Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Decrypting Text


  • Please log in to reply
7 replies to this topic

#1 mtxfreestyle

mtxfreestyle

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 25 November 2008 - 08:34 AM

Hey! I have a problem and was hoping that you guys could help :thumbsup: I really hope you can!

Lortemail is a place where you can make temporary email accounts and I registered an important account on it.

Recently I recieved an e-mail from them but it is encrypted (I think?!) and was wondering wether you could help me out!

Here is the text from the email:

Emne: =?gbk?B?W0dhcmVuYSBHYW1pbmcgQ29tbXVuaXR5XSBHdWlkZSB0byByZXRyaWV2ZSBwYXNzd29yZA==?=
Modtaget: 25/11 - 14:27




DQpNZXR8bWlHR2Vso6wNClNlbmQgQnkgR2FyZW5hIEdhbWluZyBDb21tdW5pdHk6DQoNCllvdSwg
b3Igc29tZW9uZSBwb3NpbmcgYXMgeW91LCBoYXMgcmVxdWVzdGVkIHRvIHJlc2V0IHBhc3N3b3Jk
IGluDQpvdXIgZm9ydW0uDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkF0dGVudGlvbqOhDQotLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQoNCklmIHRoaXMgaXMgbm90IGEgdmFsaWQgcmVxdWVzdCBtYWRlIGJ5IHlvdSwgcGxlYXNl
IGRpc3JlZ2FyZCB0aGlzDQplbWFpbCBpbW1lZGlhdGVseS4NCg0KSWYgaXQgdGhpcyBpcyBhIHZh
bGlkIHJlcXVlc3QsIHBsZWFzZSBmb2xsb3cgdGhlIHN0ZXBzIHRvIHJlc2V0IHlvdXINCnBhc3N3
b3JkLg0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NClBhc3N3b3JkIFJlc2V0IFN0ZXBzDQotLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQoNCg0KMS4gVG8gcmVzZXQgeW91ciBwYXNzd29yZCwgcGxlYXNlIGNsaWNrIG9uIHRoZSBs
aW5rIGJlbG93IGluIDMgZGF5cy4NCg0KaHR0cDovL3d3dy5nYXJlbmEuY29tL2ZvcnVtL21lbWJl
ci5waHA/YWN0aW9uPWdldHBhc3N3ZCZ1aWQ9NDgxNjI4MSZpZD0xQ01ZaFoNCg0KKFlvdSBtYXkg
bmVlZCB0byBjdXQgYW5kIHBhc3RlIHRoZSBsaW5rIGludG8geW91ciB3ZWIgYnJvd3Nlci4pDQoN
CjIuIFlvdSB3aWxsIG5lZWQgdG8gZW50ZXIgYW5kIGNvbmZpcm0geW91ciBuZXcgcGFzc3dvcmQu
DQoNCjMuIFlvdSBjYW4gbG9naW4gd2l0aCB5b3VyIG5ldyBwYXNzd29yZCwgeW91IGNhbiBjaGFu
Z2UgeW91ciBwYXNzd29yZA0KaW4gVXNlciBDUC4gYXQgYW55dGltZS4NCg0KUmVxdWVzdCBCeSBJ
UCA6IDc3LjEwMy4yNTAuMTQwDQoNCg0KQmVzdCBSZWdhcmRzDQoNCkdhcmVuYSBHYW1pbmcgQ29t
bXVuaXR5IEFkbWluaXN0cmF0aW9uIEdyb3VwLg0KaHR0cDovL3d3dy5nYXJlbmEuY29tL2ZvcnVt
Lw==

>_<

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:41 AM

Posted 25 November 2008 - 08:50 AM

Can't help. Even if it was an encrypted message, we would not have access to the decryption scheme. Contact Lortemail for help.

#3 mtxfreestyle

mtxfreestyle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 25 November 2008 - 08:54 AM

I think it is Javascript?

Because I was just searching Google and came across this... http://bytes.com/groups/javascript/645887-...rypt-javascript

#4 mtxfreestyle

mtxfreestyle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 25 November 2008 - 09:59 AM

I have done more research and I have found out it is some sort of thing called MIME?!

Here:

Subject: ¡¾¡¾¡¾Flying Shose!!¡¾¡¾¡¾¡¾Flying Shose!!¡¾¡¾¡¾
MIME-Version: 1.0
Content-Type: text/html; charset=big5
Content-Transfer-Encoding: base64

PGh0bWw+DQoNCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250
ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9YmlnNSI+DQo8dGl0bGU
+Zmx5c2hvc2U8L3RpdGxl
Pg0KPC9oZWFkPg0KDQo8Ym9keSBiZ2NvbG9yPSIjRkZGRkZGIiB0ZXh0PSIjMDAwMDAwIj4N
CjxkaXYgYWxpZ249ImNlbnRlciI+DQoNCjxwPg0KPG9iamVjdCBjbGFzc2lkPSJjbHNpZDpE
MjdDREI2RS1BRTZELTExY2YtOTZCOC00NDQ1NTM1NDAwMDAiDQpjb2RlYmFzZT0iaHR0cDov
L2Rvd25sb2FkLm1hY3JvbWVkaWEuY29tL3B1Yi9zaG9ja3dhdmUvY2Ficy9mbGFzaC9zd2Zs
YXNoLmNhYiN2ZXJzaW9uPTUsMCwwLDAiDQp3aWR0aD0iNjAwIiBoZWlnaHQ9IjMwMCI+DQog
IDxwYXJhbSBuYW1lPSJtb3ZpZSINCiAgdmFsdWU9Imh0dHA6Ly9ob21lLnBjaG9tZS5jb20u
dHcvbmV0L2VuZ19zaG9lczEwL2VuZy9pbnRyby1lLnN3ZiI+DQogIDxwYXJhbSBuYW1lPSJx
dWFsaXR5IiB2YWx1ZT0iaGlnaCI+PGVtYmVkIHNyYz0iaHR0cDovL2hvbWUucGNob21lLmNv
bS50dy9uZXQvZW5nX3Nob2VzMTAvZW5nL2ludHJvLWUuc3dmIgpxdWFsaXR5PSJoaWdoIgpw
bHVnaW5zcGFnZT0iaHR0cDovL3d3dy5tYWNyb21lZGlhLmNvbS9zaG9ja3dhdmUvZG93bmxv
YWQvaW5kZXguY2dpP1AxX1Byb2RfVmVyc2lvbj1TaG9ja3dhdmVGbGFzaCIKdHlwZT0iYXBw
bGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSI2MDAiIGhlaWdodD0iMzAwIj4N
Cjwvb2JqZWN0Pg0KPC9wPg0KDQo8cCBhbGlnbj0iY2VudGVyIj48Zm9udCBzaXplPSIzIj6h
RUlmIHl
vdSBjYW4ndCBzZWUgKGFuZCBoZWFyKSB0aGUgYWJvdmUgYW5pbWF0aW9uLCB5b3Ug
DQpzaG91bGQgPGENCmhyZWY9Imh0dHA6Ly93d3cubWFjcm9tZWRpYS5jb20vc2hvY2t3YXZl
L2Rvd25sb2FkL2Rvd25sb2FkLmNnaT9QMV9Qcm9kX1ZlcnNpb249U2hvY2t3YXZlRmxhc2gi
Pmluc3RhbGwgDQpTaG9ja3dhdmUgRmxhc2g8L2E+PC9mb250PjwvcD4NCg0KPHAgYWxpZ249
ImNlbnRlciI+PGEgaHJlZj0iaHR0cDovL2hvbWUucGNob21lLmNvbS50dy9uZXQvZW5nX3No
b2VzMTAvY2hpbi9pbmRleC5odG0iPkNISU5FU0U8L2E+IA0KJm5ic3A7IDxhIGhyZWY9Imh0
dHA6Ly9ob21lLnBjaG9tZS5jb20udHcvbmV0L2VuZ19zaG9lczEwL2luZGV4Lmh0bSI+Tk9U
RTwvYT48L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NPEhUTUw+DQo8QSBuYW1lPSIN
CnRlc3QNCqRXpMggMTI6MjQ6MTINCjIwMDEvNC8yMw0KdGVzdA0KIj48L2E+DQo8L0hUTUw+
DQo=

Now if I only knew how to change it back...

#5 mtxfreestyle

mtxfreestyle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 25 November 2008 - 10:01 AM

Hey guys, guess what, the noob figured it out on his own >_<

If you get this problem, go here -> http://www.opinionatedgeek.com/dotnet/tool...de/Default.aspx

It is a base 64 Decoder (have no idea what it is!> xD)

Thx! I'll be off now!

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:41 AM

Posted 25 November 2008 - 10:15 AM

Ok, but base 64 doesn't use plus signs or underscores, and it isn't javascript.

#7 Dennis the Menace

Dennis the Menace

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:08:41 AM

Posted 21 December 2008 - 09:43 PM

mtxfreestyle

I see that you have solved the problem yourself. On first look, it seemed to me that this was reminscent of a MIME encapulated (64) encoded file. ... most likely containing all or a part of an image ... used to see these many times on Sun machines. and sometimes on transfer of file from Solaris or Unix to Windows.. Contact whomever sent it and ask for it again also make sure that your system aan read mime encapsulated messages.

#8 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:41 AM

Posted 22 December 2008 - 11:12 PM

It is mime/base64. And it is an ad for flying shoes.
The link goes to a Taiwan website with "oops" then redirects
to a new Taiwan site.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users