惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
S
Securelist
D
Docker
The Register - Security
The Register - Security
GbyAI
GbyAI
Recorded Future
Recorded Future
Engineering at Meta
Engineering at Meta
Stack Overflow Blog
Stack Overflow Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
罗磊的独立博客
博客园 - 【当耐特】
F
Full Disclosure
WordPress大学
WordPress大学
腾讯CDC
小众软件
小众软件
大猫的无限游戏
大猫的无限游戏
D
DataBreaches.Net
SecWiki News
SecWiki News
L
Lohrmann on Cybersecurity
I
InfoQ
MyScale Blog
MyScale Blog
量子位
Cyberwarzone
Cyberwarzone
博客园 - 三生石上(FineUI控件)
The Hacker News
The Hacker News
F
Fortinet All Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Jina AI
Jina AI
博客园_首页
H
Help Net Security
K
Kaspersky official blog
酷 壳 – CoolShell
酷 壳 – CoolShell
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Webroot Blog
Webroot Blog
Blog — PlanetScale
Blog — PlanetScale
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
The Cloudflare Blog
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
爱范儿
爱范儿
P
Privacy International News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
The GitHub Blog
The GitHub Blog
C
Cybersecurity and Infrastructure Security Agency CISA
B
Blog RSS Feed

Golang on 轻风云

go-swagger 快速入门教程
golang实现百度智能小程序用户数据的解密
2023-03-18 · via Golang on 轻风云

golang实现百度智能小程序用户数据的解密

百度智能小程序官方文档

博主在网上gitee github找了很多 几乎没有看到适配golang的方法,以下方法可行

类库

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
/*
 * @author anderyly
 * @email admin@aaayun.cc
 * @link http://blog.aaayun.cc
 * @copyright Copyright (c) 2023
 *
 */

package baidu

import (
    "crypto/aes"
    "crypto/cipher"
    "encoding/base64"
    "encoding/json"
    "errors"
    "fmt"
    "regexp"
)

var _ AppletDataCrypt = (*appletDataCrypt)(nil)

type AppletDataCrypt interface {
    Decrypt(data string, iv string, isJSON bool) (interface{}, error) // 解密
}

type appletDataCrypt struct {
    AppID      string
    SessionKey string
}

var errorCode = map[string]int{
    "IllegalAppID":      -41000,
    "IllegalAesKey":     -41001,
    "IllegalIV":         -41002,
    "IllegalBuffer":     -41003,
    "DecodeBase64Error": -41004,
    "DecodeJsonError":   -41005,
}

type showError struct {
    errorCode int
    errorMsg  error
}

func NewAppletDataCrypt(appid, sessionKey string) AppletDataCrypt {
    return &appletDataCrypt{
        AppID:      appid,
        SessionKey: sessionKey,
    }
}

func (e showError) Error() string {
    return fmt.Sprintf("{code: %v, error: \"%v\"}", e.errorCode, e.errorMsg)
}

func (con *appletDataCrypt) Decrypt(data string, iv string, isJSON bool) (interface{}, error) {
    aesKey, err := base64.StdEncoding.DecodeString(con.SessionKey)
    if err != nil {
        return nil, showError{errorCode["DecodeBase64Error"], err}
    }

    if len(iv) != 24 {
        return nil, showError{errorCode["IllegalIV"], errors.New("iv length is error")}
    }
    aesIV, err := base64.StdEncoding.DecodeString(iv)
    if err != nil {
        return nil, showError{errorCode["DecodeBase64Error"], err}
    }

    aesCipherText, err := base64.StdEncoding.DecodeString(data)
    if err != nil {
        return nil, showError{errorCode["DecodeBase64Error"], err}
    }
    aesPlantText := make([]byte, len(aesCipherText))

    aesBlock, err := aes.NewCipher(aesKey)
    if err != nil {
        return nil, showError{errorCode["IllegalBuffer"], err}
    }

    mode := cipher.NewCBCDecrypter(aesBlock, aesIV)
    mode.CryptBlocks(aesPlantText, aesCipherText)
    aesPlantText = con.PKCS7UnPadding(aesPlantText)

    var decrypted map[string]interface{}

    re := regexp.MustCompile(`[^\{]*(\{.*\})[^\}]*`)
    aesPlantText = []byte(re.ReplaceAllString(string(aesPlantText), "$1"))

    err = json.Unmarshal(aesPlantText, &decrypted)
    if err != nil {
        return nil, showError{errorCode["DecodeJsonError"], err}
    }

    if isJSON == true {
        return string(aesPlantText), nil
    }

    return decrypted, nil
}

func (con *appletDataCrypt) PKCS7UnPadding(plantText []byte) []byte {
    length := len(plantText)
    if length > 0 {
        unPadding := int(plantText[length-1])
        return plantText[:(length - unPadding)]
    }
    return plantText
}

调用方法

1
2
// res为json需要自行json.Unmarshal这里不做演示
res, err := baidu.NewAppletDataCryp("appid", "sessionKey").Decrypt("加密的数据", "偏移量", true)