5 Replies Latest reply on Jul 6, 2006 12:18 PM by MikerRoo

# decrypt very hard

Hello,

i need to decrypt this value : 2473956973646702746277610666

other values known :
- id1 = 1234
- id2 1241

the method to encrypt it is :

1) concatenate id1 with 4 digits + a timestamp (YYMMDDHHMMSS) + sessionid (12bytes) then convert it to integer.

2) concatenate 7 times a id2 (4 bytes) and convert it to "big integer"

3) do a XOR beetwen this two "big integer"

4) convert the result in string.

so at the end, we able to retrieve id1, timestamp, and sessionid

very hard to do this. need some idea that 'll help me.

thx.
• ###### 1. Re: decrypt very hard
It's important to know if any values are in hex -- specifically sessionid.
(The code below assumes not.)

Anyway, CF is limited to 32 bit math. So, to save a TON of grief we use Java for this.
See the attached code...

• ###### 2. Re: decrypt very hard
Hello Miker roo

many thanks for help. it seems to be correct except for the sessionid.
Normaly the sessionid is on 12 bytes.

but i'm guilty, i omit to indicate that
5) extract the 16 last digit from the string and convert it to int.

can help me on that point please.

many, many thx.

• ###### 3. Re: decrypt very hard
Please provide a full example of the source data and what the session ID is supposed to be.

For the first example you posted, the session ID is "000004763331" which is only twelve bytes.
My code converted that to an int, "4763331" which you can do math on if you wish.

If you take the last 16 of your first example, you get "2536000004763331" which starts with the minutes and seconds!

You can get the last 16 "bytes" like so:
sLast16 = REReplace (Right (sLWord1, 16), "^0*([^0].*)\$", "\1");

So, for a given: (1) coded value, (2) id1, and (3) id2; please specify what the session ID should be.

• ###### 4. Re: decrypt very hard
hello mike,

so the full code is :

//

Get the session id back from the authorization string.

1.converts the string to a big integer,

2.creates a big integer made of the concatenation of the service provider key (4bytes) repeated 7 times,

3.do a xor between the two big integers,

4.converts the big integer to a string,

5.extract the 16 last digits from the string and convert it to int.

//

the authorization value is : 2473956970805653012124284394
.the id2 value is : 1241

you 're right withe the sessionid you return. the five zero before the value are needed.
you indicate to that i have to use a math (). i enable to retrieve the full value .

with this valid authorization value, the sessionid returns is : 4763523. i suppose it it is in reality 000004763523.
which math () do you use to retrieve the full value?
(i assume to be a little idiot....)