I need to undo the following ASP.Net processes in PHP so I can get at the username and expiration date in a ticket. I’ve decrypted the 3DES encryption (step 3 below) but I’m not sure what I need to do next. Is the string that results from decryption a byte array? Should I be able to convert it to ascii? (Because it doesn’t).
What ASP.Net does to create ticket:
- Serialize username, expiration, other data (which I don’t care about). Create a byte array.
- Sign the ticket using SHA1 (the sig is the last 20 bytes)
- Encrypt the ticket with 3DES (which I’ve unencrypted).
I get back something that looks like this:
6E 85 A4 39 71 31 46 BB A3 F6 BE 1A 07 EE A4 CE 5F 03 C8 D1 4C 97 5D 6A 52 D1 C4 82 75 5E 53 06 7B 1D D2 4D BF 22 40 F7 F4 B8 8D B0 C3 EC E5 BE F7 52 C2 DF 00 7A D1 CB BC 76 4B 10 33 2D 1A B4 15 A7 BB D6 9D BF 41 69 D2 C4 43 4A 26 95 01 F2 06 AA 46 2C 96 CC AD DC 08 59 C0 64 B6 EE 2C 5F CA ED 8B 92 1C 80 FD FF DC 61 67 28 59 CB E6 71 C6 C3 72 0E D0 32 69 22 57 4E 40 2B DA 67 BA 7F F1 C5 78 BC DF 80 8C D8 F2 8B 19 E2 A4 4F 7C 8C D9 97 37 BD B5 5B 0A 66 9B DD E7 DC 7B 78 F4 F8
It doesn’t map to ascii, what do I do next? I have the SHA1 validation key. Thanks for any help!
I’ve been working it out, and I have managed to get the forms authentication ticket contents in PHP.
Decrypt the ticket with the same key used to encrypt it on the .Net side. For this, I’m using http://www.navioo.com/php/docs/function.mcrypt-encrypt.php.
The decryption adds padding to the end of the string, I remove that.
I’m left with a string with a 20 byte SHA1 hash at the end. Those last 20 bytes (should) match the SHA1 hash of the first part of the string (string length – 20 bytes). I’m still working on this part, trying to figure out how .NET converts a byte array into a single clump of data that can be SHA1 hashed (so I can do the same on the PHP side).
That’s really all there is to it.