Full Disclosure mailing list archives
Re: Cipher detection
From: Cal Leeming <cal () foxwhisper co uk>
Date: Thu, 7 Apr 2011 18:05:24 +0100
lol thor ;p Max, can you give a little more information as to the source of this? Are you able to give us more samples? (preferably, dummy () example comm, dummy () example co, and test). If it's using a one time pad, you've got no chance lol, but sometimes these things just use realllllly heavily obfuscated lookup/convert tables, which can be reversed most of the time. Cal On Thu, Apr 7, 2011 at 5:39 PM, Thor (Hammer of God) <thor () hammerofgod com>wrote:
Actually it is a valid Base64 string – it just decodes to 24, 106, 27, 67, 102, 236, 169, 222, 184, 61, 117, 64, 153, 160, 226, 12, 24. To get dummy () example com you would have to XOR that resulting binary string with 124, 31, 118, 46, 31, 172, 108, 174, 217, 80, 5, 44, 124, 142, 129, 99, 117 which I don’t see any pattern in (close to that anyway, I did it in my head so I’m sure I screwed up some of them). Maybe someone sees something… Of course, Cal could have done it, which means it’s probably Matrix for “titties.” :-p The input and output are both 17 bytes, so an XOR makes sense, but another 17 character example would help. And a 20. t *From:* full-disclosure-bounces () lists grok org uk [mailto: full-disclosure-bounces () lists grok org uk] *On Behalf Of * Maksim.Filenko () fuib com *Sent:* Thursday, April 07, 2011 1:23 AM *To:* full-disclosure () lists grok org uk *Subject:* [Full-disclosure] Cipher detection Hi Full-Disclosure, I'm trying to figure out what kind of cipher was used in this: GGobQ2bsqd64PXVAmaDiDBg= Looks like Base64, but it's not. The original string is: dummy () example com Thanks all! wbr, - Max _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cipher detection Maksim . Filenko (Apr 07)
- Re: Cipher detection Thor (Hammer of God) (Apr 07)
- Re: Cipher detection Cal Leeming (Apr 07)
- Re: Cipher detection ichib0d crane (Apr 08)
- Re: Cipher detection Cal Leeming (Apr 07)
- Re: Cipher detection Tim (Apr 07)
- Re: Cipher detection Valdis . Kletnieks (Apr 07)
- Message not available
- Re: Cipher detection Maksim . Filenko (Apr 08)
- Re: Cipher detection Tim (Apr 08)
- Re: Cipher detection Brandon Enright (Apr 08)
- Re: Cipher detection Maksim . Filenko (Apr 08)
- Re: Cipher detection Thor (Hammer of God) (Apr 07)