Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Decoding strings
Posted by: Gareth Heyes
Date: March 17, 2009 08:55PM

I see a lot of posts on sla.ckers with people trying to figure out what encoded strings are. After talking with Marcin about a string he was trying to decode I came up with a idea. I've added a tag to Hackvertor which will do basic decoding to try and identify the method used.

It works by supplying a known result and the encoded string, using this is compares the result with the guesses and hopefully produces the method used to encode it. Here are some examples:-

This one detects mixed bases:-
http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php#PEBkX3N0cmluZ18xKCIsIix0ZXN0KT41NiwydCw0NyxhNjxAL2Rfc3RyaW5nXzE%2B

This one detects the offset:-
http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php#PEBkX3N0cmluZ18xKCIsIix0ZXN0KT4yMzgsMjIzLDIzNywyMzg8QC9kX3N0cmluZ18xPg%3D%3D

Any comments or further ideas would be helpful thanks!

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Decoding strings
Posted by: thornmaker
Date: March 17, 2009 10:24PM

I like the idea. Shouldn't it be able to identify things like: http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php#PEBkX3N0cmluZ18xKCIsIix0ZXN0KT41NiwydCw0NyxhNjxAL2Rfc3RyaW5nXzE%2B or is my syntax wrong?

Options: ReplyQuote
Re: Decoding strings
Posted by: Gareth Heyes
Date: March 18, 2009 02:42AM

Wrong link? That was what I posted. Gonna improve it a bit more

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Decoding strings
Posted by: Gareth Heyes
Date: March 18, 2009 03:43AM

Now detects all sorts:-

http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php#PEBkX3N0cmluZ18xKCIsIix0ZXN0KT5mcWVmPEAvZF9zdHJpbmdfMT4KPEBkX3N0cmluZ181KCIsIix0ZXN0KT5ncmZnPEAvZF9zdHJpbmdfNT4KPEBkX3N0cmluZ182KCIsIix0ZXN0KT5FNkRFPEAvZF9zdHJpbmdfNj4KPEBkX3N0cmluZ184KCIsIix0ZXN0KT45Zjg2ZDA4MTg4NGM3ZDY1OWEyZmVhYTBjNTVhZDAxNWEzYmY0ZjFiMmIwYjgyMmNkMTVkNmMxNWIwZjAwYTA4PEAvZF9zdHJpbmdfOD4KPEBkX3N0cmluZ18xMCgiLCIsdGVzdCk%2BZEdWemRBPT08QC9kX3N0cmluZ18xMD4KPEBkX3N0cmluZ18xMigiLCIsdGVzdCk%2BK0FIUUFaUUJ6QUhRLTxAL2Rfc3RyaW5nXzEyPgo8QGRfc3RyaW5nXzE0KCIsIix0ZXN0KT49JjVTPSA8QC9kX3N0cmluZ18xND4%3D

Also decodes the base then tries to find the offset:-
http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php#PEBkX3N0cmluZ18wKCIsIix0ZXN0KT4wMTc2LDAxNTcsMDE3NSwwMTc2PEAvZF9zdHJpbmdfMD4%3D

Added XOR support too (You've got to be careful with the split char though):-
http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php#PEBkX3N0cmluZ183KCI7IixIZWxsbyk%2BLAEICAs8QC9kX3N0cmluZ183Pg%3D%3D

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 2 time(s). Last edit at 03/18/2009 07:53AM by Gareth Heyes.

Options: ReplyQuote
Re: Decoding strings
Posted by: thornmaker
Date: March 18, 2009 08:56AM

yeah, i cut/pasted the wrong link. anyhow, the example i was showing was a just a base64 encoded string, but that seems to be working now.

Options: ReplyQuote
Re: Decoding strings
Posted by: Gareth Heyes
Date: March 18, 2009 09:57AM

Ah cool yeah it was a bit broken earlier

It can now guess simple sub ciphers or key based xors:-

http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php#PEBkX3N0cmluZ18xKCIsIix0ZXN0KT5FVxJAPEAvZF9zdHJpbmdfMT4%3D

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Decoding strings
Posted by: DoctorDan
Date: March 18, 2009 11:58AM

Pretty impressive, definitely powerful, and perhaps above all just really cool!
Very nice, Gareth!

-Dan

Options: ReplyQuote
Re: Decoding strings
Posted by: Matt Presson
Date: March 18, 2009 02:14PM

It may be beneficial to add something that code find the salt used for a hash. I know this is probably impractical, but just thought I would throw it out there.

-----------------------------------------------------------------------
(ú=(θ='',[µ=!(Φ=!θ+{})+θ,Θ=Φ[ø=+!θ]+Φ[+θ],ĩ=µ[ø],Ø=µ[º=ø+++ø],Ç=Φ[º+ø],à=ú[Φ[º+º]+Φ[+θ]+Ç+ĩ]][Ø+Ç+Θ])())[ĩ+à('•êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: Decoding strings
Posted by: Gareth Heyes
Date: March 18, 2009 02:33PM

@Matt

It's something I've thought about but you're really just doing a rainbow table there and I'm pretty sure my server wouldn't be able to handle all the data required :(

Although I could do a basic one based on a simple dictionary or common patterns

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Decoding strings
Posted by: Matt Presson
Date: March 18, 2009 06:43PM

I was afraid I was asking a little too much there, but I completely understand.

-----------------------------------------------------------------------
(ú=(θ='',[µ=!(Φ=!θ+{})+θ,Θ=Φ[ø=+!θ]+Φ[+θ],ĩ=µ[ø],Ø=µ[º=ø+++ø],Ç=Φ[º+ø],à=ú[Φ[º+º]+Φ[+θ]+Ç+ĩ]][Ø+Ç+Θ])())[ĩ+à('•êí')](Ç+à('Á«)'))

Options: ReplyQuote


Sorry, only registered users may post in this forum.