0

I am following the steps to call a PSD2 endpoint, base64 code the message, then get SHA256 to obtain the Hash from it and get the base64 of the hash. I am using the same values of the examples to check if I am doing it right. They also provide a website with a js library to check the result.

https://i.stack.imgur.com/aBL9U.jpg

Input:

ewogICJpbnN0cnVjdGVkQW1vdW50IiA6IHsKICAgICJjdXJyZW5jeSIgOiAiRVVSIiwKICAgICJhbW91bnQiIDogIjE2LjAwIgogIH0sCiAgImRlYnRvckFjY291bnQiIDogewogICAgImliYW4iIDogIkVTNTE0MDAwMDAwMTA1MDAwMDAwMDAwMSIsCiAgICAiY3VycmVuY3kiIDogIkVVUiIKICB9LAogICJjcmVkaXRvck5hbWUiIDogIkNyZWQuIE5hbWUiLAogICJjcmVkaXRvckFjY291bnQiIDogewogICAgImliYW4iIDogIkVTNjYyMTAwMDQxODQwMTIzNDU2Nzg5MSIsCiAgICAiY3VycmVuY3kiIDogIkVVUiIKICB9LAogICJjcmVkaXRvckFkZHJlc3MiIDogewogICAgInN0cmVldCIgOiAiRWplbXBsbyBkZSBjYWxsZSIsCiAgICAiYnVpbGRpbmdOdW1iZXIiIDogIjE1IiwKICAgICJjaXR5IiA6ICJDb3Jkb2JhIiwKICAgICJwb3N0YWxDb2RlIiA6ICIxNDEwMCIsCiAgICAiY291bnRyeSIgOiAiRVMiCiAgfSwKICAicmVtaXR0YW5jZUluZm9ybWF0aW9uVW5zdHJ1Y3R1cmVkIiA6ICJQYWdvIiwKICAiY2hhcmdlQmVhcmVyIiA6ICJDUkVEIgp9

Expected Output:

pfHPQFso5E7SlQfg9kSVhZuod4k9KnFFEtFs472L5WI=

What I am doing:

import base64
import hashlib


# get_input returns the input base64 in bytes
result = base64.b64encode(hashlib.sha256(get_input()).digest())

In that case, the result is:

b'JRtx3taNOfx00oj2xuyoAxocxfJnL/wEXLYf9+t9jCk='

Instead of the expected result.

This result is the same as the result in that JS page changing the input type from base64 to text, so I assume the input is correct. But with hashlib there are not input type options. So my question is: What I have to do to get the expected output with that input in python?

NoiK
  • 162
  • 1
  • 11
  • 1
    Is this website calculating the sha1 from the base64 or using the decoded string ? – Maurice Meyer Oct 09 '19 at 15:04
  • I am not sure how the website is calculating it, they have a github with the code of the library they are using but it is all obfuscated. I also tried to communicate with customer service from PSD2 but they link the documentation as a reply, and documentation says that I should follow the same steps I described. :( – NoiK Oct 09 '19 at 22:39
  • Could you provide more details about this PSD2 endpoint(some documentation link etc)? – snieguu Oct 10 '19 at 05:13

2 Answers2

1

The website is decoding the input string from base64, hashing it, and then encoding the hash as base64.

>>> s = 'ewogICJpbnN0cnVjdGVkQW1vdW50IiA6IHsKICAgICJjdXJyZW5jeSIgOiAiRVVSIiwKICAgICJhbW91bnQiIDogIjE2LjAwIgogIH0sCiAgImRlYnRvckFjY291bnQiIDogewogICAgImliYW4iIDogIkVTNTE0MDAwMDAwMTA1MDAwMDAwMDAwMSIsCiAgICAiY3VycmVuY3kiIDogIkVVUiIKICB9LAogICJjcmVkaXRvck5hbWUiIDogIkNyZWQuIE5hbWUiLAogICJjcmVkaXRvckFjY291bnQiIDogewogICAgImliYW4iIDogIkVTNjYyMTAwMDQxODQwMTIzNDU2Nzg5MSIsCiAgICAiY3VycmVuY3kiIDogIkVVUiIKICB9LAogICJjcmVkaXRvckFkZHJlc3MiIDogewogICAgInN0cmVldCIgOiAiRWplbXBsbyBkZSBjYWxsZSIsCiAgICAiYnVpbGRpbmdOdW1iZXIiIDogIjE1IiwKICAgICJjaXR5IiA6ICJDb3Jkb2JhIiwKICAgICJwb3N0YWxDb2RlIiA6ICIxNDEwMCIsCiAgICAiY291bnRyeSIgOiAiRVMiCiAgfSwKICAicmVtaXR0YW5jZUluZm9ybWF0aW9uVW5zdHJ1Y3R1cmVkIiA6ICJQYWdvIiwKICAiY2hhcmdlQmVhcmVyIiA6ICJDUkVEIgp9'
>>> decoded = base64.b64decode(s)
>>> hash_ = hashlib.sha256(decoded)
>>> r = base64.b64encode(hash_.digest())
>>> r.decode()
'pfHPQFso5E7SlQfg9kSVhZuod4k9KnFFEtFs472L5WI='
snakecharmerb
  • 47,570
  • 11
  • 100
  • 153
0

Try to decode the result:

result = base64.b64encode(hashlib.sha256("hi".encode()).digest())
print(result)
print(result.decode('utf-8'))

Output:

b'j0NDRmSPa5bfid2pAcUXaxCm2Dlh3TwayItZstwyeqQ='
j0NDRmSPa5bfid2pAcUXaxCm2Dlh3TwayItZstwyeqQ=

source: https://docs.python.org/3/howto/unicode.html

LangeTreeDorpie
  • 328
  • 5
  • 11
  • Same result but in utf-8 instead of bytes, but still 'JRtx3taNOfx00oj2xuyoAxocxfJnL/wEXLYf9+t9jCk=' :( – NoiK Oct 09 '19 at 22:36
  • @NoiK I did edit my post, are you sure you did it like this? Otherwise can you give us some more information – LangeTreeDorpie Oct 10 '19 at 07:08
  • The result for the bytes input I posted should be: pfHPQFso5E7SlQfg9kSVhZuod4k9KnFFEtFs472L5WI= and this solution gets me 'JRtx3taNOfx00oj2xuyoAxocxfJnL/wEXLYf9+t9jCk=' so there is something that this js script is doing with the input that I am not doing it in python, but I can't find what. Thank your for your response! – NoiK Oct 10 '19 at 07:12