> Here're some more examples: > > [email protected] GGobQ2bsqd64PXVAmaDiDBg= > [email protected] GWobQ2bsqd64PXVAmaDiDBg= > [email protected] GGobQ2bsqd64PXVAmaDiDA== > dummy@example.@ex GGobQ2bsqd64PXVAmaDBBg0= > dummy GGobQ2Y= > dumm GGobQw== > eummy GWobQ2Y= > eumm GWobQw== > example.com GWcXQ2/AqYi6P2g= > dxample.com GGcXQ2/AqYi6P2g= > [email protected] TS5HHy7sqd64PXVAmaDiDBg= > 11111 TS5HHy4= > > Looks like a base64+xor, am I right? And that's enough information for me.
Yes, it is looking like a fixed key stream XORed with the plaintext. Note that this could mean they're using any number of "good" encryption algorithms (block cipher in OFB mode, stream cipher) with a fixed IV. This means the encryption is very broken, but it doesn't necessarily mean they are using some half-baked custom obfuscation technique. They could be, but be careful with your accusations. HTH, tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
