-
Anyone Identify this?
Hey all, just curious if anyone can identify this:
3B%2f%2b2cuPYhjQtkWz3xgCtGqxtAgQJKM7U7NWk7u5nrnNKt%2fM4puXZY6yUti6uynL8CUNJwkkD%2foxrtGj5vqGihZstSV3jb6a2MPlEsColo8t4nMPdI79NmwfTiC2pGwV%2fQTsDE18mT64tI3ZflhfA6PoHT8ndjV6M%2fpUKZh%2fGylat4lWaXDD7J4W6fd1PwRaXnGit1PYYE%2fj%2frjwCD5UCg2Ye8yyZ%2b0VwrvaO%2fjs05cl28jcMLqFU43DzzfaKKX8JClXmMzoOIF6cYWXzqJ26khyAwpyOj0cUv%2bK50%2fAUog3k7zJjo6tKhZbx0LOzJta
This is from some source from a webpage, and i am sure that some is URL octal (ie %25, etc.)
If curious it is hidden form data that is being submitted...
Thanks in advance.....
-
Its the encryption of something. We cannot decrypt it without having the right algorithm. Is there a Paypal icon on the website where u can send payments through?
-
and the source code for the rest of the page?
sorry.. I'm not much good.. but for me.. the source for the page tells me more than the code itself.. could we bother you to doo that.. I would recommend that you zip it and attach it to your post.. just incase it is some malware
Cheers
-
No there is not, this is actually from Mapquest.com
It is the data that is calling the Map. I know that in the address bar you can change the link to, but i am trying to not have a link, but have just the map.....and i need to be able to use this over 500+ sites...
-
To help clarify this is the HTML link with the encryted or scrambled data:
<a href="/maps/map.adp?ovi=1&zoom=7&mapdata=3B%2f%2b2cuPYhjQtkWz3xgCtGqxtAgQJKM7U7NWk7u5nrnNKt%2fM4puXZY6yUti6uynL8CUNJwkkD%2foxrtGj5vqGihZstSV3jb6a2MPlEsColo8t4nMPdI79NmwfTiC2pGwV%2fQTsDE18mT64tI3ZflhfA6PoHT8ndjV6M%2fpUKZh%2fGylat4lWaXDD7J4W6fd1PwRaXnGit1PYYE%2fj%2frjwCD5UCg2Ye8yyZ%2b0VwrvaO%2fjs05cl28jcMLqFU43DzzfaKKX8JClXmMzoOIF6cYWXzqJ26khyAwpyOj0cUv%2bK50%2fAUog3k7zJjo6tKhZbx0LOzJta">
This is a result of:
http://www.mapquest.com/maps/map.adp...submit=Get+Map
Hope this helps.
-
A wild guess, but it looks almost like a PGP key? is it some way they are using to prevent people from "hot linking" to their maps and screwing their bandwidth?
I had a look at their privacy policy...............hmmmmmmmmmmmm
Might get myself a copy of the latest "bugnosis" and see what they are up to..........they imply that they may/do use web bugs?
::hide-beh
-
I am sure that is what it is in place for,
unfortunately, Mapquest Sales doesn't have a solution that meets my needs, so this was just something that i was toying with...
Thanks....
-
Page encryption
It doesn't look like PGP to me, or it would have PGP at the beginning and end of the algorithm. It looks to me like some form of page encryption used either by the server or software encryption used by the program itself to display map information and protect it from either copyright infringement or bandwidth theft by linking.
-
Re: Page encryption
Three suggestions, one dealing with a possible solution, and the other two with what the data might be.
A possible solution might be pulling the image out of your browser's cache...
two possible suggestions as to what that data might be
1) it may be an encoded message to their server giving the exact location of the map that needs to be pulled up
otherwise,
2) it is the location of a temporary cache on their server that contains your map.
i know my suggestions on what the data might be are kind of weak, but i do hope that my first suggestion helps you since that is what i did for a web page that i made for my dad's work.
-
it is most likely global coordinates, encoded in some form, not for security necessarily, but for identification, look how little the readable portion of the text tells you and consider how much information it must take to give an exact location on the planet. it would be easier to save the map as a pic and post it on the sites as an image.
-
maybe its just a part of a masked URL
for eg the masked url of
the address http://www.antionline.com/showthread...hreadid=256810
after masking would be exactly like this
http://%77%77%77%2E%61%6E%74%69%6F%6...35%36%38%31%30
-
maybe its just a part of a certain masked url
for egzample
this address http://www.antionline.com/showthread...hreadid=256810
would be like this one after masking
%77%77%77%2E%61%6E%74%69%6F%6E%6C%69%6E%65%2E%63%6F%6D%2F%73%68%6F%77%74%68%72%65%61%64%2E%70%68%70%3F%73%3D%26%74%68%72%65%61%64%69%64%3D%32%35%36%38%31%30
-
"Hey all, just curious if anyone can identify this:
3B%2f%2b2cuPYhjQtkWz3xgCtGqxtAgQJKM7U7NWk7u5nrnNKt
%2fM4puXZY6yUti6uynL8CUNJwkkD%2foxrtGj5vqGihZstSV3
jb6a2MPlEsColo8t4nMPdI79NmwfTiC2pGwV%2fQTsDE18mT64
tI3ZflhfA6PoHT8ndjV6M%2fpUKZh%2fGylat4lWaXDD7J4W6f
d1PwRaXnGit1PYYE%2fj%2frjwCD5UCg2Ye8yyZ%2b0VwrvaO%
2fjs05cl28jcMLqFU43DzzfaKKX8JClXmMzoOIF6cYWXzqJ26k
hyAwpyOj0cUv%2bK50%2fAUog3k7zJjo6tKhZbx0LOzJta
This is from some source from a webpage, and i am sure that some is URL octal (ie %25, etc.)
If curious it is hidden form data that is being submitted...
Thanks in advance....."
Well, the %2f etc. parts are Hex. The prefix '%', '\x', '0x', suffix 'h' etc all denote that hex will be represented. If it was octal it would look like this:
http://00000000317.000262.0000052.00...cure.htm#octal
Notice the many 0's as the prefixes.
Some Hex codes represented as dwords and/or quadwords could've maybe went into that too.
Note: It's not "illegal" to obscure URL's by mixing decimal, octal, and hex all together within the URL's or even webpage source code.
-
I don't have the answer.. but I do have a suggestion for 'next steps'
Try the request again and verify you have the data... if so, we're going to have some fun.
Try changing the request oh-so-slightly.. perhaps instead of 100 Main St. do 101 Main St... now look at the data again. Is it totally different or did only parts change?
pick out the parts that changed and start fooling with them.. get an idea of what changes what (clear as mud?).
%2 looks like a "space" .. % never appears without a 2 to the right. that is a consistansy.
Lets re write it...
3B%2
f%2
b2cuPYhjQtkWz3xgCtGqxtAgQJKM7U7NWk7u5nrnNKt%2
fM4puXZY6yUti6uynL8CUNJwkkD%2
foxrtGj5vqGihZstSV3jb6a2MPlEsColo8t4nMPdI79NmwfTiC2pGwV%2
fQTsDE18mT64tI3ZflhfA6PoHT8ndjV6M%2
fpUKZh%2
fGylat4lWaXDD7J4W6fd1PwRaXnGit1PYYE%2
fj%2
frjwCD5UCg2Ye8yyZ%2
b0VwrvaO%2
fjs05cl28jcMLqFU43DzzfaKKX8JClXmMzoOIF6cYWXzqJ26khyAwpyOj0cUv%2
bK50%2
fAUog3k7zJjo6tKhZbx0LOzJta
It looks like there are 14 seperate fields.. or pieces of data... a lot of them start with 'f' ...what other things do you notice? Chances are this is homegrown encryption.. it is nothing I recognize... cracking code is fun man.. play with it :)
<EDIT>
Are these driving directions? It looks like it can actually be seperated into two parts.. look at it... do you see the two sections?
Section 1:
3B%2
f%2
b2cuPYhjQtkWz3xgCtGqxtAgQJKM7U7NWk7u5nrnNKt%2
fM4puXZY6yUti6uynL8CUNJwkkD%2
foxrtGj5vqGihZstSV3jb6a2MPlEsColo8t4nMPdI79NmwfTiC2pGwV%2
fQTsDE18mT64tI3ZflhfA6PoHT8ndjV6M%2
fpUKZh%2
fGylat4lWaXDD7J4W6fd1PwRaXnGit1PYYE%2
Section 2:
fj%2
frjwCD5UCg2Ye8yyZ%2
b0VwrvaO%2
fjs05cl28jcMLqFU43DzzfaKKX8JClXmMzoOIF6cYWXzqJ26khyAwpyOj0cUv%2
bK50%2
fAUog3k7zJjo6tKhZbx0LOzJta
.. or maybe not... heh.. but thats what cracking code is about ;)
-
i have no idea what the data is and it really doesn't matter to get a map to load. below is a request made from mapquest's search page for 1 world trade plaza new york ny
http://www.mapquest.com/maps/map.adp...rch=++Search++
changed so it can be read:
hXXp://XXX.mapquest.com/maps/map.adp?country=US&countryid=US&addtohistory=&searchtab=address&searchtype=address&address=1+world+trade+plaza&city=new+york+&state=ny&zipcode=&search=++Search++
its easy to see how the request is made to the server and the address can be substituted with any other address. set a page to load using this address as the source and its a done deal. replace the number, street etc with variables and you've got your own map search
