diyism · September 22, 2015 16:42
diff --git a/gistfile1.php b/gistfile1.php
 <?php
 echo 'unsign:<br>';
 $base64='SFb+9uIIyCsmnqEfRl8zAhNU/E1tAPhISDC+bL9isqssivFWCHKZ3qqop/2c9M055H4=';
 //$base64='GicrJfhqvKUCol1jsnhIZM2H/UQa8ZtGIs2HvZsnCDziSSIPKbo3QJEd7qvPwFJMOEs=';
 //$base64='GykqJiswalge36/EHThFZfZOk0UbaRoUNiIBtyDZKQj2s7fdlSV5VrFDlSjETOvwg0s=';
 echo 'base64: '.$base64.'<br>';
 $str=base64_decode($base64);
 echo 'mixed hex: '.bin2hex($str).'<br>';

 $tmp=ord(substr($str, 1, 1))-36;
 if (($tmp)%3==0) {$s=$tmp;}
 if (($tmp-1)%3==1) {$s=$tmp-1;}
 if (($tmp-2)%3==2) {$s=$tmp-2;}
 $i=ord(substr($str, floor($s/10)+17+1+2, 1))-18-$s%12;
 $h=ord(substr($str, floor($s/10)+17+2, 1))-48-$s%9;
 $d=ord(substr($str, $i%10+7+1+2, 1))-84-$s%6;
 $y1=20; $y2=15; $m='04';
 $str_time="$y1$y2-$m-$d $h:$i:$s";
 echo 'str_time: '.$str_time.'<br>';

 $time_crypt=substr($str, 2, floor($i/10))
            .substr($str, floor($i/10)+1+2+1, $i%10+7+2-(floor($i/10)+1+2)-1)
            .substr($str, $i%10+7+1+2+1, floor($s/10)+17+2-($i%10+7+1+2)-1)
            .substr($str, floor($s/10)+17+1+2+1, $s%10+24+2-(floor($s/10)+17+1+2)-1)
            .substr($str, $s%10+24+1+2+1)
            .'<br>';
 echo 'crypted hex: '.bin2hex($time_crypt).'<br>';
 $time_bin=chr($y1+22+$s%2).chr($y2+22+$s%3).chr($m+65+$s%4).chr($d+84+$s%6).chr($h+48+$s%9).chr($i+18+$s%12).chr($s+36+$s%3).chr(8);
 $decrypt=mcrypt_decrypt(MCRYPT_DES, $time_bin, $time_crypt, MCRYPT_MODE_ECB);
 echo 'decrypt:'.bin2hex($decrypt).'<br><br>';


 function sign($str_time)
 {
    $key='x^z324_client_android';
    $time=strtotime($str_time);
    $y=date('Y', $time);
    $y1=substr($y, 0, 2);
    $y2=substr($y, 2, 2);
    $m=date('m', $time);
    $d=date('d', $time);
    $h=date('H', $time);
    $i=date('i', $time);
    $s=date('s', $time);
    $time_bin=chr($y1+22+$s%2).chr($y2+22+$s%3).chr($m+65+$s%4).chr($d+84+$s%6).chr($h+48+$s%9).chr($i+18+$s%12).chr($s+36+$s%3).chr(8);
    $content=str_pad($key, 32, "\0", STR_PAD_RIGHT).str_repeat("\x08", 8);
    $time_crypt=@mcrypt_encrypt(MCRYPT_DES, $time_bin, $content, MCRYPT_MODE_ECB);
    echo 'crypted hex: '.bin2hex($time_crypt).'<br>';
    $rtn=substr($time_bin, 5, 2).substr($time_crypt, 0, floor($i/10));
    $poss=array(floor($i/10), floor($i/10)+1, $i%10+7, $i%10+7+1, floor($s/10)+17, floor($s/10)+17+1, $s%10+24, $s%10+24+1);
    foreach ($poss as $i=>$p)
    {
        $rtn{$p+2}=$time_bin{$i};
        if ($i<=6)
        {
            $rtn=$rtn.substr($time_crypt, $poss[$i]-$i, $poss[$i+1]-$poss[$i]-1);
        }
    }
    $rtn=$rtn.substr($time_crypt, $s%10+18);
    echo 'mixed hex: '.bin2hex($rtn).'<br>';
    $rtn=base64_encode($rtn);
    return $rtn;
 }

 echo 'sign:<br>';
 echo 'str_time:'.$str_time.'<br>';
 $rtn=sign($str_time);
 echo 'signed:'.$rtn."<br><br>";
 ?>
	<?php
	echo 'unsign:<br>';
	$base64='SFb+9uIIyCsmnqEfRl8zAhNU/E1tAPhISDC+bL9isqssivFWCHKZ3qqop/2c9M055H4=';
	//$base64='GicrJfhqvKUCol1jsnhIZM2H/UQa8ZtGIs2HvZsnCDziSSIPKbo3QJEd7qvPwFJMOEs=';
	//$base64='GykqJiswalge36/EHThFZfZOk0UbaRoUNiIBtyDZKQj2s7fdlSV5VrFDlSjETOvwg0s=';
	echo 'base64: '.$base64.'<br>';
	$str=base64_decode($base64);
	echo 'mixed hex: '.bin2hex($str).'<br>';

	$tmp=ord(substr($str, 1, 1))-36;
	if (($tmp)%3==0) {$s=$tmp;}
	if (($tmp-1)%3==1) {$s=$tmp-1;}
	if (($tmp-2)%3==2) {$s=$tmp-2;}
	$i=ord(substr($str, floor($s/10)+17+1+2, 1))-18-$s%12;
	$h=ord(substr($str, floor($s/10)+17+2, 1))-48-$s%9;
	$d=ord(substr($str, $i%10+7+1+2, 1))-84-$s%6;
	$y1=20; $y2=15; $m='04';
	$str_time="$y1$y2-$m-$d $h:$i:$s";
	echo 'str_time: '.$str_time.'<br>';

	$time_crypt=substr($str, 2, floor($i/10))
	.substr($str, floor($i/10)+1+2+1, $i%10+7+2-(floor($i/10)+1+2)-1)
	.substr($str, $i%10+7+1+2+1, floor($s/10)+17+2-($i%10+7+1+2)-1)
	.substr($str, floor($s/10)+17+1+2+1, $s%10+24+2-(floor($s/10)+17+1+2)-1)
	.substr($str, $s%10+24+1+2+1)
	.'<br>';
	echo 'crypted hex: '.bin2hex($time_crypt).'<br>';
	$time_bin=chr($y1+22+$s%2).chr($y2+22+$s%3).chr($m+65+$s%4).chr($d+84+$s%6).chr($h+48+$s%9).chr($i+18+$s%12).chr($s+36+$s%3).chr(8);
	$decrypt=mcrypt_decrypt(MCRYPT_DES, $time_bin, $time_crypt, MCRYPT_MODE_ECB);
	echo 'decrypt:'.bin2hex($decrypt).'<br><br>';


	function sign($str_time)
	{
	$key='x^z324_client_android';
	$time=strtotime($str_time);
	$y=date('Y', $time);
	$y1=substr($y, 0, 2);
	$y2=substr($y, 2, 2);
	$m=date('m', $time);
	$d=date('d', $time);
	$h=date('H', $time);
	$i=date('i', $time);
	$s=date('s', $time);
	$time_bin=chr($y1+22+$s%2).chr($y2+22+$s%3).chr($m+65+$s%4).chr($d+84+$s%6).chr($h+48+$s%9).chr($i+18+$s%12).chr($s+36+$s%3).chr(8);
	$content=str_pad($key, 32, "\0", STR_PAD_RIGHT).str_repeat("\x08", 8);
	$time_crypt=@mcrypt_encrypt(MCRYPT_DES, $time_bin, $content, MCRYPT_MODE_ECB);
	echo 'crypted hex: '.bin2hex($time_crypt).'<br>';
	$rtn=substr($time_bin, 5, 2).substr($time_crypt, 0, floor($i/10));
	$poss=array(floor($i/10), floor($i/10)+1, $i%10+7, $i%10+7+1, floor($s/10)+17, floor($s/10)+17+1, $s%10+24, $s%10+24+1);
	foreach ($poss as $i=>$p)
	{
	$rtn{$p+2}=$time_bin{$i};
	if ($i<=6)
	{
	$rtn=$rtn.substr($time_crypt, $poss[$i]-$i, $poss[$i+1]-$poss[$i]-1);
	}
	}
	$rtn=$rtn.substr($time_crypt, $s%10+18);
	echo 'mixed hex: '.bin2hex($rtn).'<br>';
	$rtn=base64_encode($rtn);
	return $rtn;
	}

	echo 'sign:<br>';
	echo 'str_time:'.$str_time.'<br>';
	$rtn=sign($str_time);
	echo 'signed:'.$rtn."<br><br>";
	?>