I want to ask about cryptography

I want to ask 2 question that my friend ask me.

Question 1: About javascript :

There is a website that use javascript .
You can look at the HTML and Javascript code of the website in js.txt attached.
When I get content from the website anyproxy.net , the content display correct. BUT when I save HTML code to local, and run it. The content display WRONG.
The problem is : there are undefied parameter in the javascript source code.  ( ex:  XnZ  in source code)
What is that technique ? How to do this ?



Question 2: about cryptography

What kind of this cryptography technique if the result is : KlD/EuUKc9IlHg2YNNuEPZn4HoAsVmzVrz2XFO+tAM0YOpvAQhNSLtWYb4VJamzxcGsHTGTUN6lngo/xFRbcnNGcsE+xtqmP2a+SjNJT3j7HK8KbMOIvgJADzNSiet+8BfQJkmWco4yCS2M6OWez4cjNvcQtV76A7YpXZtoTCghLzvam7YraCC35I6NatQ==

Thank you very much.
js.txt
markdixonsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aboo_sCommented:
It seems your two questions are related.
as for question number 2 it could be rotation or shift encryption, which is one of the simplest used
in computer world! There are ofcourse ways to try and decipher this.

As for your first question you should first check for charchter coding see if you are not missing anything.
You know such as the content is displayed in "unicode" or "western" or whatever.
Anyhow since I think the 2 questions are related, it's probably ciphered with a php or a javascript file.
If it is php then you have no way of knowing how it is ciphered but if java you can follow the links in html source and download all java source and study it!

0
Asim NazirCommented:
On your first point, we can include JS files in our pages/other JS files. So try downloading full site using some WebSite downloader tool and this way you can also get the java script files alongwith full site content. So there is a possiblity that these special characters are referred from JS file.
0
TomasPCommented:
Question 2. It looks like base-64 encoding. The giveaway is the = character at the end which is used for padding
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

markdixonsAuthor Commented:
Dear experts,
2 questions are not related .

About question number 1: I use firefox view page source to view page source of what I see in the page. And I get the content.  I will try to use website downloader to get JS. And reply later.
@aboo: cant you watch the files , do you ?


About question #2:  the cipher text is intercept using wireshark.  
I know the cipertext and plaintext.  The algorithm is unknowed. I want to ask you  what kind of algorithm.  Could you find the algorithm if I send you plaintext also ?
Thank you very much

0
markdixonsAuthor Commented:
@Tomas: I know the plaintext. and I try to decode using base 64. It does not work. Thank you
0
TomasPCommented:
It is likely two phases of transform to get this ciphertext. 1st there is the encryption of the plain text which will result in binary output. The second phase would be the transform to text using base-64.
The odds are high that the sender is using AES but it the key size applied would depend on the level of security required for the conversation.
This may not even be cipher text but binary data in base-64 format. Get a base-64 to text converter tool and see what the binary data looks like if if it makes any sense
0
TomasPCommented:
If you have tried decoding it from base-64 then it could be encrypted. When you applied base-64 to it how long was the output? Was there a relationship to the length of the plain text and was there more base-64 data following or was this it?
0
TomasPCommented:
Where to look and what to look for depends for cryptoanalysis depends on your goal.
Since you have the plain text then is your goal to determine the plaintext of all future messages? If so, knowing the algorithm won't help as you will need the key. If the goal is to just learn the crypto algorithm, then knowing what app and what parties are communicating.  If the apps are commercial and recent then the algorithm is most likely AES.  It is also possible that this could be a public key being sent to start a communication session.
0
aboo_sCommented:
Ok listen up, if you want to see what coded this exactly then you have to use all known ciphers on your code and compare with the result text and see which one matches!

Ofcourse to do this you have do design a small application that will cipher using an array of algorythmes
and each time compare with the result text, the problem is of the text was ciphered with more than one
algorythm then it would very much hard to get the right combination(but it could be done, only not fast!)

If you are going to go through with this you won't be pass it in a short time unless you are really luck!
0
TomasPCommented:
Doing a brute-force attack by applying every cipher won't work. It is the KEY that matters not the algorithm. I could send a message, the plain text and tell you the algorithm and you still couldn't decode the message without the key. If MarkDixons has both the plain text AND the key and some key characteristics (size, salt) then a brute-force attack would be possible.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TolomirAdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JavaScript

From novice to tech pro — start learning today.