Sign in to follow this  
Followers 0

Help decoding a file

12 posts in this topic

Posted

Ladies & Gentlemen,

I'm trying to work on this text file for an assignment. I need to decode it into some kind of readable format, I know it has something to do with bit shifting or XORing the data but I just can't seem to make any progress?

Is anyone out there able to help point me in the right direction?

Regardz :)

FileToDecode.txt

Share this post


Link to post
Share on other sites

Posted

Do you have any idea what the decoded content is or what the encoding is? Without any information this is just a bunch of random numbers:

5D 4B 4C CB 45 CF C9 EF 4D CD 45 CD CE 45 CB 44 4D C6 6F 49 45 C6 C5 6F 4B CF 44 CD 6F CF C8 EF CB 48 E9 4D CD C7 C5 4B 6F CA 48 C8 C4 49 CD 4D 4C CD 6F 48 CC EF C5 CB CD 6F CE 46 4B 49 CB 48 CF C9 EF 4A 45 C6 45 4B 4E CD 6F 46 43 C6 45 4D C9 E9 6F 4E 48 C9 47 45 45 CD C6 EF 4B CF C6 CD 44 CF 46 4D 6F CF C8 CD 6F 46 C8 CC 45 44 CF C6 CD 6F 46 43 C6 45 4D 49 C6 E9 6F 4F C8 CD 6F CB C8 44 4D C6 45 4B 4C CF 45 CB 44 CD 6F CF C8 CD 6F CD 44 CB 4D CD 48 CE 4D 69 4C 4F C5 4B CD C6 CB 48 CC 6F C7 46 C8 C5 48 4E C8 49 C6 E8 EF 6F D5 4B 4D C3 6F CF 49 C6 C8 EF 48 4D CD CD 6F 4A 48 48 C4 C9 CD 4D 4C 4D 6F C8 CC EF 44 CF 46 CB 48 45 C6 6F C8 47 CD 46 CF 45 CB 48 CC 6F 46 43 C6 45 4D 49 C6 E9 EF 47 49 CF C5 CC C8 46 49 46 E9 EF 4C CB 49 CD EF C5 C3 47 4D 46 6F 44 CB C5 CB EF 4D CF 45 CF 6F C6 CD 45 C6 6F CB C8 EF 45 4B CD 6F C9 C5 C9 45 4B C7 49 4D E9 45 CD 46 CF 4E C3 45 CD EF 46 CF C8 98 9A D1

Share this post


Link to post
Share on other sites

Posted

The only information I was given is that is was originally an English string. It has been encoded in hex workshop by using bit shift left/right, xor, and, as well as rotate left and right options. Any combination of those. I'm trying every permutation I can think of but I'm not getting any closer.

Regardz :)

Share this post


Link to post
Share on other sites

Posted

I suddenly have fond memories of editing Commodore 64 games. hehe

Share this post


Link to post
Share on other sites

Posted

The only information I was given is that is was originally an English string. It has been encoded in hex workshop by using bit shift left/right, xor, and, as well as rotate left and right options. Any combination of those. I'm trying every permutation I can think of but I'm not getting any closer.

Regardz :)

Does the number of characters in the original string correspond to the number of bytes or words in the file? If for instance we can assume each word (two bytes) maps to a single character, there's potentially some useful guesswork to do by comparing their statistical occurance in the binary to that of letters in the English language. For example 0xCD seems quite common and is found in pairs so it could be an "e" or a "t". If you can reverse-engineer at least a few letters then you can compare their ASCII value to the encoded value and figure out the transformation used much more easily.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

The only information I was given is that is was originally an English string. It has been encoded in hex workshop by using bit shift left/right, xor, and, as well as rotate left and right options. Any combination of those. I'm trying every permutation I can think of but I'm not getting any closer.

I had to mess with this kind of stuff when I took a course in digital forensics. The way the encoding options work with Hex Workshop is that it will be very difficult to stumble upon the right combination of steps to decode it. What's worse is that some of those options in HW are destructive, i.e. do option x & then undo option x and the data has been irreversibly altered.

Share this post


Link to post
Share on other sites

Posted

It looks like 0xCD might be space by the placement of it.

Share this post


Link to post
Share on other sites

Posted

.Eifital detectivds!mtsu have an in-ddpuh knowledfe!of the crimin`l!jtsuibe!sxsuel,!cnmquter hardvase and!snfuw`re systemr,!and iovdsuifative and evidence-gauhdring qrntocolr.! Uhdy alsn oedd!koovledge of various operating systemr,!platforms, file types!whth data sets hn!the mtluiqld-terabyte!r`n..

Close enough!

Rotate left (16-Bit) and Inverse Bits.

Share this post


Link to post
Share on other sites

Posted

Digital detectives must have an in-depth knowledge of the criminal justice system, computer hardware and software systems, and investigative and evidence-gathering protocols. They also need knowledge of various operating systems, platforms, file types with data sets in the multiple-terabyte range.

Game over!

1) Inverse Bits

2) Rotate Left (32 bits)

3 people like this

Share this post


Link to post
Share on other sites

Posted

Asik,

I did presume the same thing, by trying to find the most common occurrences and assume they translated to the letter 'E' or a space and go from there but it always seem garbled.

Alex,

How the hell did you figure that out? Was it simple trial and error? I had a matrix made up for two operations using one and then the other to try and get somewhere but I always got more and more garbled text. But I'm not sure if I was doing Innuendo mentioned by destroying the data and not starting over each time. Genius work mate. I need to come up with a kind of pseudo-algorithm to figure this out for the others I have to do.

Regardz :)

Share this post


Link to post
Share on other sites

Posted

Asik,

I did presume the same thing, by trying to find the most common occurrences and assume they translated to the letter 'E' or a space and go from there but it always seem garbled.

Alex,

How the hell did you figure that out? Was it simple trial and error? I had a matrix made up for two operations using one and then the other to try and get somewhere but I always got more and more garbled text. But I'm not sure if I was doing Innuendo mentioned by destroying the data and not starting over each time. Genius work mate. I need to come up with a kind of pseudo-algorithm to figure this out for the others I have to do.

Regardz :)

I was simply trail and error using Hex Workshop software.

If your assignment is to automate the decoding, then you already have answer to work on.

Share this post


Link to post
Share on other sites

Posted

I was simply trail and error using Hex Workshop software. If your assignment is to automate the decoding, then you already have answer to work on.

I've basically got a few files to try and decode with various different methods of encryption, most of them just using the tools within Hex Workshop. I'm trying to find some sort of method other than 'blind' trial and error. But it's much, much simpler now that I know what I'm working towards with one of the files at least. I appreciate your help immensely mate.

Thanks too everyone else that helped out too!

Regardz :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.