SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)

    Turning today's date into this...

    I am looking at an application and have found that the date is passed through the URL like so: EooG9Vgyu53Fja/uHsKOfg==

    That's today's date but I don't understand what method they are using to obfuscate it. Any ideas? And is the == part of it or just extra?

  2. #2
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Is the app deserializing the date, or are they just using it to look things up against known values?

    In any case it is either encoded, encrypted or hashed. Trick is to figure out which one.

  3. #3
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Is the app deserializing the date, or are they just using it to look things up against known values?

    In any case it is either encoded, encrypted or hashed. Trick is to figure out which one.
    I've checked CRC32, MD5, and SHA1 with no luck. From what I can tell the application uses the date in conjunction with other fields to look up a record in the database.

  4. #4
    SitePoint Guru puco's Avatar
    Join Date
    Feb 2005
    Location
    Slovakia
    Posts
    785
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's BASE64 and the trailing == are just padding. You can encode/decode using Convert.To/FromBase64*
    Martin Pernecky

  5. #5
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by puco View Post
    It's BASE64 and the trailing == are just padding. You can encode/decode using Convert.To/FromBase64*
    Thanks for the reply. It does appear that Base64 is being used, however there seems to be more to it than I thought.

    When I decode the string I get another weird result -

    This: WNuyhrd01CMN04wozuky2A==
    Becomes This: XÛ²†·tÔ# ÓŒ(Îé2Ø

    So I fiddled with it and converted from binary to hexadecimal and received a 32bit string which appears to be an MD5 of the date. Now I just have to figure out the date format. ugh...

  6. #6
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Is this being used as some sort of token? If so, there might well be more than just a date in there.

  7. #7
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Is this being used as some sort of token? If so, there might well be more than just a date in there.
    I don't think so. In other places where this particular parameter is used it's a date and only a date.

  8. #8
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Gotcha, good luck. Nothing like playing "figure out what this parameter does." Even more fun when you have to do it on a live site.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •