Hacker Diaries: Base 64 Hacking


Recently I ran into some database connectors that were obfuscated in the configuration file. I ran typical Base 64, UUEncode, etc techniques to reverse the obfuscation, but nothing worked. Then a co-worker of mine mentioned, “yeah its probably base 64, but they used a different indexing scheme”.

Good point! Sometimes we get so use to “hacking away” at things and we forget the variations that are simple and straight forward.

As a good hacker should I did some googling and didn’t find any tools or libraries to do this with (always look for someone else’s solution). Then I did some googling for examples of Base 64 decoding and to see how the indexing tables work. Let’s look at the basic Base 64 indexing scheme. The figure below shows how characters (more than 64) are converted into Base 64 Encoding:

Base 64 Encoding

The index table that goes along with the basic base 64 encoding looks like:

Base64 Index Table

So, it can be easy to create a Base 64 variation that just changes the character to index. Given this thought I created the following simple python code to loop through all standard index table variations and decode. Alas, this still didn’t solve my problem, so more to come…

import string
import base64
test_str = <provide your own>

std_base64chars = “ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/”
def base64DecodeWith(str_to_decode, index_table_with_str):
s = str_to_decode.translate(string.maketrans(index_table_with_str, std_base64chars))
print “The translated decode string is: ” + s
return base64.b64decode(s)

def base64EncodeWith(str_to_encode, index_table_with_str):
s = base64.b64encode(str_to_encode)
print “The encoded string is: ” + s
return s.translate(string.maketrans(std_base64chars, index_table_with_str))

start_str = std_base64chars
for i in range(len(std_base64chars)):
print “Iteration ” + str(i) + ” with: ” + start_str
decresult = base64DecodeWith(test_str, start_str)
print “Results in: ” + decresult + “\n\n”
start_str = start_str[-1:] + start_str[:-1]

Leave a comment

Your email address will not be published. Required fields are marked *