ed1bc" $AuthToken = "Auth Token number" $Data = '"https://api.twilio.com/2010-04-01/Accounts/'&$AccountSID&'/Messages.json"'& _ '-X POST \ --data-urlencode "To=+45'&$SendTo&'" \ --data-urlencode "From='&$SendFrom&'" \ --data-urlencode "Body='&$Msgtxt&'" \ -u '&$AccountSID&':'&$AuthToken&'' ShellExecute(@ScriptDir&"\curl.exe","-k "&$Data) ;~ curl 'https://api.twilio.com/2010-04-01/Accounts/ACbb765b3180d5938229eff8b8f63ed1bc/Messages.json' -X POST \ ;~ --data-urlencode 'To=+4500000000' \ ;~ --data-urlencode 'From=Reception' \ ;~ --data-urlencode 'Body=Test Body' \ ;~ -u ACbb765b3180d5938229eff8b8f63ed1bc:[AuthToken] EndFunc  
       
    • By jesus40
      Hello friends, i have a working curl command that show informations about my account on binance.com, but_it dont work with autoit code without curl.exe.
      I want to do it without curl, because the whole process much Slower_ with StdoutRead (I want get the response in variable.)
      My Curl command in Autoit:
      This 2 are works, but_ i would like to do it without curl.exe
      $apikey="XYZ" sCommand = @ScriptDir & '\curl.exe -k -H "X-MBX-APIKEY: ' & $apikey & '" -X GET "https://api.binance.com/api/v3/account?' & $request the same in .bat  file
      curl.exe -k -H "X-MBX-APIKEY: XYZ" -X GET "https://api.binance.com/api/v3/account?timestamp=1514917812000&signature=85bdee77e53cd521e1d5229fbfb459d53799c42b3fa4596d73f1520fad5f965a" (I use curl with -k option which allows curl to make insecure connections, because there is problem with the sites certificate, (cURL error 60))
       
      I tried many variations, this is the latest... I cant get the same response.
      curl $error message (I changed ): {"code":-2015,"msg":"Invalid API-key, IP, or permissions for action."}
      autoit version $error message (Response code:400): Mandatory parameter 'timestamp' was not sent, was empty/null, or malformed.
       
      $request = $query & '&signature=' & $signature $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("GET", "https://api.binance.com/api/v3/account", False) $oHTTP.SetRequestHeader("X-MBX-APIKEY", $apikey) $oHTTP.Send($request) $oReceived = $oHTTP.ResponseText $oStatusCode = $oHTTP.Status If $oStatusCode <> 200 then MsgBox(4096, "Response code", $oStatusCode) EndIf  
      thanks
    • By Danyfirex
      Hello guys. Here is a small function to create a hash hmac  similar to hash_hmac PHP function.  
      Supported are: SHA512,SHA256,SHA1,SHA384,MD5 and RIPEMD160.
       
      Local $sSecret = "SecretKey" Local $sMessage = "AutoIt Rocks!!!" ConsoleWrite("HMAC-SHA256: " & @TAB & @TAB & _HashHMAC("SHA512", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-SHA256: " & @TAB & @TAB & _HashHMAC("SHA256", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-SHA1: " & @TAB & @TAB & _HashHMAC("SHA1", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-SHA384: " & @TAB & @TAB & _HashHMAC("SHA384", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-MD5: " & @TAB & @TAB & _HashHMAC("MD5", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-RIPEMD160: " & @TAB & _HashHMAC("RIPEMD160", $sMessage, $sSecret) & @CRLF) Func _HashHMAC($sAlgorithm, $bData, $bKey, $bRaw_Output = False) Local $oHashHMACErrorHandler = ObjEvent("AutoIt.Error", "_HashHMACErrorHandler") Local $oHMAC = ObjCreate("System.Security.Cryptography.HMAC" & $sAlgorithm) If @error Then SetError(1, 0, "") $oHMAC.key = Binary($bKey) Local $bHash = $oHMAC.ComputeHash_2(Binary($bData)) Return SetError(0, 0, $bRaw_Output ? $bHash : StringLower(StringMid($bHash, 3))) EndFunc ;==>_HashHMAC Func _HashHMACErrorHandler($oError) ;Dummy Error Handler EndFunc ;==>_HashHMACErrorHandler It requires .NET Framework  2.0 or higher.
      Saludos
×
×
  • Create New...