I would like to unmask or unobfuscate a piece of base64 encoded string containing some characters.
For instance, I know VovL5SaV_iSBx6oAFGypsTCO matches 00000000. Is there a way, knowing more data (the input and the output) to find out the algorithm that obfuscate the string? I couldn't find anything.
Some example:
- The result of
f(A)will vary in length ifAis longer f(A) will be longer, if A is shorterf(A)will be shorter. - If we have A and B with a similar ending (e.g. aaaaa@gmail.com and bbbbb@gmail.com), then f(A) and f(B) will also have the same ending.
3 Answers
Answers 1
Given what you said and the comments published, I would say that yes, knowing more data couples [obfuscated/cleartext] can help you understand the underlying algorithm.
You will have to analyze various properties, such as string lengths, and characters redundancy, and byte values shift and variations to small changes (eg: changing 000000 to 000001) Also, control if the obfuscated strings are predictable or repeatable.
Ultimately, try to see if you can forge your own obfuscated texts and see the results. This can be achieved by fuzzing and can help you predict the algorithm in a more aggressive way.
From what you said, I would say this is not a secured block-cypher of the data, but rather a substitution. It could be ROT13 at byte-level or an XOR, both with some padding (metadata?).
Note that the _ seems to act as a separator: the string as is cannot be decoded, but both parts around the _ can be.
Answers 2
based on what you mentionned, it seems like the encryption uses a block cipher: One nive property about you block cipher is that the encryption of a block doesn't depend on the one before, this is not allways true, (and is very bad practice=very good for the you the attacker), one of block ciphers that does that is: ECB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Block_Chaining_.28CBC.29 , as you can see the same key is used for each encryption, and the block cipher can be equivalent to a XOR allowing to guess decryopt anything. To check that trying f(00000000000000) where the length is more than one block and see if a pattern repeats it self. If this not the case, you might be useing something like CTR: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_.28CTR.29 here a "key(i)"=blockcipher(key,nonce(i)) is used to encrypted each block using XOR, if you manage to calculate again f(000000000000) and find key(1), key(2)... you can use them latter to decrypt anything you want. if you can provide me with the tool used for the obfuscation I might be able to decrypt what you want
Answers 3
I would like to help you with this, but it is illegal under the United States Digital Millennium copyright act section 1201. Perhaps somebody in a country with more freedom will respond with a better answer.
1201. (1) A. No person shall circumvent a technological measure that effectively controls access to a work protected under this title. 
0 comments:
Post a Comment