Sign in to follow this  
Followers 0
i3illig

Need help to uncrypt this!

7 posts in this topic

Hi,

I need help to uncrypt this Code:

0x6463330D0A1F8B08000000000000FFBD5AE976DB3616FE6D9D33EF80B0A7B1DD4AA424AFB1961C6F493CB553D74BDD9E4C

8E0F4882226C926041D0B2DDC9DBCC63CCBFBED85C005CB53856928EDA5814967B3F5CDCE503C9FEEBFB3040778427944503

A363B60D442287B9341A0D8CCB8B37AD6DE3F5B0D17F71F0F3FEC5EFA787C81730FEF472EFF8681F192DCBBA5ADBB7AC838B

03F4DBBB8B9363D4313B9675F8DE40862F44BC6359E3F1D81CAF998C8FAC8B33EB5E4EEF74E484FCDA74856B80062518C044

C960C6DCCEAB57AFF40C03B9940F8C4070430EDF09B044EA1263D8F70976878DA5BEA02220C32B4205E101FC4DA3116AA1DD

54B02381F69840FB2C0CD3888A87BEA5C7C2A490088CA4E216F923A57703C361912091688987981828FB353004B9179604D2

438E8F7942C4409B0959B08AB9521287D378B6B01B7C8775F7E764888780CC14E124C967E64A33A578549D09362BE7443824

0303A7C267BC32666A449CDA014D7CF2E42087C50F9C8E7CF1D4204EEE6842450B7BA226AD835CFC904C0D071FA5DE43EBAE

53193A7A27B67EF14EDEDAFEE985DDDD6257FBEBEF6EDA7F1C33FA2AFCED30FE7DF797F43EB47EE487AFB60753025DA28D0E

8E5F11F98E061E69A20B1AC7094A23175D42074FC45FFF158FD28F1ED3109D7236E2380C29E12442772C924E95A0900AE412

5EED4E628E1D9F64BE67A2131892F9618093046627D4F11138A9E30B94109FA3512AB4B8B8A645427171826E7114A11B027A

5EA077D08546D4168824E802C4728A83A489D41AD04B1CC6BD09F8269A32C32D791833EE26151B80FA6606B3890ED8380A18

76416E45053A57B66B66DF902D9A681FE24F48F5D8B985AF840620AD09C8B100B92E71A75D80D9B0D28AE688511878DF8C98

C782808DF58C17AD161ADB3652FE9FA0560BDA021ADD224E8281A15B7D42C0DB646C544322242EC530C4E184C02EFB9C78D9

04CB4E7904B0F718E6AE99C70F7C9436F7010052E75B691C3B9EA5B5EA10DE2C152A7531A791F872656AFAB42E18C6B1A53A

2BFAB4D3574555F20F2442CBEABFF8B07FB07BB1FBA1B17487393A3F3AB8DE3D7B7BDD7D7FB03440CB2F93C12676BB6B5BEB

DE1A5E23ED8EB7E6D99DB50DC76EAFB7D7DA5BDDAD6D6F631B7760BF977B5AC2D9E1F1EEC5D1AF87D757FB6FAE0F8ECE1088

9130A7FBF7F6F27ED967591F3F822D2C0DAE02FE78F7FDDBCBDDB78703E39F80FD3CC7EEA59123C31989CC515756D19F0D8F

4409C400081D8373B1B1C96212AD18563EC8522E67AADAD234721F87CB3175853FD8DE6E377D2293D960ABDD6E86244A6DCC

07116B0AC682EC127081BFC28F44FD1258A4EA8A93843E623B20F247C01C2CE1C96B9F09083C39C6586D7CAAAD513A840F21

54F30768FC403D1408747488B63ECA82F54DFC51FB08259B2D0x8FDE175EB2D457BD93C2864B4B8D25F9F92E864A82FE44D6

0F286282ECC0DF08AA138E5C08268DBBE51227C05C2D18FD60A979D7CAA23B88DCC76018C9385656565CE6A4605461DACC7D

309D80C2F5951C6769CCA69AB4BA8AFAA86D6EA1D7C8806D88EF8D1D637BF37B03ADF6A4E84FF24F5FAF495AEB03E41BEA7D

94A62B6CF7F7186EAB66B809CD154D50568503A99D3AAC264DFEB63C7C57FDDE0B60FB4DB8CA51D110EC6DDDB7F464A9E7C9

28460977B4F49BC4728987D3409837B07FA59B2D20E094C5697C026E7F4C134824B26E7DB9B0DD1B7C7F06D484CC11358B88

81ADC05DFC4A99D8E85D9E1D0FB2C08DFDF8F5F37392369FA5A9625FFA1C7CB9F40E511712A92448D245B0FA29582CB161D9

920F4913C24F714480872AFCD596A18E8E7EAC46BA5890ACA94FC3516906B5D5B2F7DC8CA391817090D123D44F621C0D3BAF

CC4ED7ECB6DBDB4DD479B5D3D9469717FB3F76C048B2577B7A9C098E0B50EF99548764F33925507D8130448A5600F3232109

5C22CC626A6D3D727335D27E1A648B50D2033A045368672D8DED311E0E2E61DE311BD148D18C45EC2FB50672E65E2A04F8F3

708675540x7FDD3C13D38E4245660BA3ED466A89516625BD6BF2532E275B75B66D3E755D19D8522EF89973AB56B3C7EE8DC2

027DB9524804C089A573B0049C19AB0A33DF1C855B4867C53422BCD529252A04C30A26F5BB02B14FA318B284C0B652006CB8

9A990AE16AD4856AA9E3973824B732328615D41BEF709042EB1E6CB878CC1BD51168B2D17A1255374715031C491F6721AB20

382D8665080AAD3F9128821E31A1715AB752976F9A169D14E21689FE2796B55E4BB8F535650E57F7D324B581F5571D75D74E

24D78DEAEBE95BF57DEE07D826C1700AC05A0E000E0DCEAD0DCE9807E93E63B79424F9D2AB2D990D3A2A1A0E704AB80F67AA

4AD8232020D426D1EBBEA5F53666E3EA5BD297F39FB5BEBCED73EC517F6A1C527F24CF53AEF00654FC0A073FC00494CC83D3

04E9E5830A0207E5727C9C8F562C6E69520E442ACC2FD8C38888C380C8CBBD8723776522A4570B1565EC012558C9255535A8

8E1793586B2396F279BA86BD872D012C860D1E4E3278AA6A1ABDC939F5D50B9E92CA904FE52501B33C4363160F9F51533772

55CFA769B37022E0643431A718977FCFB3FB7225452FAF9A2C024207541630645B2B3713653A2676B9873EF51696EFDAC14C

1585809C759BB28CC951F41EC8C3CAF2DC7AB6C0F9E67990A7B3B342EEC1F86412B6F43DE1D3C454418D067012AAE6E5E555

54F60EE090F415FAED20E5CF505F538926F12CBA672A8B827A48A34F44EF9C192627315063B292F1837FC9BC6B35911EFEB3

BA9593A864BC5C06BC3E44EAEB926796F19271360BB84E76399BF5486E383823232A0F938B929E591C8767B2E6B040AD8AAB

BB3F1552A380D62356E3D7CC2D4FDAF9B7FE6FA9BADC82FA490EACEEBCE92AA7B39751638709C1DCF1336EF87C36745E4ED3

34B5C2BBB4C8FD9C1D15A4B95AE635D729CBE2865141732407CEE71B7F1405F13C757C9B8C38F53C820885726857EB724D63

56F04B959B5595E7AACC1BF525E846F475E4E0EF61374F48956DC9878F856CBD8F56D5A59E57E4A76BFCDC68AEEC9B0C6422

760538B69D0AB2B28C53C11C16C6011164194299795E19BCCF94F8FC5C3AD3259E48AACF06F0A5C97436A0E723D04EF86425

CCEE7AE575506A9D19AE0BDDD8ABA47DFD896B7709F2DCB6528BD9D5CF978ABA5D4BAEF323901DA43BB33C6FD40154D2FCAC

2C3F23052925E5D1777250F57C3877426D86AC10B21B25210E823790E18C2AE5AF1DAD55CB13C7EB6C4B6499C9726C1A71C8

D70B179E4B70A98040DA21688F50C1FFFACF881475A4F14528E280922F0162131C0979D683504717BEDCF5AF40D25DF717C6

A095AA8734906F1E055C77D7D1B948237702CBA29BB4088A433E568F26C10A32FC49BDAC6B0F4E9F38A4557E4D9E2BEB773B

22361108FDF8FFB396B8C43785A10ABA3C70EAB6A52AF70052C7720A310xF93F529F622DE553809DF2D67F9574650F9465B1

A1C266C27489A5EAB4ACDB89159171E24110FBBA56AB3BBC3921D24F5D77121650B787B2367D23BB1DDF172D0E0B18DFF9AE

AD3E3D0465954A37DD41D886A950EA7AE8B1A56CBE83B6E0D3030FF4C40E5232048BB32B972640711F76E0C8CE9CDB1E6231

76A878D8E9F4B23B917AE55FF9253F4B48DD2BECFB9D6AFEBA9077658CB9FCF748FE5CD849663F79978EE2770ABFC8F9508D

27EBED29B6AD2B893FD39B94DD3F9A25BB42A61B15D1B9DB356A2C38041AAA927A6E86A22167C24399BA210FE4033CCA8133

CDB5D12964381C7CC5094191C7584939997D36D02A264F0515883247DE7DF37D9C80A864CE410827FA349C01702EA21312DA

8427923D7C8BC355A8C5CD417742C5481631C29F843833AD2CF2AC61A14DCD9F3C2E62B5772488BF85B97C903307967A9960

114C6AEB790AA4E36B1DCC2B24CDF73202840418CED411F92984E7028BAF06271FF2CEC325158023D3DB274214FE3E91448E

C90807EF99A00EF916FB1B94E2E6403E0AD533D919413BF3CE42798341BE3251CDA586BAEB50A3DBA9E310F9F8B8A118887C

3A354EA1684688708F05232EDF7EA93EA5CA9F5155D8CA973DEB1BBE01229E40512548D69050EE8A7C1DA7FE6A987E4A0667

A65B59B129909926BA9527294028C1DA5400BDF1A1E345496FB2F537F2EF5A4DF11813EAD6463F2E1F07E5AF44C94509CCE1

E43330AEED0047B706CA565979EF2D916CAA95116653BEAA35BC22F62D86FCC1E4DB6CBF12FE28ED16D1448242FF4633C44E

490D5238044A69C39FE0DC4FA28025C0854BC1CF1545C52331F1C882696404590BD8141B5B4551BE92FDC6F08AF1C045CC43

57C02DB97C26A13A4A254AE872059FC70919634E804E8526FC5BCE242EBF69EDFF7C5201BA9C035CD6009787932316B10A8D

6E6DF0146598E3EC07D8F88CB858F90409822933154E3ABDC3CA071C9646CA09FA89E02C1A41221509F2492ADF97E86C7701

9B6A018203C38028765F467612F7B63736F3AE0BC97E38B9058639AB1B3A710814B2B3A5BBD6D737E52B104A59DFE6C37F34

7E925E5C2AD5C3BAEB5242D655685FD39D1BDD76AD5329D86E670AB6D6E5AA672FBA8CD5EADB9B2C1001B6E5561A3A5B27CC

13728777506E973DFD2216526F62BD846CDE2B56D144040240466220D47B76F99C2B907B8C6D351ABD0DED77E5C2F3AD2942

34FFCAEE6A55CF0337898923163D84A66096BECABE28F8F74D62CCBB0736E39DA479235FB45A8D98433E700471AFA5ABC91B

55068A88E8AC9BF0B7658FC1F19AA87A3869A286345FBDA91C6BF41A0DD9775D805D59ED352CABD52A91A9F788765D643FC8

D416530726CA7789CA53A14A57D959273F77803C8801BDDDDA709523DC73DEF3C82CABDE9E310BC516C826BCABF2B70DD1B1

B6B1B9D50xDDD8E81813780F237726662B7B5143BD783BFC1F032E0E05B52C00000D0A300D0A0D0A

I get this code when I send a Login packet via Tcp to a server.

First I get this header:

HTTP/1.1 200 OK

Date: Fri, 19 Dec 2008 18:18:38 GMT

Server: Apache/2.2.11 (Unix) mod_perl/2.0.4 Perl/v5.10.0

Set-Cookie: autoit_cookieHash=6ad2374f3a3e01f3fb135cb040307278f58a1ded; HttpOnly

Set-Cookie: autoit_boardLastActivityTime=1229710718; expires=Sat, 19-Dec-2009 18:18:38 GMT; HttpOnly

Content-Encoding: gzip

Keep-Alive: timeout=10, max=1000

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: text/html; charset=UTF-8

but why the hack is the 0x64... thing no string???

It should be the source code? Need help plz!

Share this post


Link to post
Share on other sites



Quick translation:

All Your Base Are Belong To Us

[u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]

Share this post


Link to post
Share on other sites

Hi,

I need help to uncrypt this Code:

I get this code when I send a Login packet via Tcp to a server.

First I get this header:

but why the hack is the 0x64... thing no string???

It should be the source code? Need help plz!

Please post your source code.

Share this post


Link to post
Share on other sites

#include<String.au3>

HotKeySet("q","logout")
HotKeySet("y","login")

TCPStartup() ;"Dienst" wird gestartet
$iIP = TCPNameToIP("autoitbot.de") ;IP Adresse von der Internetseite wird ermittelt
$iSocket = TCPConnect($iIP, 80) ;Verbindung wird hergestellt (auf Port 80)

While 1
    Sleep(150)
WEnd

Func login()
$User      = "i3illig"
$Pass      = "MYPASS"
$sPost     = "loginUsername="&$User&"&loginPassword="&$Pass&"&url=%2Findex.php&x=14&y=8"

$sHeader =  "POST /index.php?form=UserLogin HTTP/1.1" & @CRLF & _
            "Host: autoitbot.de" & @CRLF & _
            "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.3 (de) (TL-FF)" & @CRLF & _
            "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" & @CRLF & _
            "Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3" & @CRLF & _
            "Accept-Encoding: gzip,deflate" & @CRLF & _
            "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" & @CRLF & _
            "Keep-Alive: 300" & @CRLF & _
            "Connection: keep-alive" & @CRLF & _
            "Referer: http://autoitbot.de/index.php" & @CRLF & _
            "Content-Type: application/x-www-form-urlencoded" & @CRLF & _
            "Content-Length: "& StringLen($sPost) & @CRLF & @CRLF & $sPost          
            
    $iSend = TCPSend($iSocket, $sHeader) ;Paket wird gesendet
    
     While 1
        $sRecv = TCPRecv($iSocket, 1024)
        If $sRecv <> '' Then
            While 1
                $sRecv &= TCPRecv($iSocket, 1024)
                If @error Then ExitLoop 2
            WEnd
        EndIf
    WEnd    

FileWrite("Recv.txt",$sRecv)
TrayTip("Info","Logged in...",10)
EndFunc

Func logout()
$Recv = FileRead("Recv.html")

$Logout  =  "fed4442ecd96f9db01672e148bf7d161247aa100" ; den wert finde ich nicht
$Cookie  = _StringBetween($Recv,"autoitbot_cookieHash=",";")
$LastTime= _StringBetween($Recv,"autoitbot_boardLastActivityTime=",";")

$sHeader =  "GET /index.php?action=UserLogout&t="&$Logout&" HTTP/1.1" & @CRLF & _
            "Host: autoitbot.de" & @CRLF & _
            "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.3 (de) (TL-FF)" & @CRLF & _
            "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" & @CRLF & _
            "Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3" & @CRLF & _
            "Accept-Encoding: gzip,deflate" & @CRLF & _
            "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" & @CRLF & _
            "Keep-Alive: 300" & @CRLF & _
            "Connection: keep-alive" & @CRLF & _
            "Referer: http://autoitbot.de/index.php" & @CRLF & _
            "Cookie: autoitbot_boardLastActivityTime="&$LastTime[0]&"; ajax_chat_lang=de; ajax_chat_settings=bbCode%3Dtrue%26bbCodeImages%3Dtrue%26bbCodeColors%3Dtrue%26hyperLinks%3Dtrue%26lineBreaks%3Dtrue%26emoticons%3Dtrue%26autoFocus%3Dtrue%26autoScroll%3Dtrue%26maxMessages%3D0%26wordWrap%3Dtrue%26maxWordLength%3D32%26dateFormat%3D(%2525H%253A%2525i%253A%2525s)%26persistFontColor%3Dfalse%26fontColor%3Dnull%26audio%3Dtrue%26audioVolume%3D1%26soundReceive%3Dsound_1%26soundSend%3Dsound_2%26soundEnter%3Dsound_3%26soundLeave%3Dsound_4%26soundChatBot%3Dsound_5%26soundError%3Dsound_6%26blink%3Dtrue%26blinkInterval%3D500%26blinkIntervalNumber%3D10; ajax_chat_style=Basic; autoitbot_cookieHash="&$Cookie[0]&"; autoitbot_userID=51; autoitbot_password=cc1fbd6752dea7287403402be88236d87451e1be" & @CRLF & @CRLF    
            
    $iSend = TCPSend($iSocket, $sHeader) ;Paket wird gesendet

EndFunc

Share this post


Link to post
Share on other sites

It appears the site that is sending your script the packets is useing SSL encryption. without knowing keycode to unencrypt this it will be almost impossable to do.

Share this post


Link to post
Share on other sites

ok. thx

My login packet works, but to logout I need the $Logout value (look at my source)

I got the Cookies from the header but where can i find the $logout?

Share this post


Link to post
Share on other sites

The problem is that you reciving that data in gzip compression...

"""Accept-Encoding: gzip,deflate"""

I'm pacing the same problem now as i wonder how to decrpy this..

I fyou remove the "Accept-Encoding: gzip,deflate" line after the headers finsh all you need to do is

Binarytostring and it will be decrypted.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0