-3

I have a base64 code which is used as part of a email verification system on a certain website. I am really curious to find the actual decrypted version.

I've given below two codes for the same account :

kwd/qdM23n4FWFfEO4F+ oo/ub4ktQnK42x4sRP/mpibsL/E13A/Nh6nuHTiM6Skebs3Do8Tcl5TdxY24k6JMAgdPfmmkhaEiYrx3Q5auXsIZDNyUCVDiW6SDp8nJoxeZeq3y2R8C4+ONdSbtsU/eg==

kwd/qdM23n4FWFfEO4F r+swOnjKAWbgTLNzYj+hklIk11XTBEE8yc9Fr8RxAcA2+uIj+qo5+1qDHBf+aFGe5hZUsM3zIb8sPWW/4xClsQ2Ep69VINKzkfSHtdHctHe4Y4ph50gvYWQXl7MlaDgjSvQ==

Martin Thorsen Ranang
  • 2,394
  • 1
  • 28
  • 43
Dark
  • 1

1 Answers1

5

Base64 is not encrypted at all. It is simply an ASCII representation of (potentially) non-ASCII data. It is primarily used when non-ASCII data needs to be transmitted by some means that only supports ASCII. Email, for instance. But it's also often used to encode hashes in a form that is more easily read by humans--such as MD5 sums, etc.

Decoding base64 into it's unencoded form is trivial. A simple google search will show you dozens or more base64 decoders for whatever OS you're using. But that probably isn't going to be very useful to you.

I think what you really want to ask is "How do I decode data in __ format?"

But since you haven't told us what format your base64 hashes are in, nobody can answer that.

Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
  • I actually don't know the 'format'. I'm sharing with you all i know. And all that i know is its part of a url used as a email verification service. The length of the code is always the same, the first part of the code is always the same , and its a base64 encoding. Using a normal base64 decoder doesn't really give you anything, so it could be a data file i.e. php file inside. – Dark Jun 19 '11 at 21:12
  • Where did you get these base64 hashes? – Jonathan Hall Jun 19 '11 at 21:15
  • its from a website called joymax.com – Dark Jun 19 '11 at 21:17
  • This web site just sends you base64 hashes? Please be as detailed as possible with where you got this data and its context, if you want us to be able to provide you with a useful answer. – Jonathan Hall Jun 19 '11 at 21:18
  • The site uses a email verification system to retrieve your password basically. You write your own id and your own email address and this website sends a link to your email. The link in the email has the base64 code in the url. – Dark Jun 19 '11 at 21:20
  • That changes things. Chances are, it's just random data base64 encoded. This is common practice for this sort of thing. The idea is to send you a bunch of random data, that is stored on their server. The only way to prove that you are the intended recipient of the information is to send them back the same random data with your password reset request. When they get that data from you, the compare it to the random data they stored on their server for your request and if it matches, then they allow the change password request to succeed. If it doesn't match, they know you're trying to fake it. – Jonathan Hall Jun 19 '11 at 21:22
  • No that's not how it works. Basically its not just a random bunch of file. It can be decoded and the reason the code changes each time is due to a time element in the code. – Dark Jun 19 '11 at 21:25
  • If you know so much about it, I wonder why you're asking here, then. Sorry, I can't help you any more. You obviously know way more about how it works than (you are willing to admit) I do. – Jonathan Hall Jun 19 '11 at 21:27
  • I suppose the best thing would be to just create an account, then go forgot your password. You will understand the structure of how it works better . – Dark Jun 19 '11 at 21:28
  • I don't know why you think I would go to that effort to help answer YOUR question. I know how most forgotton-password functions and web tokens work--I've written enough of them to know. And I would be _incredibly_ surprised if the B64 data in your URL contains any _actual_ information. It's effectively just a session ID. But you obviously don't like my answer, so I'm not going to waste my time on this question any more. – Jonathan Hall Jun 19 '11 at 21:31
  • Its not that i don't like your answer. What i'm saying is its not just a session id. I am 100% sure about that. Its your time you can spend it how you like, i just said that if you wanted to help. Thanks for sharing your knowledge anyway – Dark Jun 19 '11 at 21:37
  • How do you know it's more than a session ID? Earlier you told me that you had already shared "all you know." – Jonathan Hall Jun 19 '11 at 21:41
  • Basically the system got upgraded. The code used to be composed of a normal base64 i.e. |id|email|url.jmx which would be encoded in base64 and added to the end of the site. However the system has changed and now it uses something like |id|email|current time|url.jmx which is encoded in an new base64 method which uses / and + characters. I know someone who has managed to decode it but he wouldn't tell me how, cause he wants me to find out myself. What he said is, the code is actually composed of two parts, and it gives and ioncube file once the base64 code is decoded. – Dark Jun 19 '11 at 21:46
  • I'm shaking my head with disbelief. First you said you had no idea about the format of the encoded data, now you say it contains an "ioncube" file? (Not that I know what ioncube is.) Not only that, but you actually told me the order of fields within the encoded data? Good luck to you figuring it out. – Jonathan Hall Jun 19 '11 at 21:49