Zero_Himself

its on http://tnid.us I was hoping it was something simple such as changing the encoding scheme like from utf8 to utf16, or a simple xor or something that someone may have actually seen... it is a service that provides cell phone info.(i could pay for the api, but that wouldn't be as much fun) the info i'm trying to scrape is out of the current provider php script, i am trying to get the current network as plain text.(i have a solution that uses OCR, but it is somewhat unstable.. and not as much of a challenge) I mean, in the worst case, i could always just build a table of values, and what their plain-text counterparts are... But now i want to know how they encoded it ;-P I noticed that I can change certain parts and get an immediate result. like this example(sorry, i don't feel like making it cleaner, but you get the id once you start playing with it) zAmt=Y y8mt=U y5mt=U y4mt=U y0mt=U yZmt=Me yYmt=Me yXmt=Me yWmt=Me w9m = 6er x9m = Fer y9m = Ver z9m = fer 29m = ~er 29a = ~5r x9a = F5r here is another one for you: does anyone know of a free(non hacked) way to find out someones cell phone provider(so we can properly route SMS messages to people)

Hey guys, i figured this might be the place to ask this. I am trying to scrape some 411 from a website, and hit a snag I am trying to pull a string out of a url, but it appears to be encoded in some way that i haven't been able to decode(i know it's something simple, i just haven't figured it out yet) The source string is 30 chars wide, and appears to contain null values too. The site calls a php script with a ?q=($OUR_STRING)vMj7Fzqp-sidC2rZrQnquLtbKtiLKRnZrIua5zupanm8itpJuZjLWJ0LCvddieqbG-k513qpasjKqxr5rMjqma4JOsscuBsXfItq($EXTRA_JUNK) only the first 30 chars seem to be in use(==$OUR_STRING) ex. $OUR_STRING "xsKovKuxm7_GlH3Rr6GznN-7c7Wos4"="AT&T Mobility" "y9mtyLbGyefGy3W5rrKR2NyviMjC6Y"="Verizon Wireless" ex. complete string AT&T Mobility=="xsKovKuxm7_GlH3Rr6GznN-7c7Wos4 vMj7Fzqp-sidC2rZrQnquLtbKtiLKRnZrIua5zupanm8itpJuZjLWJ0LCvddieqbG-k513qpasjKqxr5rMjqma4JOsscuBsXfItq hviw.." Verizon Wireless="y9mtyLbGyefGy3W5rrKR2NyviMjC6Y vMj7Fzqp-sidC2rZrQnquLtbKtiLKRnZrIua5zupanm8itpJuZjLWJ0LCvddieqbG-k513qpasjKqxr5rMjqma4JOsscuBsXfItq pztbixlq4." the character encoding seems to be 2-bytes wide, but i have been unable to figure it out so far. my goal is to be able to decode $OUR_STRING to read the data passed to the script. Any help, or hints would be greatly appreciated.

For Trinity Rescue Kit, it is no longer necessary to rename the volume label. At the end of the kernel line in menu.lst add "vollabel=yourUsbLabel" title Trinity Rescue Kit 3.3 (default) kernel kernel.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 vollabel=MULTIBOOT initrd initrd.trk ;-)

Gparted Live - Download the iso, and extract the "live" folder to the root of your usbkey. It must be in root for this to work. menu.lst title Gparted Live configfile /gparted_submenu.lst gparted_submenu.lst title Main-menu configfile /menu.lst title GParted Live 0.4.5-2 kernel /live/vmlinuz1 boot=live union=aufs noswap noprompt vga=791 ip=frommedia nolocales root= initrd /live/initrd1.img title GParted Live(RAMFS, media can be removed) kernel /live/vmlinuz1 boot=live union=aufs noswap noprompt vga=791 toram ip=frommedia nolocales initrd /live/initrd1.img title GParted Live(Safe graphic settings, vga=normal) kernel /live/vmlinuz1 boot=live union=aufs noswap noprompt ip=frommedia nolocales vga=normal initrd /live/initrd1.img title GParted Live (Failsafe mode) kernel /live/vmlinuz1 boot=live union=aufs noswap noprompt acpi=off irqpoll noapic noapm nodma nomce nolapic nosmp ip=frommedia nolocales vga=normal initrd /live/initrd1.img

Funny thing here..... By simply reversing the entire file (first byte becomes last byte, second byte becomes next to last byte, etc), My file goes totally undetected.... (DIDN'T EVEN HAVE TO CRYPT IT!!!!, just flip the script ;-) ) yep, just like I thought.... McAfee only catches it upon a disk write(I still haven't tried to execute anything from memory, but I suspect that we would kind of need to by-pass windows for that kind of functionality), So in theory we could custom load our decrypted *payload*, and run it without the AV noticing it...(this would maybe even eliminate the need for an AVkill..) but then again, this would be a real temporary thing... I'm willing to bet tools like this are written everyday, and added to AV signature files everyday... but remember this, If you write a nifty tool that successfully does this, everyone will want to use it, then it becomes mainstream, and then AV's will notice it, and it will get blocked by AV software ;-)

Well, lets think outside of the box for a minute ;-) before hand.... *payload* = "Our program that we are trying to sneak past the AV" If I were trying to do this back in the day(MSdos 5-6.22), I would encrypt the file in a .exe loader(that I would write myself), and then decrypt the *payload* in memory, and reload the decrypted *payload* overtop of some null-padded chunk of my loaders memory (maybe just overtop of the original .exe's memory), and restart it..... So, maybe A loader could be written that: A. uses the same Libs and Dll's(so they are already loaded) B. decrypts it's payload, and overwrites itself(WITHOUT GETTING SWAPPED OR WRITTEN TO DISK!!!!) C. restarts it's own execution...... Maybe this would get past the anti-virus. I don't have the time, or I would look into the idea, but I suspect that if you search MSDN, we can probably find the format of a .EXE file, and how the libs(.dll's) are loaded...., and once you do that, you can load the needed libs, and by-pass the whole writing to disk(I AM ASSUMING THAT THAT IS WHERE AN AV PICKS IT UP AT.....), and by-pass dectection. I use Mcafee, and I am trying to whip up a little POC program to see if McAfee will catch the decrypted *payload* in memory or not... I'll keep ya filled in