Relation between plain text and encrypted in URL
There are several plain text and encrypted text like:
Plain text | Encrypted text |
---|---|
10101004535 | 7Za9kHM9OH6tKTrtxy86gw== |
10860586924 | /nwjXW3MYkcATRS5Xyjx/A== |
10480090635 | /F0D9ePZffTIiH/P8mK+kw== |
10861778058 | VUtRdsB/qYOUflYzeF3G6A== |
... | ... |
that we only have access to total simple texts together. A website provides encrypted text one by one with captcha code. In this website URLs, we could open the pages programatically by replacing plain text in URLs. But now we need to convert the plain text to encrypted text first.
In other word, this website takes plain text (meaningful number) with captcha code and after encrypting it into another URL that contains the encrypted text, it provides useful information about that meaningful number. While previously the URL contained the same plain text.
There are about 60,000 similar cases that need to be determined and then use the information obtained.
Practically, such a thing is not possible. A logical relationship should be discovered with a small number of data and the rest of the target data should be found.
How to identify it?
Attempts via internet search and sites that do this have been fruitless.
Among the available methods, this one provided better results:
<?php
echo openssl_encrypt($data, $cipher_algo, "")
?>
And this is repeated for all the following cases: (only for 10101004535 -----> 7Za9kHM9OH6tKTrtxy86gw==)
$cipher_algo | Result for plain text ($data="10101004535") |
---|---|
aes-128-cbc | nP/zXDr4u0wJgeiMZ2a0xQ== |
aes-128-cbc-hmac-sha1 | nP/zXDr4u0wJgeiMZ2a0xQ== |
aes-128-cbc-hmac-sha256 | nP/zXDr4u0wJgeiMZ2a0xQ== |
aes-128-ccm | |
aes-128-cfb | V9l65N66HA+9f88= |
aes-128-cfb1 | P34iY0gaJF4voL0= |
aes-128-cfb8 | V2sitTBJ6VdOhnA= |
aes-128-ctr | V9l65N66HA+9f88= |
aes-128-gcm | |
aes-128-ocb | |
aes-128-ofb | V9l65N66HA+9f88= |
aes-128-xts | |
aes-192-cbc | I/c+oTflZq4o1NJLeoVPQg== |
aes-192-ccm | |
aes-192-cfb | m9BYop2PYpfdx5w= |
aes-192-cfb1 | 8bjVc9amKbDpyaE= |
aes-192-cfb8 | m2KqRZeurMhLBtY= |
aes-192-ctr | m9BYop2PYpfdx5w= |
aes-192-gcm | |
aes-192-ocb | |
aes-192-ofb | m9BYop2PYpfdx5w= |
aes-256-cbc | JnlvjtobKmtooysJBSCozw== |
aes-256-cbc-hmac-sha1 | JnlvjtobKmtooysJBSCozw== |
aes-256-cbc-hmac-sha256 | JnlvjtobKmtooysJBSCozw== |
aes-256-ccm | |
aes-256-cfb | 7aXxSJNwub2Ye5c= |
aes-256-cfb1 | i/ZtLDxguNs08lg= |
aes-256-cfb8 | 7eE6z66spfM9nJE= |
aes-256-ctr | 7aXxSJNwub2Ye5c= |
aes-256-gcm | |
aes-256-ocb | |
aes-256-ofb | 7aXxSJNwub2Ye5c= |
aes-256-xts | |
aria-128-cbc | WH8Fuy7KhR9TFgzOnZYcCg== |
aria-128-ccm | |
aria-128-cfb | enCXDE4xQdoJ7pE= |
aria-128-cfb1 | JPAdkSK+iBBJ0XY= |
aria-128-cfb8 | ehHsJofE+v4KzSI= |
aria-128-ctr | enCXDE4xQdoJ7pE= |
aria-128-gcm | |
aria-128-ofb | enCXDE4xQdoJ7pE= |
aria-192-cbc | CLXj8QfJ2RY2NawjSBqMgQ== |
aria-192-ccm | |
aria-192-cfb | 5GJablsuDcYP69k= |
aria-192-cfb1 | 7SzTutUwRH2L910= |
aria-192-cfb8 | 5LYB6zw8yst6ag8= |
aria-192-ctr | 5GJablsuDcYP69k= |
aria-192-gcm | |
aria-192-ofb | 5GJablsuDcYP69k= |
aria-256-cbc | Y5fs+eHZf3snNL9QQhpaGA== |
aria-256-ccm | |
aria-256-cfb | 8zhm7aA27eodXfA= |
aria-256-cfb1 | pcBbryH0TX1UNL8= |
aria-256-cfb8 | 83SPYq13iZJzzic= |
aria-256-ctr | 8zhm7aA27eodXfA= |
aria-256-gcm | |
aria-256-ofb | 8zhm7aA27eodXfA= |
bf-cbc | VLSi9seqGmrn7KnXPapm8A== |
bf-cfb | f8mmdVCo7Uww5jc= |
bf-ofb | f8mmdVCo7UzU8wU= |
camellia-128-cbc | 491yd6MagG25BCdwLM/nNg== |
camellia-128-cfb | DDKxFYBmAkgixFc= |
camellia-128-cfb1 | Kikuap4iagPBYl0= |
camellia-128-cfb8 | DN/7Tje7kxTsE5c= |
camellia-128-ctr | DDKxFYBmAkgixFc= |
camellia-128-ofb | DDKxFYBmAkgixFc= |
camellia-192-cbc | +VYFF2J0JfAADk0NSE3kuA== |
camellia-192-cfb | Z9HQGftsMvPMn18= |
camellia-192-cfb1 | KwRG/z4fSjQLDpw= |
camellia-192-cfb8 | Z27qRzSh8mFDpsY= |
camellia-192-ctr | Z9HQGftsMvPMn18= |
camellia-192-ofb | Z9HQGftsMvPMn18= |
camellia-256-cbc | VXv+PODEogoJqurn5+uPCg== |
camellia-256-cfb | CFFlISvuzGQ5xdA= |
camellia-256-cfb1 | IEj2KyKEyoNnrug= |
camellia-256-cfb8 | CEzwtTPKq7bcUes= |
camellia-256-ctr | CFFlISvuzGQ5xdA= |
camellia-256-ofb | CFFlISvuzGQ5xdA= |
cast5-cbc | mc8jZ5CYw/L+elcwpws5IQ== |
cast5-cfb | IvUzg2XlCEVCzPI= |
cast5-ofb | IvUzg2XlCEXcJXw= |
chacha20 | R4jRnZHBDaR1bl8= |
chacha20-poly1305 | |
id-aes128-CCM | |
id-aes128-GCM | |
id-aes128-wrap | |
id-aes128-wrap-pad | |
id-aes192-CCM | |
id-aes192-GCM | |
id-aes192-wrap | |
id-aes192-wrap-pad | |
id-aes256-CCM | |
id-aes256-GCM | |
id-aes256-wrap | |
id-aes256-wrap-pad | |
idea-cbc | MZExATGoMLQFtwVBytvLYw== |
idea-cfb | MTExMTEwMDQEowQ= |
idea-ofb | MTExMTEwMDQ1MzU= |
seed-cbc | 8WoAM46w9lE1opbMDcjwqA== |
seed-cfb | oVms1EmjQCpAIiw= |
seed-ofb | oVms1EmjQCpAIiw= |
sm4-cbc | |
sm4-cfb | |
sm4-ctr | |
sm4-ofb | |
aes128 | nP/zXDr4u0wJgeiMZ2a0xQ== |
aes128-wrap | |
aes192 | I/c+oTflZq4o1NJLeoVPQg== |
aes192-wrap | |
aes256 | JnlvjtobKmtooysJBSCozw== |
aes256-wrap | |
aria128 | WH8Fuy7KhR9TFgzOnZYcCg== |
aria192 | CLXj8QfJ2RY2NawjSBqMgQ== |
aria256 | Y5fs+eHZf3snNL9QQhpaGA== |
bf | VLSi9seqGmrn7KnXPapm8A== |
blowfish | VLSi9seqGmrn7KnXPapm8A== |
camellia128 | 491yd6MagG25BCdwLM/nNg== |
camellia192 | +VYFF2J0JfAADk0NSE3kuA== |
camellia256 | VXv+PODEogoJqurn5+uPCg== |
cast | mc8jZ5CYw/L+elcwpws5IQ== |
cast-cbc | mc8jZ5CYw/L+elcwpws5IQ== |
idea | MZExATGoMLQFtwVBytvLYw== |
seed | 8WoAM46w9lE1opbMDcjwqA== |
sm4 |
Some of these have given similar results, but none of them exactly (7Za9kHM9OH6tKTrtxy86gw==). The only relationship that can be understood is:
1. The length of all encrypted texts is fixed at 24 characters. (11 characters for plain text)
2. At the end of each encrypted text, the = sign is repeated twice.
3. The encryption method is constant over time and the website does not change it.
Solving this problem will help us get the data we want about those 60,000 cases. If the problem is not resolved, there is no other solution.
Now, based on having a limited number of plain and encrypted text, how to indentify the $cipher_algo and $passphrase?
best regard!