WebApp Sec mailing list archives

RE: Encoding Schemes

From: "David Knapman" <davidk () cccs co uk>
Date: Wed, 9 Nov 2005 14:02:07 -0000

If we're trying to fathom this out from first principals, I don't think there's enough here to get started. At the 
moment, all we know is that the second hex digit of every byte comes out the same in both sequences. However, since 
both sequences share the same low-order nibbles when encoded in hex, that doesn't necessarily help yet.

Next thing to look at is - is position important. If you rotate one of the sequences (say, try putting through BCDEFA, 
CDEFAB, etc), does the encoded output just rotate, or is it completely transformed. Finally, chuck through the complete 
upper and lowercase alphabets, so that we have all of the low-order nibble posibilities, and some more material to work 
with.

-----Original Message-----
From: Jason binger [mailto:cisspstudy () yahoo com]
Sent: 09 November 2005 04:42
To: webappsec () securityfocus com
Subject: Encoding Schemes


Hi,

I am reviewing a web app and I would like to know what
encoding scheme they are using to encode their
parameters.

123456 encodes to B8DCCEA11586
ABCDEF encodes to C8ACBED165F6

Any help would be appreciated.

Cheers.



        
                
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

VISIT OUR WEBSITE AT http://www.cccs.co.uk
---------------------------------------------------------------------
This email message is intended for the individual to whom it’s addressed 
and may contain information that is privileged and confidential. If you are 
not the intended recipient, you are hereby notified that any use or dissemination 
of this communication is strictly prohibited. If you have received this information 
in error, please return it to us immediately and delete it from your computer. 

The contents or opinions expressed within this email are not intended to 
represent the views of CCCS unless specifically stated to be so.

This email is not guaranteed to be free from any computer viruses, although 
it has been checked using the Trend Virus Suite. You should check this email 
and any attachments for the presence of viruses before downloading any files.

Current thread:

Encoding Schemes Jason binger (Nov 09)
- Re: Encoding Schemes Rogan Dawes (Nov 09)
- Re: Encoding Schemes Marcus Williams (Nov 09)
- Re: Encoding Schemes ilaiy (Nov 09)
- Re: Encoding Schemes Peter Conrad (Nov 09)
- Re: Encoding Schemes Vasiliy (Nov 09)
- <Possible follow-ups>
- RE: Encoding Schemes David Knapman (Nov 09)
- RE: Encoding Schemes Griffiths, Ian (Nov 09)
- Re: Re: Encoding Schemes cisspstudy (Nov 09)
  - RE: Re: Encoding Schemes Lyal Collins (Nov 09)
  - Re: Encoding Schemes Haroon Meer (Nov 09)
  - Re: Encoding Schemes Byron L. Sonne (Nov 09)