Not getting a sha1 match in my C# to PHP code conversion, what am I missing?
-
03-07-2019 - |
Question
I'm trying to understand this so I can do something similar. I know:
buf contains an authentication key with a hash appended to it (the last 20 bytes) The HashData that's being looked up in the MachineKeySection is SHA1
length -= 20;
byte[] buffer2 = MachineKeySection.HashData(buf, null, 0, length);
for (int i = 0; i < 20; i++)
{
if (buffer2[i] != buf[length + i])
{
return null;
}
}
Here's what I think is happening: We are hashing all but the last 20 bytes of buf. Then we are, 1 byte at a time, comparing the hash we just created to the hash that is appended on to the last 20 bytes of buf.
So in PHP I'm trying this:
//get the length of the ticket -20 bytes
$ticketLn = strlen($buf)-40;
//grab all but the last 20 bytes
$ticket = substr($decrypthex, 0, $ticketLn);
//create a hash of the ticket
$hash = substr($decrypthex, $ticketLn);
And the next step is to compare. But when I echo the output of $hash and sha1($ticket) they don't match so I haven't even bothered comparing them in code.
Solution
By default, php's sha1() function returns a 40 character hexadecimal number. You have to explicitly request the 20-byte binary format if that's what you want
$hash = sha1( $ticket, true );
OTHER TIPS
$ticket = substr($decrypthex, 0, -20);
$hash = substr($decrypthex, -20);