Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 978
  • Last Modified:

Which encryption is this?

Well, I'd like to encrypt strings in this encryption but I have no idea which encryption it is.

This encryption is on a lot of proxy sites. (Example: Vtunnel.com).
The encrypted key is: '9ca7acb36f5f9fc50b4d23a859c119420e5e81f720185' and the decrypted one is "http://www.google.com/

Someone knows which encryption this is?
I first thought it was base64, but ... With no luck.
0
SaTaX
Asked:
SaTaX
2 Solutions
 
SaTaXAuthor Commented:
Increased to points to 400! Please answer!
0
 
SaTaXAuthor Commented:
I found this in source:

var myArray=new Array();
                        myArray[0] = '%0n%0n%0n</pragre>%0n<c nyvta=%22whfgvsl%22><vzt fep=%22vzntr1.wct%22 nyg=%22%22 anzr=%22vzntre%22 nyvta=%22evtug%22 obeqre=%220%22>%0nIghaary vf urer gb uryc lbh trg gb gur jrofvgrf lbh jnag gb tb gb bayvar. Znal betnavmngvbaf gurfr qnlf oybpx npprff gb fvgrf yvxr zlfcnpr, tznvy, rira tbbtyr frnepu! V svaq gung pynvzvat gung svygref ner gurer gb xrrc fpubbyxvqf yrneavat engure guna tbbsvat bss, naq gura tbvat nurnq naq oybpxvat n cevznel zrnaf bs erfrnepu fhpu nf tbbtyr frnepu, vf ulcbpevgvpny naq rira qnatrebhf. Gunaxf gb fvgrf yvxr guvf bar ubjrire, lbh pna svtug onpx naq npprff gur jro gur jnl vg jnf zrnag gb or npprffrq.<oe><Oe> Ol oebjfvat gur jro guebhtu bhe freivpr, gur znwbevgl bs gur oybpxrq jrofvgrf lbh jnag gb tb gb pna or npprffrq ntnva. Jr ng Ighaary ner pbafgnagyl jbexvat gb vzcebir gur raq hfre rkcrevrapr, naq gur qrqvpngrq sbyybjvat bs hfref jr unir cebirf gung bhe jbex vf vzcbegnag naq nccerpvngrq.<Oe><Oe>Orfg bs nyy, qhr gb pbagvahvat nqiregvfre fhccbeg, Ighaary pna ';
                        myArray[1] = 'cebivqr guvf inyhnoyr freivpr pbzcyrgryl serr bs punetr. Nf V fnvq, jr ner pbagvahnyyl jbexvat gb znxr fher gung gur Ighaary.pbz hfre rkcrevrapr vf nf tbbq nf vg pna or, fb jr jbhyq inyhr nal srrqonpx lbh unir ba bhe freivpr. Srry serr gb rznvy hf ng %28 Ighaary [ng] bireavtugcp.arg %29 sbe nal trareny dhrfgvbaf be pbzzragf ertneqvat Ighaary.pbz%0n%0n</c>%0n%0n%0n<vzt fep=%22oynax.wct%22>%0n%0n</gq>%0n              </ge>%0n            </gobql></gnoyr></gq>%0n        </ge>%0n        <ge>%0n          <gq urvtug=%224%22 jvqgu=%22804%22><gnoyr nyvta=%22pragre%22 obeqre=%220%22 pryycnqqvat=%220%22 pryyfcnpvat=%220%22 urvtug=%224%22 jvqgu=%22100%25%22>%0n     </gnoyr></gq>%0n        </ge>%0n        <ge>%0n          <gq pynff=%22pbclevtug%22 nyvta=%22pragre%22 otpbybe=%22#000000%22 urvtug=%2235%22>%0n            Pbclevtug 2008 Ighaary.pbz<oe><sbag pbybe=juvgr>Ol hfvat guvf jrofvgr, lbh zhfg nterr gb novqr bhe <n uers=%22./grezf/vaqrk.ugz%22>grezf bs freivpr</n><ue>Vs guvf freivpr unf orra hfr';
                        myArray[2] = 'q gb pbaqhpg vyyrtny npgf, cyrnfr rznvy <O>%28 nohfr[ng]bireavtugcp.arg %29</o><Oe><Oe></sbag></gq>%0n        </ge>%0n      </gobql></gnoyr></gq>%0n  </ge>%0n</gobql></gnoyr>%0n%0n</obql></ugzy>%0n%0n';
var dst2 = new String('');

function base64(src)
{
      var dst=new String('') ; var len=src.length ; var b ; var t=new String('') ; if(len > 0) { for(var ctr=0; ctr<len ; ctr++) { b=src.charCodeAt(ctr); if( ( (b>64) && (b<78) ) || ( (b>96) && (b<110) ) ) { b=b+13; } else { if( ( (b>77) && (b<91) ) || ( (b>109) && (b<123) ) ) { b=b-13; } } t=String.fromCharCode(b) ; dst=dst.concat(t) ;} }
      return dst;
}

for (var x = 0; x < 3; x++)
{
      dst = base64(myArray[x]);
      dst2 = dst2.concat(dst);
}
document.write(unescape(dst2));
0
 
rpkhareCommented:
It doesn't seems to be a Base 64 string to me. I am not sure. Seems to be a hexadecimal string.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Xyptilon2Commented:
Base64 is not an encryption, it is encoding and can be decoded just as easily. It is indeed a hexadecimal representation of a string.

What the javascript code does:

Perform a base64 decode on each item in the array myArray and concatenate them, after that unescape the result. Judging from the source, i'd say its the ROT13 algorotihm.


0
 
SaTaXAuthor Commented:
It's not ROT13, I tried it but no success :[.

Any other ideas?
0
 
Roger BaklundCommented:
The code in post ID:22861084 IS rot13. It is a message from vtunnel.com.

Some notes about the code in the original question:

1) The number of characters is odd (45 bytes). It should be even if it represents hex encoded bytes.
2) The code is split in three groups with an invisible <wbr>: 25+10+10 characters. (doubleclick the code to see this) This indicates that this could be three different hashes.
0
 
SaTaXAuthor Commented:
Is it possible to find the 3 sort of decryptions.
I hope it's not MD5, I hope you can decrypt & encrypt it , because I want to make the encryption in a program, in Delphi (Turbo Pascal).

Guys, any ideas?
0
 
Roger BaklundCommented:
My guess is that this is NOT an encryption that can be decoded, but a one-way hash. Why do you need exactly this encryption (if it is an encryption), can't you use something else?

http://www.scramdisk.clara.net/d_crypto.html
http://www.efg2.com/Lab/Library/Delphi/MathFunctions/Cryptography.htm
http://paparadit.blogspot.com/2006/10/des-cryptography-block-cipher-from.html
0
 
SaTaXAuthor Commented:
Nope, I need to navigate with these proxies to a website, from a program...
0
 
Roger BaklundCommented:
Okey...? I don't think you can do this by decoding these encryptions.

When I enter http://www.google.com on vtunnel.com, I get a different code from what you have above. I tried with different browsers, and got the same code, so it could be they are using my IP in combination with the URL to generate a ONE WAY hash.

They also use javascript to output the form, and have codes in the action attribute of the form. This means you can not easily read the page programatically and do a http POST from your program. I guess they have done this to prevent exactly what you are trying to do... your program would have to simulate a real browser, i.e. it would have to fetch the page and execute the javascript to get the code, and then do a http POST to the URL provided in the action attribute. They might have more tricks up their sleeves to detect that your program is not a real person using a real browser.
0
 
SaTaXAuthor Commented:
Ok, I got no answer , but at least, cxr, you helped me.
I give you the 400 points -.-
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now