On 12/22/05, S.A.B.R.O. Net Security <sabronet@indy.rr.com> wrote:
It almost appears to be or very close to a simple Base64 scheme with
maybe a shift or substitution somewhere.
For example, your patterns :
a aQ==
b cg==
c ew==
Now heres the results of a true Base64 encrypt :
a YQ==
b Yg==
c Yw==
As you see the results are very close. Hope this helps some.
Yes it does look like it is base64 now. I have a few more passwords
that I put into html at http://vorpal.cc/~david/samples.html. Also on
that page is the base64 decoded values and hex values of the
passwords.
I feel like I am very close to getting this. It looks like each
character is 3bits left and XORed with itself. Characters after the
first are XORed with the previous shifted right 5 bits. However every
fourth character is treated differently if the password is longer than
3 characters. I haven't figured that part out yet.
Here is some C# code that correctly encodes up to 3 characters:
private static byte[] Encode(byte[] a)
{
byte[] c = new byte[a.Length];
for (int i = 0; i < a.Length; i++)
{
c[i] = (byte)(a[i] ^ (a[i] << 3));
if (i > 0)
c[i] = (byte)(c[i] ^ (a[i - 1] >> 5));
}
return c;
}
Since we found a utility that will reverse the encoding, this I don't
really need to get this anymore. At this point it is purely for
entertainment :)
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
