wxviews.py
import base64
import json
from Crypto.Cipher import AES
class WXBizDataCrypt:
def __init__(self, appId, sessionKey):
self.appId = appId
self.sessionKey = sessionKey
def decrypt(self, encryptedData, iv):
# base64 decode
sessionKey = base64.b64decode(self.sessionKey)
encryptedData = base64.b64decode(encryptedData)
iv = base64.b64decode(iv)
cipher = AES.new(sessionKey, AES.MODE_CBC, iv)
decrypted = json.loads(self._unpad(cipher.decrypt(encryptedData)))
if decrypted['watermark']['appid'] != self.appId:
raise Exception('Invalid Buffer')
return decrypted
def _unpad(self, s):
return s[:-ord(s[len(s)-1:])]
demo
from WXBizDataCrypt import WXBizDataCrypt
def main():
appId = 'wx4f4bc4dec97d474b'
sessionKey = 'tiihtNczf5v6AKRyjwEUhQ=='
encryptedData = 'CiyLU1Aw2KjvrjMdj8YKliAjtP4gsMZMQmRzooG2xrDcvSnxIMXFufNstNGTyaGS9uT5geRa0W4oTOb1WT7fJlAC+oNPdbB+3hVbJSRgv+4lGOETKUQz6OYStslQ142dNCuabNPGBzlooOmB231qMM85d2/fV6ChevvXvQP8Hkue1poOFtnEtpyxVLW1zAo6/1Xx1COxFvrc2d7UL/lmHInNlxuacJXwu0fjpXfz/YqYzBIBzD6WUfTIF9GRHpOn/Hz7saL8xz+W//FRAUid1OksQaQx4CMs8LOddcQhULW4ucetDf96JcR3g0gfRK4PC7E/r7Z6xNrXd2UIeorGj5Ef7b1pJAYB6Y5anaHqZ9J6nKEBvB4DnNLIVWSgARns/8wR2SiRS7MNACwTyrGvt9ts8p12PKFdlqYTopNHR1Vf7XjfhQlVsAJdNiKdYmYVoKlaRv85IfVunYzO0IKXsyl7JCUjCpoG20f0a04COwfneQAGGwd5oa+T8yO5hzuyDb/XcxxmK01EpqOyuxINew=='
iv = 'r7BXXKkLb8qrSNn05n0qiA=='
pc = WXBizDataCrypt(appId, sessionKey)
print pc.decrypt(encryptedData, iv)
if __name__ == '__main__':
main()
Wherein decrypting comprises
python3 symmetric encryption algorithm AES, DES3
Note: Crypto is mounted python3
pip3 install pycryptodome
If the download is slow to turn the second chapter I have mirrored
micro-channel official to
be so
in order to ensure the safety of open interfaces return of user data, micro-channel will clear data signature. Developers can sign the check packets based on business needs, ensuring data integrity.
1 acquires the data, the interface will also return by calling the interface (e.g. wx.getUserInfo) rawData, signature, wherein = SHA1 Signature (session_key of the rawData +)
2 developers will signature, rawData developer sent to the server for verification. Server using a user signature corresponding session_key signature2 calculated using the same algorithm, the integrity of the signature and signature2 to match check data.
Applet index.js
login() {
wx.getUserInfo({
success(res){
console.log(res)
var userinfo = res.userInfo
console.log(userinfo)
}
})```
打印出来的是
{errMsg: “getUserInfo:ok”, rawData: “{“nickName”:“张”,“gender”:1,“language”:“zh_CN”,“cit…snf1Tyy9fVm3GqwUQASDWDKweuo12GuarBWeonyuOlg/132”}”, userInfo: {…}, signature: “dde08e00a9d5eaba4956abdea5802693b7a6d77f”, encryptedData: “6PBg8Z/X2GztXFZoI7wewNetxQXXZyaklhtNPyXo9XSBxStUBm…p8DQ997rNVrrudkY8oquEzt69rgiNVvbCY7Vsb+vAsmviJA==”, …}
Only concerned
rawData, and the need to link sk
sk is the last article
print(res)
[14/Mar/2020 22:36:51] "GET /wx-login?code=021sJwPp16fSOl0qanQp1vCFPp1sJwPa&userinfo=undefined HTTP/1.1" 301 0
{'session_key': 'rCJI1l3***********dQ==', 'openid': '*********123'}
It can be seen returning userinfo = undefined
The next chapter specific acquisition userinfo, DJANGO added to the user model to expand in