2

I have data coming in the form of XML with certain XML attributes being encrypted. I am very new to encryption/decryption. So I would like a detailed explanation on how to find the encryption algorithm, if at all there is any applied on this data. Or is it some other form of encoded format? Please ask any question related to data, I would be more than happy to help on that. Sample encrypted data looks like this:

7b5c727466315c616e73695c616e7369637067313235325c64656666305c6465 666c616e67313033337b5c666f6e7474626c7b5c66305c666e696c2054696d6573204e657720526f6d616e3b7d7b5c66315c666e696c5c 66636861727365743020417269616c3b7d7b5c66325c666e696c5c6663686172736574302054696d6573204e657720526f6d616e3b7d7d 0d0a7b5c636f6c6f7274626c203b5c726564305c677265656e305c626c7565303b7d0d0a5c766965776b696e64345c7563315c70617264 5c6366315c66305c667332305c7061720d0a5c6366305c6631204c6f74204e696e65202839292c206f66204245415220435245454b2050 4f4c4f2052414e43482c20616e206164646974696f6e20696e20456c6c697320436f756e74792c2054657861732c206163636f7264696e 6720746f20746865206d6170206f7220706c61742074686572656f66207265636f7264656420696e20436162696e657420432c20536c69 6465204e6f2e20343535206f662074686520506c6174205265636f726473206f6620456c6c697320436f756e74792c2054657861732e5c 6366315c66325c7061720d0a7d0d0a00

Ebenezar John Paul
  • 2,874
  • 14
  • 23
Joy
  • 23
  • 1
  • 3

2 Answers2

2

This is just straight ASCII represented in hexidecimal. I removed the newlines and the following python code will display it:

>>> from binascii import unhexlify
>>> ascii = "7b5c727466315c616e73695c616e7369637067313235325c64656666305c6465666c616e67313033337b5c666f6e7474626c7b5c66305c666e696c2054696d6573204e657720526f6d616e3b7d7b5c66315c666e696c5c66636861727365743020417269616c3b7d7b5c66325c666e696c5c6663686172736574302054696d6573204e657720526f6d616e3b7d7d0d0a7b5c636f6c6f7274626c203b5c726564305c677265656e305c626c7565303b7d0d0a5c766965776b696e64345c7563315c706172645c6366315c66305c667332305c7061720d0a5c6366305c6631204c6f74204e696e65202839292c206f66204245415220435245454b20504f4c4f2052414e43482c20616e206164646974696f6e20696e20456c6c697320436f756e74792c2054657861732c206163636f7264696e6720746f20746865206d6170206f7220706c61742074686572656f66207265636f7264656420696e20436162696e657420432c20536c696465204e6f2e20343535206f662074686520506c6174205265636f726473206f6620456c6c697320436f756e74792c2054657861732e5c6366315c66325c7061720d0a7d0d0a00"
>>> unhexlify(ascii)
'{\\rtf1\\ansi\\ansicpg1252\\deff0\\deflang1033{\\fonttbl{\\f0\\fnil Times New Roman;}{\\f1\\fnil\\fcharset0 Arial;}{\\f2\\fnil\\fcharset0 Times New Roman;}}\r\n{\\colortbl ;\\red0\\green0\\blue0;}\r\n\\viewkind4\\uc1\\pard\\cf1\\f0\\fs20\\par\r\n\\cf0\\f1 Lot Nine (9), of BEAR CREEK POLO RANCH, an addition in Ellis County, Texas, according to the map or plat thereof recorded in Cabinet C, Slide No. 455 of the Plat Records of Ellis County, Texas.\\cf1\\f2\\par\r\n}\r\n\x00'

Things to recognize are the 0x0a, 0x0d ASCII characters at the end that represent a line feed and carriage return respectively. Also a lot of the text is between 0x41 to 0x5A (A-Z), and 0x61 to 0x7A (a-z).

To address your question about recognizing encryption. Unless the communication protocol or file format provides you with the algorithm type there is generally no way to tell one encryption algorithm from another just based on encrypted data. For files it can be provided in a file header value. You'd still have to know what value in the header represent an encryption algorithm, and then further you'd have to determine which algorithm the value represented. For secure communication protocols the algorithms are generally negotiated during the protocol's initialization.

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
1

Most Encryption methods leave something like a fingerprint - for example: fixed first couple of characters; lenth of hashes; etc. By such it's possible to determine the algorithm used...

I havn't found a particular documentation oder article by a quick google search, but I stumbled uppon following project (simple python script):

https://code.google.com/p/hash-identifier/

Check that out - maybe it guesses your hashes correctly :-)

gue
  • 129
  • 1