• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Unencrypting encrypted text"

Collapse

  • Contreras
    replied
    Originally posted by WTFH View Post
    ...this might help (haven't read it, but it was one of the first hits when I googled "auto trader source code":
    AutoTrader source code - MPGH - MultiPlayer Game Hacking & Cheats
    Code:
    print '$numberOfPotionsIAmOffering:' . $numberOfPotionsIAmOffering . ' $numberOfPotionsBuyerIsOffering:' . $numberOfPotionsBuyerIsOffering . "\n";
       	 if($numberOfPotionsIAmOffering==0 && $numberOfPotionsBuyerIsOffering>=1){
       	  print "\t" . 'I GIVE NO POTION ... YOU GIVE 1+ POTION ... WE GOT A DEAL ... ;-))' . "\n";
       	  $bool_acceptTrade=1;
    Nice try, but...

    I think it's clear that the field is base64 encoded representation of the encrypted car reg:

    Code:
    "DL13 UHU" -->  33 0f b0 da 3e 42 2c 17 --> Mw+w2j5CLBc=
    "AE07 GVD" -->  e1 94 71 7f 3e 88 7e c6 --> 4ZRxfz6IfsY=
    "PJ56 EDU" -->  21 81 37 d4 cf ac c7 91 --> IYE31M+sx5E=
    "YT51 YZM" -->  ab c1 17 76 04 17 a0 e8 --> q8EXdgQXoOg=
    The term 'encrypted' could be use loosely, but I would say it is not a simple obfuscation. So you need to guess the algorithm (e.g. rc2/des/aes/?) and the key and you still don't know if obfuscation was on top. Without any source code for hints it's a pretty tall order.

    Leave a comment:


  • WTFH
    replied
    Originally posted by NotAllThere View Post
    Google search produces Used Mitsubishi Lancer Saloon 2.0 Evo Ix Mr Fq-360 4dr in Birmingham, West Midlands | Wynford Specialist Motors Limited

    This is part of the source.
    <ul class="vehicle-data">
    <li class="advert-id">201507175279784</li>
    <li class="year">2007</li>
    <li class="reg">07</li>
    <li class="price">&pound;17,495</li>
    <li class="depositAmount">3499</li>
    <li class="vehicleMileage">58,000</li>
    <li class="vehicleType">Cars</li>
    <li class="make">MITSUBISHI</li>
    <li class="registration">4ZRxfz6IfsY=</li>
    </ul>


    This indicates to me that the decryption algorithm is widely available. Or that they're all using the same bit of software.

    The bottom of each page says "Powered by Auto Trader", so it's all the same software.


    Does the OP work for Auto Trader, or are they trying to reverse engineer the AT code?


    ...this might help (haven't read it, but it was one of the first hits when I googled "auto trader source code":
    http://www.mpgh.net/forum/showthread.php?t=605049
    Last edited by WTFH; 18 August 2015, 08:13.

    Leave a comment:


  • NotAllThere
    replied
    Originally posted by minestrone View Post
    4ZRxfz6IfsY=
    Google search produces Used Mitsubishi Lancer Saloon 2.0 Evo Ix Mr Fq-360 4dr in Birmingham, West Midlands | Wynford Specialist Motors Limited

    This is part of the source.
    <ul class="vehicle-data">
    <li class="advert-id">201507175279784</li>
    <li class="year">2007</li>
    <li class="reg">07</li>
    <li class="price">&pound;17,495</li>
    <li class="depositAmount">3499</li>
    <li class="vehicleMileage">58,000</li>
    <li class="vehicleType">Cars</li>
    <li class="make">MITSUBISHI</li>
    <li class="registration">4ZRxfz6IfsY=</li>
    </ul>


    This indicates to me that the decryption algorithm is widely available. Or that they're all using the same bit of software.

    Leave a comment:


  • DaveB
    replied
    Originally posted by Dark Black View Post
    In fact, Googling each of those encrypted values comes up with (different) dealer websites referencing the correct type of car for matching reg.

    Assumption then is that you're working on car dealer database software or similar?
    Looks like it.

    The assumption then being that there has to be a way to get from the encrypted string used to identify the cars without using the Reg Number, back to the Reg Number.

    At this point Minnie tells us that the bit thats fecked and needs fixing.

    Leave a comment:


  • WTFH
    replied
    Are you certain it's the car reg and not something else?

    Leave a comment:


  • Dark Black
    replied
    Originally posted by minestrone View Post
    Here are a few more...

    ( again not sure if space has been removed )

    AE07 GVD -> 4ZRxfz6IfsY=
    PJ56 EDU -> IYE31M+sx5E=
    YT51 YZM -> q8EXdgQXoOg=

    The system creators are the types to find the first thing on google that they could copy and paste.
    In fact, Googling each of those encrypted values comes up with (different) dealer websites referencing the correct type of car for matching reg.

    Assumption then is that you're working on car dealer database software or similar?

    Leave a comment:


  • darrylmg
    replied
    Originally posted by minestrone View Post
    I'm sure there was bobage involved in this work, anyways the text is car registrations.

    DL13 UHU

    ->

    Mw+w2j5CLBc=

    All the encrypted text ends in a '=' which makes me think that 11 chars + '=' is the work of someone who is not exactly rigorous. The space might be removed before encryption but not sure really.
    Weirdly, if I search google for this encoded string, it takes me to the Paragon Motors website.

    Leave a comment:


  • NickFitz
    replied
    Originally posted by darrylmg View Post
    But what about DL13 UHU ? Not HTU.
    REwxM1VIVQo=

    Not sure why I was trying HTU…

    Leave a comment:


  • minestrone
    replied
    Originally posted by darrylmg View Post
    Someone elwe with a similar sort of story here : Help me decode what looks like base64 - encode encryption | Ask MetaFilter

    What database system is this?

    Edit: it looks like standard DES encoded in base64.
    See the tool here: Online encrypt tool - Online tools
    You'll need to find the routine that was used to encrypt it to find the key.
    Cheers, going to give this some time over the weekend hopefully.

    Leave a comment:


  • Contreras
    replied
    Originally posted by darrylmg View Post
    But what about DL13 UHU ? Not HTU.

    Leave a comment:


  • darrylmg
    replied
    Originally posted by NickFitz View Post
    Without the space:

    Code:
    echo DL13HTU | base64
    REwxM0hUVQo=
    But what about DL13 UHU ? Not HTU.

    Leave a comment:


  • NickFitz
    replied
    Originally posted by xoggoth View Post
    It does look like base64 encoding that has been hacked a bit. I did that in Excel VBA to protect my passwords list, took a standard online GNU script and fiddled about with a few lines.

    DL13 UHU comes out as QT/xMBEVRUX< in my script unfortunately so not the same hack.
    Without the space:

    Code:
    echo DL13HTU | base64
    REwxM0hUVQo=

    Leave a comment:


  • darrylmg
    replied
    Someone elwe with a similar sort of story here : http://ask.metafilter.com/218270/Hel...ks-like-base64

    What database system is this?

    Edit: it looks like standard DES encoded in base64.
    See the tool here: http://www.tools4noobs.com/online_tools/encrypt/
    You'll need to find the routine that was used to encrypt it to find the key.
    Last edited by darrylmg; 22 July 2015, 22:37.

    Leave a comment:


  • minestrone
    replied
    Cheers for having a look.

    Leave a comment:


  • Contreras
    replied
    Originally posted by minestrone View Post
    Here are a few more...

    ( again not sure if space has been removed )

    AE07 GVD -> 4ZRxfz6IfsY=
    PJ56 EDU -> IYE31M+sx5E=
    YT51 YZM -> q8EXdgQXoOg=

    The system creators are the types to find the first thing on google that they could copy and paste.
    haha well that bolluxed my theory

    What is clear though is that the encrypted strings are all 8-chars, and so far the plaintext strings are also all 8-chars.

    Code:
    $~ base64 -d <<< Mw+w2j5CLBc= | od -An -t x1
     33 0f b0 da 3e 42 2c 17
    $~ base64 -d <<<  q8EXdgQXoOg= | od -An -t x1
     ab c1 17 76 04 17 a0 e8
    $~ base64 -d <<<  IYE31M+sx5E= | od -An -t x1
     21 81 37 d4 cf ac c7 91
    $~ base64 -d <<<  4ZRxfz6IfsY= | od -An -t x1
     e1 94 71 7f 3e 88 7e c6
    The next thing would be to inspect other reg's starting with D, A, P or Y, and reg's not 8-chars in length.

    Or get hold of the source code!

    Leave a comment:

Working...
X