I want to ask about cryptography

I want to ask 2 question that my friend ask me.

Question 1: About javascript :

There is a website that use javascript .
You can look at the HTML and Javascript code of the website in js.txt attached.
When I get content from the website anyproxy.net , the content display correct. BUT when I save HTML code to local, and run it. The content display WRONG.
The problem is : there are undefied parameter in the javascript source code.  ( ex:  XnZ  in source code)
What is that technique ? How to do this ?



Question 2: about cryptography

What kind of this cryptography technique if the result is : KlD/EuUKc9IlHg2YNNuEPZn4HoAsVmzVrz2XFO+tAM0YOpvAQhNSLtWYb4VJamzxcGsHTGTUN6lngo/xFRbcnNGcsE+xtqmP2a+SjNJT3j7HK8KbMOIvgJADzNSiet+8BfQJkmWco4yCS2M6OWez4cjNvcQtV76A7YpXZtoTCghLzvam7YraCC35I6NatQ==

Thank you very much.
js.txt
markdixonsAsked:
Who is Participating?
 
TomasPConnect With a Mentor Commented:
Doing a brute-force attack by applying every cipher won't work. It is the KEY that matters not the algorithm. I could send a message, the plain text and tell you the algorithm and you still couldn't decode the message without the key. If MarkDixons has both the plain text AND the key and some key characteristics (size, salt) then a brute-force attack would be possible.
0
 
aboo_sCommented:
It seems your two questions are related.
as for question number 2 it could be rotation or shift encryption, which is one of the simplest used
in computer world! There are ofcourse ways to try and decipher this.

As for your first question you should first check for charchter coding see if you are not missing anything.
You know such as the content is displayed in "unicode" or "western" or whatever.
Anyhow since I think the 2 questions are related, it's probably ciphered with a php or a javascript file.
If it is php then you have no way of knowing how it is ciphered but if java you can follow the links in html source and download all java source and study it!

0
 
Asim NazirConnect With a Mentor Commented:
On your first point, we can include JS files in our pages/other JS files. So try downloading full site using some WebSite downloader tool and this way you can also get the java script files alongwith full site content. So there is a possiblity that these special characters are referred from JS file.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
TomasPCommented:
Question 2. It looks like base-64 encoding. The giveaway is the = character at the end which is used for padding
0
 
markdixonsAuthor Commented:
Dear experts,
2 questions are not related .

About question number 1: I use firefox view page source to view page source of what I see in the page. And I get the content.  I will try to use website downloader to get JS. And reply later.
@aboo: cant you watch the files , do you ?


About question #2:  the cipher text is intercept using wireshark.  
I know the cipertext and plaintext.  The algorithm is unknowed. I want to ask you  what kind of algorithm.  Could you find the algorithm if I send you plaintext also ?
Thank you very much

0
 
markdixonsAuthor Commented:
@Tomas: I know the plaintext. and I try to decode using base 64. It does not work. Thank you
0
 
TomasPCommented:
It is likely two phases of transform to get this ciphertext. 1st there is the encryption of the plain text which will result in binary output. The second phase would be the transform to text using base-64.
The odds are high that the sender is using AES but it the key size applied would depend on the level of security required for the conversation.
This may not even be cipher text but binary data in base-64 format. Get a base-64 to text converter tool and see what the binary data looks like if if it makes any sense
0
 
TomasPCommented:
If you have tried decoding it from base-64 then it could be encrypted. When you applied base-64 to it how long was the output? Was there a relationship to the length of the plain text and was there more base-64 data following or was this it?
0
 
TomasPCommented:
Where to look and what to look for depends for cryptoanalysis depends on your goal.
Since you have the plain text then is your goal to determine the plaintext of all future messages? If so, knowing the algorithm won't help as you will need the key. If the goal is to just learn the crypto algorithm, then knowing what app and what parties are communicating.  If the apps are commercial and recent then the algorithm is most likely AES.  It is also possible that this could be a public key being sent to start a communication session.
0
 
aboo_sConnect With a Mentor Commented:
Ok listen up, if you want to see what coded this exactly then you have to use all known ciphers on your code and compare with the result text and see which one matches!

Ofcourse to do this you have do design a small application that will cipher using an array of algorythmes
and each time compare with the result text, the problem is of the text was ciphered with more than one
algorythm then it would very much hard to get the right combination(but it could be done, only not fast!)

If you are going to go through with this you won't be pass it in a short time unless you are really luck!
0
 
TolomirAdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.