CAC-AutomaticKeyRecoveryMar2017.pdf by Elsa Cristina David on Scribd
Thursday, July 13, 2017
http://iase.disa.mil/pki-pke/Pages/sha-256.aspx
| |
|
|
I'm not saying is military grade...but I'm almost certain its the NSA phones
This plugin will allow you to encrypt data with RSA algorythm in an Ajax request (client side) and decrypt in PHP (server side).
IMPORTANT: Unfortunately, this plugin does not provide a foolproof method against hacks
ONLINE DEMONSTRATION
How to use it ?
Downloads
Here are 3 downloads necessary to use AJAXRSA with Construct 2 :
RSA Keys Generator
Download and dezip the folder.
Execute the «index.exe».
(size: 18 Mo)
Execute the «index.exe».
(size: 18 Mo)
Plugin Construct 2
Download, dezip and put the folder called «ajaxrsa».
in the Construct 2 Plugin folder.
(size: 10 Ko)
in the Construct 2 Plugin folder.
(size: 10 Ko)
PHP Library and Demo
Download and dezip the folder.
You will obtain 2 folders et 1 example script.
(size: 143 Ko)
You will obtain 2 folders et 1 example script.
(size: 143 Ko)
RSA Keys
In first, you will need two keys : Public Key and Private Key
Launch the RSA Keys Generator (search an executable called «index.exe»).
You get this :
Launch the RSA Keys Generator (search an executable called «index.exe»).
You get this :
Construct 2 Plugin
Make sure your folder «ajaxrsa» is present in the Construct 2 Plugins folder.
C:/Program Files/Construct 2/exporters/html5/plugins/ajaxrsa/
C:/Program Files/Construct 2/exporters/html5/plugins/ajaxrsa/
Launch Construct 2, create a new project, add new object : AJAX-RSA.
Now, open your Event Sheet to add the following Events/Actions :
PHP Library & Demo
On server side, make sure your folders «Crypt» and «Math» are in the same folder.
Below, the demo script to process the data server side:
Below, the demo script to process the data server side:
// Use it for local preview (localhost:50000)
// See : https://www.scirra.com/manual/107/ajax
//header('Access-Control-Allow-Origin: * ');
ini_set("display_errors", 0);
session_start(); // Need session to store Token
require_once('Crypt/RSA.php'); // Math folders must be the same level as the folder Crypt
// IMPORTANT : Keep the complete syntax and the jump lines for Private Key
define("KEY_PRIVATE", "-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAMrXPEVu4LxhOUvV2mreOoHIchPlJYgvRdpqkBd6t2sD7SM02DqP
n89eSj+oqG1ZR+l7Yj1SMCZMrav6257UivMCAwEAAQJAHHwerKl7dI46sO72iJdt
+UJ1iAcKlECp5e2dD+Rd1EXYNfIH26AyprDRXNTRoTYidiVaUH1Z8NxifWagf36j
gQIhAOKOTxjSwgDIWQxoMxw2AL8AAGF3g4uWXgRZKp4f9QghAiEA5TPn1H/j7AQW
NTW7WmM6PjV/Xdl0YI4y2OUTdw2E4JMCIQCvYFJCeQPM70pfnFnUQMmbETk6OfYO
nDvzScL/3OUlgQIgZop6RU+SIJ0Tcmq/jwilnf9BJDONJUV46iBSPQkHUZECIAnE
byHHtgYokdOrheh+O1FWUtq5q/xq28TR+tHUFa1i
-----END RSA PRIVATE KEY-----");
// Function to decrypt data
function decrypt($data) {
$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa->loadKey(KEY_PRIVATE, CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
$s = new Math_BigInteger($data, 16);
return $rsa->decrypt($s->toBytes());
}
$arr_data = array(); // Array where we will store our data
// Check if the Ajax Request come from the game folder
// example : http://www.domain.com/folderGame/ or http://www.domain.com/folderGame/index.html
if(isset($_SERVER['HTTP_REFERER'])
&& ($_SERVER['HTTP_REFERER']=="http://www.payondev.fr/projet/ajaxrsa/demonstration/"
|| $_SERVER['HTTP_REFERER']=="http://www.payondev.fr/projet/ajaxrsa/demonstration/index.html"))
{
// If "Post to URL"
if(isset($HTTP_POST_VARS[d])) $data = $HTTP_POST_VARS[d];
// If "Request URL"
if(isset($HTTP_GET_VARS[d])) $data = $HTTP_GET_VARS[d];
if(trim($data, " \t\n\r")!="")
{
// Decrypt Data
$decrypted_data = utf8_decode(decrypt($data));
parse_str($decrypted_data, $arr_data);
// Check if there is a data called "token"
if(isset($arr_data['token']) && trim($arr_data['token'], " \t\n\r")!="")
{
// Check if token exist (get key if exist)
if( ($k = array_search($arr_data['token'], $_SESSION['token'])) !== FALSE )
{
// Remove current token (expired or not)
unset($_SESSION['token'][$k]);
$expiration = explode("_", $arr_data['token']);
$delayToken = time() - $expiration[1];
if($delayToken<=2)
{
// *******************************************************************
// ************************ YOUR CODE HERE ***************************
// *******************************************************************
// EX : www.domain.com/index.php?player=Vincent&score=150&token=123abc...
// $arr_data["player"] = "Vincent";
// $arr_data["score"] = "150";
// $arr_data["token"] = "123abc...";
foreach($arr_data as $key => $value) echo $key .": ". $value." ";
}else{ echo "Error : Token Expired"; }
}else{ echo "Error : Invalid Token"; }
}else{ echo "Error : Token missing"; }
}else{
// If no data in URL, generate Token and return it
$token = md5(rand(1000, 999999));
echo $_SESSION['token'][] = $token."_".time();
}
}else{ echo "Error : It's not a call from the game"; }
Of course, the use of Tokens (either side Construct 2 or PHP) is not mandatory but recommended for browser games.
Subscribe to:
Posts (Atom)