Here was the original image. We have hexidecimal, qr code, and caesar cipher. Hexidecimal became a random string of characters, but I found that the anon who translated it to this forgot a few characters.
The qr code result is here
I found myself unable to decode the base64
The Caesar cipher is shifted 17 to say PAY ATTENTION TO THE COLORS
There's probably a message hidden if you open the image as a txt file, but Amaze isn't cooperating with me right now.
Never mind, there wasn't a message found if you open it as a txt file.
Yes, I've wondered how though. Blue, orange, and maybe transparent if you count it. Perhaps their hexidecimal values would help?
We have Blue(049eef), Orange(fb860c) and transparent if that counts.
The code on the top is shorter than SHA-256 but longer than MD5 and SHA-1
FB C5 11 57 D2 AC 6F BE F7 9D 76 9A 7A 57 E8 7A 3F 67 08 53 90 14 20 17
Pretty sure its Tiger, does anyone has good hardware for a brutforce attack? :)
no idea, but here's that base64 blob decoded into its hex values:7F 8B 89 33 37 B5 9B F9 0C 2F 1C 8A 4F 20 2C 9A
E1 A1 9C D4 3B D4 F3 D2 C8 EF 3B DB 0D A0 A0 18
CB B4 1C F2 8B 01 A9 9C 10 42 89 F8 C7 4D 12 5C
40 F2 34 57 2A 2C 1C CF DE 86 45 5C F4 3D A2 6B
7B 4E 79 28 24 AA 52 D1 3F 24 95 67 53 27 AC B7
AE E2 2F C3 C4 31 D1 4F 8C DC 83 86 2F 06 EE C7
87 BA 35 02 6F 85 17 B6 BD 41 3E C4 DB 2C A2 E0
83 81 AA D0 2E A3 AE BB EF 45 02 10 1A 10 8F D5
EA 77 B5 08 45 3C C8 8B F7 95 47 90 1F A1 B3 9A
you can shift/salt base64 with any value/string
you have to then unencode it using the same value
>You can't salt Base64
code snippet example of what i mean
modified encode/decode base64 functions
you can make it so you cannot decode an encoded base64 string which used a randomized base string of legal characters (like bac instead of abc) without using a modified version of the functions
tons of places do this
to be more clear_i_fu: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
is actually randomized like_i_fu: "CHfYJZKABeIDgEpikFjhGLaPNQRqdMcOsTWUruVXSvbnomtl0z1xwy342567+98/="
if you don't know the seed (key/salt/whatever you want to call it) which was used to randomize it, then you're fucked
Ok, yeah, I get what you mean now.
But that seems overly complicated. I think it's more likely that the base64 content in the QR code is simply the output of some encryption algorithm, which is a common practice.
One of the clues was already the Caesar cipher, which was child's play to crack, and it shouldn't be lost that the shift was 17, which is a favorite prime number of mathematicians. I would anticipate a more advanced encryption somewhere in this thing. Feel free to go down that path and let us know if it leads anywhere, I'm gonna try and just decrypt the content.
>I think it's more likely that the base64 content in the QR code is simply the output
no, if that was the case "==" would not appear in the middle of the code
it would only be able to appear at the end in normal base64 encoding.
Ok, yeah, your theory sounds more plausible now. So how does the seed work? Put your seed word first/last and then just put in the rest of the alphabet? There's no way we could try all the permutations, since there are 64! of them. What are the most common strategies?
I don't know, but here are some modified base64 alphabets to try:// orange
I got no fucking idea what I'm supposed to do, was just reading thread because interested
I could run whatever, the server is in my room with me. Family went out black friday shopping (kek)
Ah I see
so if I randomized x amount of characters with assuming we can do alphanumeric since it's just sentences we're after.. and never repeated them
and just kept going until the one matched whatever I was trying to match
I wouldn't know how to multi thread that though