Full Disclosure mailing list archives

Re: Cipher detection

From: Cal Leeming <cal () foxwhisper co uk>
Date: Thu, 7 Apr 2011 18:05:24 +0100

lol thor ;p

Max, can you give a little more information as to the source of this? Are
you able to give us more samples? (preferably, dummy () example comm,
dummy () example co, and test).

If it's using a one time pad, you've got no chance lol, but sometimes these
things just use realllllly heavily obfuscated lookup/convert tables, which
can be reversed most of the time.

Cal

On Thu, Apr 7, 2011 at 5:39 PM, Thor (Hammer of God)
<thor () hammerofgod com>wrote:

 Actually it is a valid Base64 string – it just decodes to 24, 106, 27,
67, 102, 236, 169, 222, 184, 61, 117, 64, 153, 160, 226, 12, 24.  To get
dummy () example com you would have to XOR that resulting binary string with
124, 31, 118, 46, 31, 172, 108, 174, 217, 80, 5, 44, 124, 142, 129, 99, 117
which I don’t see any pattern in (close to that anyway, I did it in my head
so I’m sure I screwed up some of them).  Maybe someone sees something…   Of
course, Cal could have done it, which means it’s probably Matrix for
“titties.”  :-p



The input and output are both 17 bytes, so an XOR makes sense, but another
17 character example would help.  And a 20.



t







*From:* full-disclosure-bounces () lists grok org uk [mailto:
full-disclosure-bounces () lists grok org uk] *On Behalf Of *
Maksim.Filenko () fuib com
*Sent:* Thursday, April 07, 2011 1:23 AM
*To:* full-disclosure () lists grok org uk
*Subject:* [Full-disclosure] Cipher detection



Hi Full-Disclosure,

I'm trying to figure out what kind of cipher was used in this:

GGobQ2bsqd64PXVAmaDiDBg=

Looks like Base64, but it's not. The original string is:

dummy () example com

Thanks all!

wbr,
 - Max

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Cipher detection Maksim . Filenko (Apr 07)
- Re: Cipher detection Thor (Hammer of God) (Apr 07)
  - Re: Cipher detection Cal Leeming (Apr 07)
    - Re: Cipher detection ichib0d crane (Apr 08)
- Re: Cipher detection Tim (Apr 07)
- Re: Cipher detection Valdis . Kletnieks (Apr 07)
- Message not available
  - Re: Cipher detection Maksim . Filenko (Apr 08)
    - Re: Cipher detection Tim (Apr 08)
    - Re: Cipher detection Brandon Enright (Apr 08)