Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>You haven't provided nearly enough sample data for us to reliably guess even the alphabet used to encode it, much less what structure it might have.</p> <p>What I <em>can</em> tell, from the three sample values you've provided, is:</p> <ul> <li><p>There is quite a lot of redundancy in the data &mdash; compare e.g. <code>width=<b>Iypc</b>O<b>y</b>s<b>K</b></code> and <code>height=<b>Iypc</b>L<b>y</b>k<b>K</b></code> (and even <code>watermark=<b>I</b>S<b>p</b>QICA<b>K</b></code>, though that might be just coincidence). This suggests that the data is neither random nor securely encrypted (which would make it look random).</p></li> <li><p>The alphabet contains a fairly broad range of upper- and lowercase letters, from <code>A</code> to <code>S</code> and from <code>c</code> to <code>y</code>. Assuming that the alphabet consists of contiguous letter ranges, that means a palette of between 42 and 52 possible letters. Of course, we can't tell with any certainty from the samples whether other characters might also be used, so we can't even entirely rule out Base64.</p></li> <li><p>This is <em>not</em> the output of PHP's <code>base_convert</code> function, as I first guessed it might be: that function only handles bases up to 36, and doesn't output uppercase letters.</p></li> </ul> <p>That, however, is just about all. It would help to see some more data samples, ideally with the plaintext values they correspond to.</p> <hr> <p><strong>Edit:</strong> The <code>id</code> parameters you give in the comments are <em>definitely</em> in Base64. Besides the distinctive trailing <code>=</code> signs, they both decode to simple strings of nine printable ASCII characters followed by a line feed (hex <code>0A</code>):</p> <pre><code>_Base64___________Hex____________________________ASCII_____ JiJQPjNfT0MtCg== 26 22 50 3e 33 5f 4f 43 2d 0a &amp;"P&gt;3_OC-. JikwPClUPENICg== 26 29 30 3c 29 54 3c 43 48 0a &amp;)0&lt;)T&lt;CH. </code></pre> <p>(I've replaced non-printable characters with a <code>.</code> in the ASCII column above.) On the assumption that all the other parameters are Base64 too, let's see what they decode to:</p> <pre><code>_Base64___Hex________________ASCII_ ISpQICAK 21 2a 50 20 20 0a !*P . IypcOysK 23 2a 5c 3b 2b 0a #*\;+. IypcLykK 23 2a 5c 2f 29 0a #*\/). ISNAICAK 21 23 40 20 20 0a !#@ . IyNAPjIK 23 23 40 3e 32 0a ##@&gt;2. IyNAKjAK 23 23 40 2a 30 0a ##@*0. ISggICAK 21 28 20 20 20 0a !( . IikwICAK 22 29 30 20 20 0a ")0 . IilAPCAK 22 29 40 3c 20 0a ")@&lt; . </code></pre> <p>So there's definitely another encoding layer involved, but we can already see some patterns:</p> <ul> <li><p>All decoded values consist of a constant number of printable ASCII characters followed by a trailing line feed character. This cannot be a coincidence.</p></li> <li><p>Most of the characters are on the low end of the printable ASCII range (hex <code>20</code> &ndash; <code>7E</code>). In particular, the lowest printable ASCII character, space = hex <code>20</code>, is particularly common, especially in the <code>watermark</code> strings.</p></li> <li><p>The strings in each URL resemble each other more than they resemble the corresponding strings from other URLs. (But there are resemblances between URLs too: for example, all the decoded <code>watermark</code> values begin with <code>!</code> = hex <code>21</code>.)</p></li> </ul> <hr> <p>In fact, the highest numbered character that occurs in any of the strings is <code>_</code> = hex <code>5F</code>, while the lowest (excluding the line feeds) is space = hex <code>20</code>. Their difference is hex <code>3F</code> = decimal 63. Coincidence? I think not. I'll guess that the second encoding layer is similar to <a href="http://en.wikipedia.org/wiki/Uuencoding" rel="noreferrer">uuencoding</a>: the data is split into 6-bit groups (as in Base64), and each group is mapped to an ASCII character simply by adding hex <code>20</code> to it.</p> <p>In fact, it looks like the second layer might <em>be</em> uuencoding: the first bytes of each string have the right values to be uuencode length indicators. Let's see what we get if we try to decode them:</p> <pre><code>_Base64___________UUEnc______Hex________________ASCII___re-UUE____ JiJQPjNfT0MtCg== &amp;"P&gt;3_OC- 0b 07 93 fe f8 cd ...... &amp;"P&gt;3_OC- JikwPClUPENICg== &amp;)0&lt;)T&lt;CH 25 07 09 d1 c8 e8 %..... &amp;)0&lt;)T&lt;CH _Base64___UUEnc__Hex_______ASC__re-UUE____ ISpQICAK !*P 2b + !*P`` IypcOysK #*\;+ 2b c6 cb +.. #*\;+ IypcLykK #*\/) 2b c3 c9 +.. #*\/) ISNAICAK !#@ 0e . !#@`` IyNAPjIK ##@&gt;2 0e 07 92 ... ##@&gt;2 IyNAKjAK ##@*0 0e 02 90 ... ##@*0 ISggICAK !( 20 !(``` IikwICAK ")0 25 00 %. ")0`` IilAPCAK ")@&lt; 26 07 &amp;. ")@&lt;` </code></pre> <p>This is looking good:</p> <ul> <li><p>Uudecoding and re-encoding the data (using Perl's <code>unpack "u"</code> and <code>pack "u"</code>) produces the original string, except that trailing spaces are replaced with <code>`</code> characters (which falls within acceptable variation between encoders).</p></li> <li><p>The decoded strings are no longer printable ASCII, which suggests that we <em>might</em> be closer to the real data.</p></li> <li><p>The <code>watermark</code> strings are now single characters. In two cases out of three, they're prefixes of the corresponding <code>width</code> and <code>height</code> strings. (In the third case, which looks a bit different, the watermark might perhaps have been <em>added</em> to the other values.)</p></li> </ul> <hr> <p>One more piece of the puzzle &mdash; comparing the ID strings and corresponding numeric values you give in the comments, we see that:</p> <ul> <li>The numbers all have six digits. The first two digits of each number are the same.</li> <li>The uudecoded strings all have six bytes. The first two bytes of each string are the same.</li> </ul> <p>Coincidence? Again, I think not. Let's see what we get if we write the numbers out as ASCII strings, and XOR them with the uudecoded strings:</p> <pre><code>_Num_____ASCII_hex___________UUDecoded_ID________XOR______________ 406747 34 30 36 37 34 37 25 07 09 d1 c8 e8 11 37 3f e6 fc df 405174 34 30 35 31 37 34 25 07 0a d7 cb eb 11 37 3f e6 fc df 405273 34 30 35 32 37 33 25 07 0a d4 cb ec 11 37 3f e6 fc df </code></pre> <p>What is this <code>11 37 3f e6 fc df</code> string? I have no idea &mdash; it's mostly not printable ASCII &mdash; but XORing the uudecoded ID with it yields the corresponding ID number in three cases out of three.</p> <p>More to think about: you've provided two different ID strings for the value <code>405174</code>: <code>JiJQPjNfT0MtCg==</code> and <code>JikwPCpVXE9LCg==</code>. These decode to <code>0b 07 93 fe f8 cd</code> and <code>25 07 0a d7 cb eb</code> respectively, and their XOR is <code>2e 00 99 29 33 26</code>. The two URLs from which these ID strings came from have decoded watermarks of <code>0e</code> and <code>20</code> respectively, which accounts for the first byte (and the second byte is the same in both, anyway). Where the differences in the remaining four bytes come from is still a mystery to me.</p>
    singulars
    1. This table or related slice is empty.
    1. POFiguring out how to decode obfuscated URL parameters
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USIlmari Karonen
    1. USIlmari Karonen
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POFiguring out how to decode obfuscated URL parameters
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COThanks! That is the response I was looking for. id=JiJQPjNfT0MtCg%3D%3D&watermark=ISNAICAK&width=IyNAPjIK&height=IyNAKjAK is all I have... I think that the id parameter has the value of '405174', however I'm not totally sure about that.
      singulars
      1. PO
      1. USThomas
    2. COAlso found this one: id=JikwPClUPENICg%3D%3D&watermark=ISggICAK&width=IikwICAK&height=IilAPCAK
      singulars
      1. PO
      1. USThomas
    3. COThe ID parameter looks like base64, but it isn't, at least not only, because the result of a decode is '&)0<*U\OK'.
      singulars
      1. PO
      1. USThomas
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload