Jump to content

Need Some Help With Character Encoding/encryption


Zero_Himself
 Share

Recommended Posts

Hey guys, i figured this might be the place to ask this.

I am trying to scrape some 411 from a website, and hit a snag

I am trying to pull a string out of a url, but it appears to be encoded in some way that i haven't been able to decode(i know it's something simple, i just haven't figured it out yet)

The source string is 30 chars wide, and appears to contain null values too.

The site calls a php script with a ?q=($OUR_STRING)vMj7Fzqp-sidC2rZrQnquLtbKtiLKRnZrIua5zupanm8itpJuZjLWJ0LCvddieqbG-k513qpasjKqxr5rMjqma4JOsscuBsXfItq($EXTRA_JUNK)

only the first 30 chars seem to be in use(==$OUR_STRING)

ex. $OUR_STRING

"xsKovKuxm7_GlH3Rr6GznN-7c7Wos4"="AT&T Mobility"

"y9mtyLbGyefGy3W5rrKR2NyviMjC6Y"="Verizon Wireless"

ex. complete string

AT&T Mobility=="xsKovKuxm7_GlH3Rr6GznN-7c7Wos4 vMj7Fzqp-sidC2rZrQnquLtbKtiLKRnZrIua5zupanm8itpJuZjLWJ0LCvddieqbG-k513qpasjKqxr5rMjqma4JOsscuBsXfItq hviw.."

Verizon Wireless="y9mtyLbGyefGy3W5rrKR2NyviMjC6Y vMj7Fzqp-sidC2rZrQnquLtbKtiLKRnZrIua5zupanm8itpJuZjLWJ0LCvddieqbG-k513qpasjKqxr5rMjqma4JOsscuBsXfItq pztbixlq4."

the character encoding seems to be 2-bytes wide, but i have been unable to figure it out so far.

my goal is to be able to decode $OUR_STRING to read the data passed to the script.

Any help, or hints would be greatly appreciated.

Link to comment
Share on other sites

I can tell you that the string was not encoded using base64

It must have be encoded in a different format, may be in ASCII code.

Not sure, it could've been encoded by anything.

From which website did you get those strings from?

Edited by Infiltrator
Link to comment
Share on other sites

It decodes fine as base64, but not to plain text, so probably not straight base64 encoded information, might have another layer of encoding once you decode it from base64.

Can you post the entire string or give us the actual url it came from? Could just be random session data. Check your cookies for anything corresponding, might show up there as well.

Edited by digip
Link to comment
Share on other sites

It decodes fine as base64, but not to plain text, so probably not straight base64 encoded information, might have another layer of encoding once you decode it from base64.

I attempted decoding the string using base64 decoder, but it said something about not a valid base64 string.

You could be right, it could have been encoded into base64 before being encoded into something else.

The only way to verify this assumption is looking at the source code, that encoded the string.

Link to comment
Share on other sites

its on http://tnid.us

I was hoping it was something simple such as changing the encoding scheme like from utf8 to utf16, or a simple xor or something that someone may have actually seen...

it is a service that provides cell phone info.(i could pay for the api, but that wouldn't be as much fun) the info i'm trying to scrape is out of the current provider php script, i am trying to get the current network as plain text.(i have a solution that uses OCR, but it is somewhat unstable.. and not as much of a challenge)

I mean, in the worst case, i could always just build a table of values, and what their plain-text counterparts are... But now i want to know how they encoded it ;-P

I noticed that I can change certain parts and get an immediate result. like this example(sorry, i don't feel like making it cleaner, but you get the id once you start playing with it)

zAmt=Y

y8mt=U

y5mt=U

y4mt=U

y0mt=U

yZmt=Me

yYmt=Me

yXmt=Me

yWmt=Me

w9m = 6er

x9m = Fer

y9m = Ver

z9m = fer

29m = ~er

29a = ~5r

x9a = F5r

here is another one for you: does anyone know of a free(non hacked) way to find out someones cell phone provider(so we can properly route SMS messages to people)

Edited by Zero_Himself
Link to comment
Share on other sites

here is another one for you: does anyone know of a free(non hacked) way to find out someones cell phone provider(so we can properly route SMS messages to people)

Get them to visit a specific page in their phones web browser, compare IP to DNS name lookup, get their carrier (ie: user visits with blackberry browser, ip might belong to sprint, then you know what carrier they are on)

The other is to have them call you and then lookup the number via something like tnid.org. Mitnick also had some kind of setup with asterisk where he could get peoples numbers on caller ID, even when they were blocking caller ID or had a private unlisted number, but would require the end user to call your special number to pull the private number data.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...