0

Trying to decode what appears to be base encoded. (24 characters total, ends with padding '=='. I would post it but I am not sure what it contains...) I expect a human readable value and I've tried guessing at the encoding type/base.

One solution could be to iterate over possible base encoding values and then eyeball them. But that would also require dynamically determining the corresponding alphabet library for each base encoding... How to convert an integer in any base to a string?

How can the base encoding be determined for an arbitrary base encoded value?

sadtank
  • 320
  • 1
  • 12
  • Can we assume you've tried to decide it as Base64? How about the closely-related ancient uuencode? How many different letters are in the data? – PM 2Ring Jan 16 '18 at 03:52
  • Yes, tried base64. Contains upper and lower case alpha numeric. Only symbol is a forward slash at pos 18. This seems to indicate a base64 encoding, but the decoded value makes no sense given the context where the value was found. Format: (4aaAaaaaAaAA2AAAA/AaaA==) – sadtank Jan 16 '18 at 03:56
  • This value was recovered from an LDAP database. – sadtank Jan 16 '18 at 03:57
  • If the value was human-readable it wouldn't need to be encoded. – Mark Ransom Jan 16 '18 at 04:03
  • I'm not aware of any encoding scheme other than Base64 that's likely to end in `==`. You said you tried Base64, what were the results? If the original data was truly human-readable, there wouldn't have been much need in encoding it. – jasonharper Jan 16 '18 at 04:03
  • Based on the other attributes surrounding the LDAP field where this was found, I'm expecting human readable. Sorry, I would post the base64 decoding, but I am still working out if that could possibly be a hash of some kind. The result of the base64 decode is a 32 digit upper/lower alpha numberic with no special chars. – sadtank Jan 16 '18 at 04:09
  • What's the smallest/largest byte in the base64-decoded value? And does the LDAP field have a name? – Stefan Pochmann Jan 16 '18 at 04:16
  • Sorry @StefanPochmann, how would I determine that? – sadtank Jan 16 '18 at 04:20
  • This seems more like a puzzle (you guess at what to do) than a programming problem. Not sure if SO is the correct site for this. Anyway... just post the content and people will take a look. – user202729 Jan 16 '18 at 04:23
  • @primohacker Like `max(b64decode('4aaAaaaaAaAA2AAAA/AaaA=='))`. – Stefan Pochmann Jan 16 '18 at 04:24
  • min/max of base64 decoded value: Min = 0 (zero) and max = x (lowercase) – sadtank Jan 16 '18 at 04:28
  • 1
    That doesn't look like the actual bytes but like of a hex representation. Anyway... base64-encoded md5 sums of passwords seems to be a thing in LDAP and it has the right length. Try https://security.stackexchange.com/q/12795 – Stefan Pochmann Jan 16 '18 at 04:37
  • @StefanPochmann, based on what I'm now seeing I think you are right. This does appear to be base64 encoded md5 hash. – sadtank Jan 16 '18 at 04:41

0 Answers0