Help decoding a file

[Benjo85au]

Ladies & Gentlemen,

I'm trying to work on this text file for an assignment. I need to decode it into some kind of readable format, I know it has something to do with bit shifting or XORing the data but I just can't seem to make any progress?

Is anyone out there able to help point me in the right direction?

Regardz :)

FileToDecode.txt

[AlexTan]

Digital detectives must have an in-depth knowledge of the criminal justice system, computer hardware and software systems, and investigative and evidence-gathering protocols. They also need knowledge of various operating systems, platforms, file types with data sets in the multiple-terabyte range.

Game over!

1) Inverse Bits

2) Rotate Left (32 bits)

[Andre S. Veteran]

Do you have any idea what the decoded content is or what the encoding is? Without any information this is just a bunch of random numbers:

5D 4B 4C CB 45 CF C9 EF 4D CD 45 CD CE 45 CB 44 4D C6 6F 49 45 C6 C5 6F 4B CF 44 CD 6F CF C8 EF CB 48 E9 4D CD C7 C5 4B 6F CA 48 C8 C4 49 CD 4D 4C CD 6F 48 CC EF C5 CB CD 6F CE 46 4B 49 CB 48 CF C9 EF 4A 45 C6 45 4B 4E CD 6F 46 43 C6 45 4D C9 E9 6F 4E 48 C9 47 45 45 CD C6 EF 4B CF C6 CD 44 CF 46 4D 6F CF C8 CD 6F 46 C8 CC 45 44 CF C6 CD 6F 46 43 C6 45 4D 49 C6 E9 6F 4F C8 CD 6F CB C8 44 4D C6 45 4B 4C CF 45 CB 44 CD 6F CF C8 CD 6F CD 44 CB 4D CD 48 CE 4D 69 4C 4F C5 4B CD C6 CB 48 CC 6F C7 46 C8 C5 48 4E C8 49 C6 E8 EF 6F D5 4B 4D C3 6F CF 49 C6 C8 EF 48 4D CD CD 6F 4A 48 48 C4 C9 CD 4D 4C 4D 6F C8 CC EF 44 CF 46 CB 48 45 C6 6F C8 47 CD 46 CF 45 CB 48 CC 6F 46 43 C6 45 4D 49 C6 E9 EF 47 49 CF C5 CC C8 46 49 46 E9 EF 4C CB 49 CD EF C5 C3 47 4D 46 6F 44 CB C5 CB EF 4D CF 45 CF 6F C6 CD 45 C6 6F CB C8 EF 45 4B CD 6F C9 C5 C9 45 4B C7 49 4D E9 45 CD 46 CF 4E C3 45 CD EF 46 CF C8 98 9A D1

[Benjo85au]

The only information I was given is that is was originally an English string. It has been encoded in hex workshop by using bit shift left/right, xor, and, as well as rotate left and right options. Any combination of those. I'm trying every permutation I can think of but I'm not getting any closer.

Regardz :)

[McCordRm]

I suddenly have fond memories of editing Commodore 64 games. hehe

[Andre S. Veteran]

The only information I was given is that is was originally an English string. It has been encoded in hex workshop by using bit shift left/right, xor, and, as well as rotate left and right options. Any combination of those. I'm trying every permutation I can think of but I'm not getting any closer.

Regardz :)

Does the number of characters in the original string correspond to the number of bytes or words in the file? If for instance we can assume each word (two bytes) maps to a single character, there's potentially some useful guesswork to do by comparing their statistical occurance in the binary to that of letters in the English language. For example 0xCD seems quite common and is found in pairs so it could be an "e" or a "t". If you can reverse-engineer at least a few letters then you can compare their ASCII value to the encoded value and figure out the transformation used much more easily.

[Innuendo]

The only information I was given is that is was originally an English string. It has been encoded in hex workshop by using bit shift left/right, xor, and, as well as rotate left and right options. Any combination of those. I'm trying every permutation I can think of but I'm not getting any closer.

I had to mess with this kind of stuff when I took a course in digital forensics. The way the encoding options work with Hex Workshop is that it will be very difficult to stumble upon the right combination of steps to decode it. What's worse is that some of those options in HW are destructive, i.e. do option x & then undo option x and the data has been irreversibly altered.

[Eric Veteran]

It looks like 0xCD might be space by the placement of it.

[AlexTan]

.Eifital detectivds!mtsu have an in-ddpuh knowledfe!of the crimin`l!jtsuibe!sxsuel,!cnmquter hardvase and!snfuw`re systemr,!and iovdsuifative and evidence-gauhdring qrntocolr.! Uhdy alsn oedd!koovledge of various operating systemr,!platforms, file types!whth data sets hn!the mtluiqld-terabyte!r`n..

Close enough!

Rotate left (16-Bit) and Inverse Bits.

[Benjo85au]

Asik,

I did presume the same thing, by trying to find the most common occurrences and assume they translated to the letter 'E' or a space and go from there but it always seem garbled.

Alex,

How the hell did you figure that out? Was it simple trial and error? I had a matrix made up for two operations using one and then the other to try and get somewhere but I always got more and more garbled text. But I'm not sure if I was doing Innuendo mentioned by destroying the data and not starting over each time. Genius work mate. I need to come up with a kind of pseudo-algorithm to figure this out for the others I have to do.

Regardz :)

[AlexTan]

Asik,

I did presume the same thing, by trying to find the most common occurrences and assume they translated to the letter 'E' or a space and go from there but it always seem garbled.

Alex,

How the hell did you figure that out? Was it simple trial and error? I had a matrix made up for two operations using one and then the other to try and get somewhere but I always got more and more garbled text. But I'm not sure if I was doing Innuendo mentioned by destroying the data and not starting over each time. Genius work mate. I need to come up with a kind of pseudo-algorithm to figure this out for the others I have to do.

Regardz :)

I was simply trail and error using Hex Workshop software.

If your assignment is to automate the decoding, then you already have answer to work on.

[Benjo85au]

I was simply trail and error using Hex Workshop software. If your assignment is to automate the decoding, then you already have answer to work on.

I've basically got a few files to try and decode with various different methods of encryption, most of them just using the tools within Hex Workshop. I'm trying to find some sort of method other than 'blind' trial and error. But it's much, much simpler now that I know what I'm working towards with one of the files at least. I appreciate your help immensely mate.

Thanks too everyone else that helped out too!

Regardz :)