0

I have email which is stored in Cookie :

%2FGl%F8%7E%06%F1S%FEF%10%E0T%B3%95%82BK%D9%D3%94%BC%AE%E1

which is sth like this after convert it with this tool : http://www.tareeinternet.com/scripts/unescape.html

/Glø~ñSþFàT³BKÙÓ¼®á

Does anybody have an idea what kind of hash it might be? I know email address which is stored here, but I don't want to make it public.

Adi
  • 43,808
  • 16
  • 135
  • 167
Mateusz
  • 11
  • It's a 192 bit hash corresponding to the hex string `46476cf87e06f153fe4610e054b39582424bd9d394bcaee1` (or in binary (`010001100100011101101100111110000111111000000110111100010101001111111110010001100001000011100000010101001011001110010101100000100100001001001011110110011101001110010100101111001010111011100001`). They just URL encoded the non-printable ASCII bytes. – dr jimbob Mar 24 '14 at 23:49
  • Actually it is my email converted to this. But I don't know how it is actually converted. Thanks! – Mateusz Mar 26 '14 at 15:55
  • Actually for some reason I copied the first byte wrong in my 192-bit hash (should be '2f') so it is `2f476cf87e06f153fe4610e054b39582424bd9d394bcaee1` hex string. By URL encoding, I just mean percent encoding -- the encoding scheme where you specify some bytes (unprintable ascii, or otherwise want to be avoided) with a % followed by two hexadecimal characters. See: http://en.wikipedia.org/wiki/Percent-encoding – dr jimbob Mar 26 '14 at 20:34
  • You got the weird decoding `/Glø~ñSþFàT³BKÙÓ¼®á` as its not [UTF-8](http://en.wikipedia.org/wiki/UTF-8) (doesn't have right form), so the browser defaults to [ISO-8859-1](http://en.wikipedia.org/wiki/ISO/IEC_8859-1). Note your string is actually 24 characters long, though 5 are invisible. For a gentle introduction to encoding see: http://www.joelonsoftware.com/articles/Unicode.html – dr jimbob Mar 26 '14 at 20:40
  • My email is 22 characters long if that could help here. Dr jimbob - I've used JavaScript unescape() Function to change %2FGl%F8%7E%06%F1S%FEF%10%E0T%B3%95%82BK%D9%D3%94%BC%AE%E1 to this: /Glø~ñSþFàT³BKÙÓ¼®á – Mateusz Mar 27 '14 at 13:59

1 Answers1

1

Based on the fact that it contains "binary" characters (those > 0x7F), it's likely it was encrypted before being stored in the cookie. If the site wanted to encode it in a way that was publicly readable they could have used any number of ASCII-only encoding schemes. It seems they deliberately obscured the email address to make it publicly unreadable from the cookie, while allowing them to decrypt it using a key only they know.

If you want to be exhaustive in your search for a possible encoding format, you need to interpret the characters using different character sets. In this case though it's unlikely any character set would make sense: the email address stored is almost certainly ASCII-only, so only a non-ASCII compatible character set would generate that type of output. UTF-16 and UTF-32 are possibilities though, if the email address was short.

Animism
  • 141
  • 3