Encoding Schemes

[Jason binger]

Hi,

I am reviewing a web app and I would like to know what
encoding scheme they are using to encode their
parameters.

123456 encodes to B8DCCEA11586
ABCDEF encodes to C8ACBED165F6

Any help would be appreciated.

Cheers.





__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com

[Rogan Dawes]

Jason binger wrote:
> Hi,
>
> I am reviewing a web app and I would like to know what
> encoding scheme they are using to encode their
> parameters.
>
> 123456 encodes to B8DCCEA11586
> ABCDEF encodes to C8ACBED165F6
>
> Any help would be appreciated.
>
> Cheers.

If you can get more examples, it would be useful to get:

AAAAAA
AAAAA
AAAA
AAAAAB
AAAABB

and similar output.

Rogan

[David Knapman]

If we're trying to fathom this out from first principals, I don't think there's enough here to get started. At the moment, all we know is that the second hex digit of every byte comes out the same in both sequences. However, since both sequences share the same low-order nibbles when encoded in hex, that doesn't necessarily help yet.

Next thing to look at is - is position important. If you rotate one of the sequences (say, try putting through BCDEFA, CDEFAB, etc), does the encoded output just rotate, or is it completely transformed. Finally, chuck through the complete upper and lowercase alphabets, so that we have all of the low-order nibble posibilities, and some more material to work with.

-----Original Message-----
From: Jason binger [mailto:cissp...@yahoo.com]
Sent: 09 November 2005 04:42
To: weba...@securityfocus.com
Subject: Encoding Schemes


Hi,

I am reviewing a web app and I would like to know what
encoding scheme they are using to encode their
parameters.

123456 encodes to B8DCCEA11586
ABCDEF encodes to C8ACBED165F6

Any help would be appreciated.

Cheers.

__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com

VISIT OUR WEBSITE AT http://www.cccs.co.uk
---------------------------------------------------------------------
This email message is intended for the individual to whom it’s addressed
and may contain information that is privileged and confidential. If you are
not the intended recipient, you are hereby notified that any use or dissemination
of this communication is strictly prohibited. If you have received this information
in error, please return it to us immediately and delete it from your computer.

The contents or opinions expressed within this email are not intended to
represent the views of CCCS unless specifically stated to be so.

This email is not guaranteed to be free from any computer viruses, although
it has been checked using the Trend Virus Suite. You should check this email
and any attachments for the presence of viruses before downloading any files.

[Griffiths, Ian]

One ASCII digit to two hex digits - difficult to say without doing more
maths on that or having more examples. What happens to
non-alphahnumeric?

Ian

[Marcus Williams]

On 09/11/2005 Jason binger wrote:
> I am reviewing a web app and I would like to know what
> encoding scheme they are using to encode their
> parameters.
>
> 123456 encodes to B8DCCEA11586
> ABCDEF encodes to C8ACBED165F6

At a guess its a simple XOR scheme as most people think this is secure
if you dont know the "secret" key that its been XOR'd with. The problem
with this is, if you know plaintext + cyphertext then if you XOR these
together, you know the "secret" password (almost, because they may
repeat it or it may be longer than the text etc but you're halfway there
- all you need is some longer examples to find this out)

So my guess is that UVWXYZ encodes to DCB8AACD79EA

Am I right or am I right?

Marcus


--
Marcus Williams -- http://www.cad-schroer.co.uk
CAD Schroer UK, 39 Newnham Road, Cambridge, UK

[ilaiy]

Could you tell which webapp and give more examples ..

ABCDEF
BCDEFG
CDEFGH
EFGHIJK
123456
A23456
B23456

./thanks
ilaiy

[Peter Conrad]

Hi,

Am Mittwoch, 9. November 2005 05:41 schrieb Jason binger:
>
> I am reviewing a web app and I would like to know what
> encoding scheme they are using to encode their
> parameters.
>
> 123456 encodes to B8DCCEA11586
> ABCDEF encodes to C8ACBED165F6

looks like an XOR with 89EEFD9520B0.

Bye,
Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
63263 Neu-Isenburg

Germany

[Vasiliy]

Jason binger wrote:

> Hi,
>
> I am reviewing a web app and I would like to know what
> encoding scheme they are using to encode their
> parameters.
>
> 123456 encodes to B8DCCEA11586
> ABCDEF encodes to C8ACBED165F6
>
> Any help would be appreciated.
>
> Cheers.

Seems to be quite simple. ASCII hex number of every symbol xored over
following values according to symbol position:

position: | 1 | 2 | 3 | 4 | 5 | 6|
xor value: |89 |EE |FD |95 |20 |B0|

So, the first string:
1 (31 in hex) xor 89 = B8
2 (32 in hex) xor EE = DC
... etc ...

And the second:
A (41 in hex) xor 89 = C8
B (42 in hex) xor EE = AC
... etc ...


--
wbr,
Vasiliy

[cissp...@yahoo.com]

I have some more results for the people on the list:

CLEARTEXT=ENCODED_TEXT

ABCDEF=C8ACBED165F6
BCDEFG=CBADB9D066F7
CDEFGH=CAAAB8D367F8
EFGHIJK=CCA8BADD69FA18
123456=B8DCCEA11586
A23456=C8DCCEA11586
B23456=CBDCCEA11586
AAAAAA=C8AFBCD461F1
AAAAA=C8AFBCD461
AAAA=C8AFBCD4
AAAAAB=C8AFBCD461F2
AAAABB=C8AFBCD462F2

I guess it is a XOR. How do I figure out the key? What is the key?

Cheers

[Lyal Collins]

Well, you have some nice bit patterns in these samples, if you think about
the input characters as hex bytes or binary, rather than ascii
E.g.
AAAAAA=C8AFBCD461F1
AAAAAB=C8AFBCD461F2
AAAABB=C8AFBCD462F2

The last character changes by 1 bit for the first 2 samples above, and so
does the output hex
The second last character changed by 1 bitfor the second 2 samples above, so
does the output hex

This leads to the 'key' at position 6 being the common bits of
0x41 xor 0xF1 ('A')
0x42 xor 0xF2 ('B')
So the key byte for pos 6 is something like 'B0'
Rinse and repeat for different byte positions - there are real good bit
changes in most input bytes for the samples shown below

This is assuming nothing like a password length parameter exists in the Xor
for each byte, but that becomes obvious as you look at the results. It
doesn't appear obviously so to me, however.

Lyal

[Haroon Meer]

Hi..

cissp...@yahoo.com wrote:
> CLEARTEXT=ENCODED_TEXT
> AAAAAA=C8AFBC

> I guess it is a XOR. How do I figure out the key? What is the key?

cleartext XOR key = encodedtext
then
encodedtext XOR cleartext = key

perl -e 'print string1 ^ string2;' should give you what you need

/mh
--
======================================================================
Haroon Meer MH
SensePost Information Security +27 83786 6637
PGP : http://www.sensepost.com/pgp/haroon.txt har...@sensepost.com
======================================================================

[Byron L. Sonne]

This is a common kind of puzzle that I've seen numerous times, but never
gave a go at. I believe you could search on packetstormsecurity.org for
stuff; I'm sure there will be some algorithms or outright utilities there.