Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Weird encoding.
Posted by: Kyran
Date: July 02, 2008 10:14PM

Anyone seen this before?
The first step seems to be base64, but what is it afterwards?

VTAEYwdiBTECYwA3BDYCZFViUW0AYQ==

- Kyran

Options: ReplyQuote
Re: Weird encoding.
Posted by: Kyran
Date: July 02, 2008 10:27PM

Alright, so with a new account..

VXUEPAc7BXICPgB0BGQCIlU2US8AJw%3D%3D

=

thisisatest


The last two parts, the urlencoded ==, is what leads me to believe this is at least partially base64.

- Kyran

Options: ReplyQuote
Re: Weird encoding.
Posted by: Matt Presson
Date: July 03, 2008 07:59AM

They could be performing some type of encryption on the text. Then they would need to base64 encode it to make it easily storable and persistable to the client. That would be my initial guess.

If that is true, I would look for special tables in the db for the key.

-----------------------------------------------------------------------
(ú=(θ='',[µ=!(Φ=!θ+{})+θ,Θ=Φ[ø=+!θ]+Φ[+θ],ĩ=µ[ø],Ø=µ[º=ø+++ø],Ç=Φ[º+ø],à=ú[Φ[º+º]+Φ[+θ]+Ç+ĩ]][Ø+Ç+Θ])())[ĩ+à('•êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: Weird encoding.
Posted by: istari
Date: July 04, 2008 09:46AM

This is the base64 encoding of binary data. In Python, you can use the base64.binascii.b2a_base64 function to do this kind of encoding. Obviously there is a similar decoding function...

As Matt said, the clear text is probably encrypted or transformed in some other way to binary data, and then encoded to store in the server. From the looks of it, you may be dealing with a hash function, as "thisisatest" would result in a much shorter encoding if encoded right away.

All in all, I think you may need to investigate more, and maybe try to hash the strings before encoding them. Almost all hash functions provide output in binary form (for instance, in Python you can get a binary md5 using md5.digest instead of the more common md5.hexdigest), so this could be a long search...

EDIT: Both of your encodings start with "V". If this is actually true for any text you input, you may actually be dealing with a static salt and not a hash function...



Edited 1 time(s). Last edit at 07/04/2008 09:49AM by istari.

Options: ReplyQuote
Re: Weird encoding.
Posted by: Malkav
Date: July 04, 2008 09:54AM

i'd bet either on a marshalled, base64 enc'ed string, or a "homecrypt"ed, base64 enc'ed string. 50/50.

you should get more info on the app behind, if it's python, ruby, perl or J2EE, try their unmarshalling funcs

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

Options: ReplyQuote
Re: Weird encoding.
Posted by: Gareth Heyes
Date: July 04, 2008 10:19AM

@Kyran

Can you not provide the encoding for single letters, numbers and then repeated characters:-

Like
A=What?
a=What?
aaa=What?
1=What?

This might help find the seed or algorithm behind the encoding/encryption. My initial thoughts is that it has been based encoded 3 times and character shifted but it's hard to tell with the data we've got.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Weird encoding.
Posted by: Kyran
Date: July 04, 2008 12:25PM

Well, unfortunately it's a password with a 10 char minimum. Otherwise I would have done so. And I don't have DB access, so I can't get you others to sample from. I fear with my current data it's probably unsolvable.

- Kyran

Options: ReplyQuote
Re: Weird encoding.
Posted by: istari
Date: July 04, 2008 12:51PM

Well, if it has a lower limit of 10 characters, try registering accounts with passwords:

aaaaaaaaaa
bbbbbbbbbb
...
AAAAAAAAAA
...
1111111111
...

And so on... You may even try weird characters to see what happens: passwords with something like ⌠, ² or √ may break custom algorithms if they're behind the base64 encoding and the coder didn't take them into account...

EDIT: Apparently WP doesn't like these characters either...



Edited 1 time(s). Last edit at 07/04/2008 12:51PM by istari.

Options: ReplyQuote
Re: Weird encoding.
Posted by: Gareth Heyes
Date: July 13, 2008 04:33AM

I was bored so I thought I'd look into this further. Initially I thought it was uuencoded as well as base64 encoded but now I'm not sure. There is definitely a repeated patterns of characters which seems to be the same in both strings:-

http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php?input=PEB0b2NoYXJjb2Rlc180OD48QGRfYmFzZTY0XzQxPlZUQUVZd2RpQlRFQ1l3QTNCRFlDWkZWaVVXMEFZUT09PEAvZF9iYXNlNjRfNDE%2BPEAvdG9jaGFyY29kZXNfNDg%2BCgo8QHRvY2hhcmNvZGVzXzQ3PjxAZF9iYXNlNjRfNDI%2BVlhVRVBBYzdCWElDUGdCMEJHUUNJbFUyVVM4QUp3PT08QC9kX2Jhc2U2NF80Mj48QC90b2NoYXJjb2Rlc180Nz4KCnRoaXNpc2F0ZXN0Cgo8QGJhc2U2NF81NT4KPEBiYXNlNjRfNTQ%2BPEB1dWVuY29kZV81Mz50aGlzaXNhdGVzdDxAL3V1ZW5jb2RlXzUzPjxAL2Jhc2U2NF81ND48QC9iYXNlNjRfNTU%2B

Could we have more data to test to satisfy my curiosity?
aaaaaaaaaaa
thisisatest1
thisisatest2
hisisatest1

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote


Sorry, only registered users may post in this forum.