Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
file name encoding / decoding
Posted by: unicorn64
Date: September 22, 2008 10:22AM

Hi folks,

This is my first post so forgive me if my question is "out of bounds".
I'm looking for an answer on how filenames I encounter are encoded.
It looks like uploaded pictures have a systematic way of scrambling.
Username and the image file number are part of it I'm sure.

For instance a filename is build like this:

USERNAME_randomlettersanddigits_filenumber.jpg

so USERNAME_leo93nf83jsy6km_2.jpg
(just examples)

What I figured out already:
- It's always the number of characters of the username plus 7 (might include the filenumber as well).
- if the number of the file >10 it adds up 2 characters in the scrambled filename.
- All lowercase, letters and numbers
- deleting a file and uploading a new one gives the same encoded filename. So no random generator, date or time.

here are a couple of real filenames...

LUNA6_4njuojf2aojzhs_49.jpg
LUNA6_22nynfj66smf6h_50.jpg
LUNA6_d9k5ligy9pp9hn_51.jpg

MM_u40cn3pop_4.jpg

BRIEVENBUSJE_46sdgtceowpjp3brnzk_2.jpg
BRIEVENBUSJE_akijwwfgf0wgjsewnp0_8.jpg
BRIEVENBUSJE_7pctf337zdjjzji6mzvz8_80.jpg

It looks like a code to crack...

Any suggestions?

Thanks in advance.

Options: ReplyQuote
Re: file name encoding / decoding
Date: September 22, 2008 12:11PM

could you make the smallest username you can make and then upload 5 files so its _1.jpg _2.jpg... and then post the filenames that are given.

Also when you delete and upload a new file are you using the same file? also are you using the same initial file name when uploading?

Options: ReplyQuote
Re: file name encoding / decoding
Posted by: unicorn64
Date: September 22, 2008 12:52PM

ABCD3_g778dsl2ebuv_1.jpg
ABCD3_od8jlgi5lk8d_2.jpg
ABCD3_6gg7o4beijj4_3.jpg
ABCD3_v7jrv8mudru6_4.jpg
ABCD3_hpa8a1l7pkcg_5.jpg
ABCD3_ybbj64gr5mac_6.jpg

Different file upload gives same code. So no filesize-link

on the form page where you can upload 3 pics at a time this lines:
<input type="file" name="myUpload_AC11858FEF6BFD37492B2B3563AB7507-PicFile1" id="PicFile1" />
<input type="file" name="myUpload_AC11858FEF6BFD37492B2B3563AB7507-PicFile2" id="PicFile2" />
<input type="file" name="myUpload_AC11858FEF6BFD37492B2B3563AB7507-PicFile3" id="PicFile3" />

Looks like the files are renamed bfore uploading takes place.

The MM_u40cn3pop_4.jpg is the shortest username I can find.

The adding of 7 characters to the name could be a encoding of something like adding a word and the filenumber to the username.
Also, very telling: the count of characters adding by two when filenumber is 10 or higher. HEX code in key?

Options: ReplyQuote
Re: file name encoding / decoding
Posted by: unicorn64
Date: September 25, 2008 01:17PM

Anyone have an idea? Such a constant algorithm doesn't look too safe right?

Options: ReplyQuote
Re: file name encoding / decoding
Date: September 25, 2008 02:50PM

can you post the link to the site for testing?

Options: ReplyQuote


Sorry, only registered users may post in this forum.