0

I'm attempting to reverse engineer an application of base64 encoding which is utilised by a third party project, so I can create a custom UI. My method has been successful with one example but appears to not quite be hitting the mark in other examples (a few characters which aren't quite right). 

AQAAAAAAGQBec2lwOigwMjAxMjM0NTZbMC05XSspQC4qFwBzaXA6MDIwMTIyMTEzQDEyNy4wLjAuMQAA

^^ actual base64 encoding within database

AQAAAAAAEABec2lwOigwMjAxMjM0NTZbMC05XSspQC4qEwBzaXA6MDIwMTIyMTEzQDEyNy4wLjAuMQoA

^^ best attempt to match with PHP method

Due to control characters I've implemented some json encoding to make it easier to identify the strings which are being used for variables. The strings match for this example but the base64 encoding result is different to the actual which is expected.

$actualfour = 'AQAAAAAAGQBec2lwOigwMjAxMjM0NTZbMC05XSspQC4qFwBzaXA6MDIwMTIyMTEzQDEyNy4wLjAuMQAA';
echo "".$actualfour;
echo "<br />";

    $four = chr(01);
    $four .= chr(00);
    $four .= chr(00);
    $four .= chr(00);
    $four .= chr(00);
    $four .= chr(00);
    $four .= chr(16);
    $four .= chr(00);
    $four .= '^sip:(020123456[0-9]+)@.*';
    $four .= chr(19);
    $four .= chr(00);
    $four .= 'sip:020122113@127.0.0.1
'.chr(00);

$jsonfour = json_encode($four);
echo "unencoded: ".$jsonfour;
echo "<br />";
$encodefour = base64_encode($four);
echo "".$encodefour;
echo "<br />";
$jsonencodefour = json_encode(base64_decode($encodefour));
echo "encoded: ".$jsonencodefour;
echo "<br />";

if ($encodefour != $actualfour) { echo "FAIL"; } else { echo "PASS"; }

^^ Code Method

AQAAAAAAGQBec2lwOigwMjAxMjM0NTZbMC05XSspQC4qFwBzaXA6MDIwMTIyMTEzQDEyNy4wLjAuMQAA
unencoded: "\u0001\u0000\u0000\u0000\u0000\u0000\u0010\u0000^sip:(020123456[0-9]+)@.*\u0013\u0000sip:020122113@127.0.0.1\n\u0000"
AQAAAAAAEABec2lwOigwMjAxMjM0NTZbMC05XSspQC4qEwBzaXA6MDIwMTIyMTEzQDEyNy4wLjAuMQoA
encoded:   "\u0001\u0000\u0000\u0000\u0000\u0000\u0010\u0000^sip:(020123456[0-9]+)@.*\u0013\u0000sip:020122113@127.0.0.1\n\u0000"
FAIL

^^ Output

Marc B
  • 356,200
  • 43
  • 426
  • 500

1 Answers1

0

You have several errors in $four.

  • chr(16) should be chr(0x19) or chr(25)
  • chr(13) should be chr(0x17) or chr(23)
  • The newline after 127.0.0.1 should be chr(00)

Here's the correct $four:

$four = chr(01);
$four .= chr(00);
$four .= chr(00);
$four .= chr(00);
$four .= chr(00);
$four .= chr(00);
$four .= chr(0x19);
$four .= chr(00);
$four .= '^sip:(020123456[0-9]+)@.*';
$four .= chr(0x17);
$four .= chr(00);
$four .= 'sip:020122113@127.0.0.1'.chr(00).chr(00);

You can find all these discrepancies by comparing json_encode(base64_decode($actualfour)) with json_encode($four). Remember that when it shows a control character as \u#### that the number is hex, not decimal.

Barmar
  • 741,623
  • 53
  • 500
  • 612