Reply
Highlighted
All Star
Posts: 707
Registered: ‎11-05-2018

Re: Upgrading MD5 to new hash (SIM)

hex2bin works for sure. I’ve tested it numerous times.
Highlighted
Member
Posts: 3
Registered: ‎08-31-2014

Re: Upgrading MD5 to new hash (SIM)

For our DPM website, we used @stw's solution, instead of @Renaissance's, because Renaissance's requires the latest AuthorizeNet PHP library, which requires PHP version 5.6, which would require re-writing our entire website.

 

In step 1, stw's solution calls the PHP function base_convert, which did not work for us. Both hex2bin and pack worked. We used pack because hex2bin isn't available in our version of PHP.

 

Note that @stw's solution will fail in "2-3 months" because AuthorizeNet plans to stop sending the MD5 Hash in the API response:

https://support.authorize.net/s/article/MD5-Hash-End-of-Life-Signature-Key-Replacement

 

So we don't do this part of @stw's solution:

 

 

$response = new AuthorizeNetSIM($apiLoginID, $md5Setting);

 

Instead, we simply check if the transaction was approved, x_response_code === '1'.

 

Unfortunately, this exposes us to the risk of an imposter posing as AuthorizeNet.

 

So, to make the site a little harder to hack, we added a our own hash to an HTML hidden field, and check the value when it comes back in the AuthorizeNet API response. So while we can't be sure the response came from AuthorizeNet, we'll know if the custom hash came from our server.

Highlighted
All Star
Posts: 707
Registered: ‎11-05-2018

Re: Upgrading MD5 to new hash (SIM)

@capturewiz, there is a second verification you can do with sha2 with the response. It involves a delimited string with 30 carets. It’s in the DPM guide. Quite a bit different than the fingerprint on the front end, but several have gotten it to work. I am 100% confident I could get it to work in 1 hour if I tried, but I don’t use that integration method.
Highlighted
Member
Posts: 3
Registered: ‎08-31-2014

Re: Upgrading MD5 to new hash (SIM)

Thanks @Renaissance, but it took @cwdsl so long to figure out that solution, and it's so complicated,  it scared me off. It took me a few days just to get @stw's far simpler solution to work :-(

Highlighted
Contributor
Posts: 18
Registered: ‎01-14-2019

Re: Upgrading MD5 to new hash (SIM)

@capturewiz, my implementation only took a little while because I was incorrectly reading in the 30 values that need to be compared for the x_SHA2_hash.  Overall the VB.NET sample for the SIM integration I did was relatively simple to do once I gathered information together.  Hopefully the sample I posted will help others, although I have no knowledge of PHP so can't help any further in that regard.

Highlighted
Member
Posts: 1
Registered: ‎02-12-2019

Re: Upgrading MD5 to new hash (SIM)

Thank you very much!  I attempted to upgrade SIM for SHA512 by simple modifications to my old, working MD5 code, but got code 99 errors.  The fact that SIM documentation and upgrade documentation are inconsistent added to my consternation.  I adopted your code and now things are working as expected, at least in the sandbox.

 

I would add kudos if I could find a way to do that in this message window.

Highlighted
Member
Posts: 4
Registered: ‎02-27-2019

Re: Upgrading MD5 to new hash (SIM)

holy sh*tballs! thank you @stw ... your code got me going again!

I had to use pack() instead.. but I only needed this to work for like 1 more month! lol

 

Wish Authorize had waited till May to switch :)

 

Highlighted
Member
Posts: 6
Registered: ‎03-08-2019

Re: Upgrading MD5 to new hash (SIM)

Has anyone actually tested calculating the response hash where some of the fileds contain none ASCII characters?

 

For example in one the address fields I have 

Sãu Paulo

When calculating the hash it never matches.

 

However my hash matches when the fields contain ASCII characters only.

 

How do I get round this issue? Our intergation is written in PHP.

Highlighted
Contributor
Posts: 18
Registered: ‎01-14-2019

Re: Upgrading MD5 to new hash (SIM)

@staopix, the same happens for me with my VB.NET solution.

 

When I look at the value for x_city by returning Request.Params("x_city") it outputs...

 

Su Paulo

 

So the fact it is returning the ? character I don't actually know how we'd know what character was there.

Highlighted
Member
Posts: 6
Registered: ‎03-08-2019

Re: Upgrading MD5 to new hash (SIM)

[ Edited ]

@cwdsl

 

Based off there example C# in the PDF they reference the ASCII encoding class. Whcih can be found here: https://docs.microsoft.com/en-us/dotnet/api/system.text.asciiencoding?view=netframework-4.7.2

 

based of the example in that documentation the soloution seems to be that if the character cannot be represented in ASCII the a ? will be used. Which is what you are seeing. However I have tried to do this in PHP and cannot get it to work.

 

And the response from the API has the correct encoding too. I think their hash algorithm on their server side is doing something unexpected to the multibyte chars and its a case of us trying to second guess it.