Im trying to implement the Google Safebrowsing update API v4 in PHP. But I can't figure how to correctly decode the rawHashes.

(The rawHashes are 4-bytes-truncated sha256 hashes and then concatenated).

I am trying the native base64_decode of PHP but I can't fully decode the string, and I don't know what the next step is.

According to the API documentation here's how the rawhashes are encoded :

string (bytes format)
The hashes, in binary format, concatenated into one long string. Hashes are sorted in lexicographic order. For JSON API users, hashes are base64-encoded.
A base64-encoded string.

I an very symply decoding the string like so :

$decoded = base64_decode($rawHashes);

The base64 encoded string look like this :

"AAAIYAAAC90AABOxAAAjDgAALZIAAEbKAABIHwAA..."

And the base64 decoded string look like this :

b"\x00\x00\x08`\x00\x00\vÝ\x00\x00\x13±\x00\x00#\x0E\x00\x00-’\x00\x00FÊ\x00\x00H\x1F\x00\x00^\x06\x00\x00bF\x00\x00h²"

As you can see something is not right and I must miss a step but I can't figure wich one.

2 Answers

1
TheMackou On Best Solutions

As Mjh said in the discussion nothing is wrong about base64_decode and nothing else is needed.

Nothing's wrong. You just aren't reading carefully. Here, read what it says: The hashes, in binary format. It says binary format. After decoding, you got binary representation of the data. Using bin2hex should return a human-readable hash. $hash = bin2hex(base64_decode($your_encoded_hash)); - Mjh

The decoded string was looking weird as it is binary data (Raw SHA256 hash) although it is totally correct. To get the hashes in a more convenient encoding it's possible to convert the binary represented data to hex represented data with the php function bin2hex

$hash = bin2hex(base64_decode($your_encoded_hash));
1
asiby On

From what I know of base64_decode, it just works. Something must be wrong in your $rawHashes string. If you have line breaks in your string, you need to get rid of them by replacing them with an empty string. The hash that base64_decode needs should be one long line of base64 encoded string. It is not uncommon to receive a hash that is broken into multiple lines.

Try this ...

$decoded = base64_decode(str_replace(PHP_EOL, "", $rawHashes));