What is Base64 Look-alike?

Question

What is Base64 Look-alike?

I am new to decoding techniques and just learned about base64, sha-1, md5 and some others.

I was trying to figure out what the orkut worms actually contain.

I have been attacked by many orkut spammers and hackers in the past few days and there are similarities in the URLs they send to us.

I don't know what information it contains, but I need to figure it out.

The problem lies in the following texts:

Foo+bZGMiDsstRKVgpjhlfxMVpM=
lmKpr4+L6caaXii9iokloJ1A4xQ=

The encoding above looks like base64, but it is not, because whenever I try to decode it with the online base64 decoders, I get the original output and does not decode exactly.

Maybe some other code was mixed with base64.

Can anyone help me decode it?

-2

base64 hash exploit

Nj 14 nov. '08 at 8:51

source to share

5 answers

geocar · Answer 1 · 2008-11-16T17:06:33+0000

This is part of the orkut worm. This page contains some details. Note that it mentions the variable JSHDF["Page.signature.raw"]

where you find these lines.

This is the SHA1 hash of the page it was found on. This page shows the decoded form.

user38051 · Answer 2 · 2008-11-16T16:55:33+0000

The encoding above looks like base64 but it is not because ever I try to decode it uses online base64 decoders. I am getting original output and does not decode exactly.

What makes you think the decoding is wrong? Generally, you should use base64 or hex to encode binary content so that it can be wrapped as text. You will not be base64 encode the text, so it should come as no surprise that decoding the strings you provided above results in an ASCII gobbledygook.

leppie · Answer 3 · 2008-11-14T08:57:32+0000

Haha, if it were that simple, it wouldn't be worth the hack! You have to try a lot harder than just decode it once.

+1

leppie 14 nov. At 8:57 am

source to share

Kent fredric · Answer 4 · 2008-11-14T09:15:36+0000

They can just be hashes.

If they are hashes, it is algorithmically impossible to "reverse" them if the original content exceeds the certian size, because after a certain size of the source data, hashing becomes a lossy compression function.

maxwellb · Answer 5 · 2009-06-23T21:44:53+0000

Often Foo + is whatever is the result of a salt hash. It is common to store the hash results with a salt, and the salt can be stored in a clear state. To separate the salt from the actual hash value, the + sign is usually used.

Base64 is used, so the binary hash result can be stored in text. You can tell that the last part of these strings could be valid Base64, since Base64 content will always be a multiple of 4. It outputs 4 valid ASCII characters for every 3 bytes of input. It ends with "=" signs.

So for Foo+bZGMiDsstRKVgpjhlfxMVpM=

this it could be the result of some input, be it a message of some sort or something, and applying the salt "Foo" and then hashing the result. The string value bZGMiDsstRKVgpjhlfxMVpM=

is probably the binary result of some hash function. Online Base64 decoder shows that the value in Hex instead of Base64 is { 6D 91 8C 88 3B 2C B5 12 95 82 98 E1 95 FC 4C 56 93 }

. Yes, this is not ASCII text.

Base64, binary, hexadecimal, decimal, all ways to represent values. Think of the part after +

as a prime number. The above 136-bit number can be the result of a 128-bit hash and an 8-bit

What is Base64 Look-alike?

More articles: