Jump to content

Yet another credit card decryption thread

Glitch

By Glitch
in Developer Corner

 Share

Recommended Posts

Glitch Junior Member

Glitch

Posted
Posted (edited)

Hi - I've edited this post to reflect a solution. A little help from WHMCS support.

 

This will create the database has, and decode the fields.

 

I'm using this as an export prior to a change of payment gateways. This could also be the basis for an export of customers prior to changing the cc_encryption_hash (but dont forget service passwords too using the WHMCS decrypt() function)...

 

$stmt = $pdo->prepare("SELECT id, firstname, lastname, companyname, email, address1, address2, city,   
                             state, postcode, phonenumber, cardtype, cardlastfour,
                             AES_DECRYPT(cardnum, MD5(CONCAT('$cc_encryption_hash',id)) ) as cardnum, 
                             AES_DECRYPT(expdate, MD5(CONCAT('$cc_encryption_hash',id)) ) as expdate, 
                             AES_DECRYPT(issuenumber, MD5(CONCAT('$cc_encryption_hash',id)) ) as issuenumber, 
                             AES_DECRYPT(startdate, MD5(CONCAT('$cc_encryption_hash',id)) ) as startdate
                           FROM tblclients ");


$stmt->execute();

$lines = $stmt->rowCount();
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);

Edited by Glitch
More detail
0
Link to comment
Share on other sites
Glitch Junior Member

Glitch

Posted
  • Author
Posted

So changing the SQL to this:

 

$stmt = $pdo->prepare("SELECT id, firstname, lastname, companyname, email, address1, address2, city,   
                             state, postcode, phonenumber, cardtype, AES_DECRYPT(cardnum,'your hash') as cardnum, cardlastfour,
                             AES_DECRYPT(expdate,'your hash' ) as expdate, 
                             AES_DECRYPT(issuenumber,'your hash' ) as issuenumber ,
                             AES_DECRYPT(startdate,'your hash') as startdate
                           FROM tblclients 
            ");
$stmt->execute();

 

Results in things being decrypted, however "your hash" (32 Bytes) as supplied by WHMCS to the mysql backend is not the same as $cc_encryption_hash (64 bytes). Can anyone clue me in on what is being done to it? Like its a double-hash, or something else, but it would be handy if someone, even by PM could let me know what as that will save me a crap load of time.

 

Cheers.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept