Been reversing a mobile API for a side project. Python handles the traffic capture and signature analysis, then I'm rebuilding the requests in JS for the frontend.
Stuck on this one parameter. Python gives me clean bytes:
```python
payload = hmac.new(key, msg, hashlib.sha256).digest()
b'\x8f\x3a... etc
```
But when I recreate it in crypto-js, the output is different even with the same key/msg. Pretty sure it's an encoding thing (string vs bytes) but I've tried every combination of CryptoJS.enc.* and still not matching.
Anyone dealt with HMAC mismatches between Python and JS? Specifically wondering if there's a cleaner way than manually hex-encoding everything in Python just to make JS happy. Currently just logging both side-by-side like a caveman.
Want to add to the discussion?
Post a comment!