32 votes

When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number

6 comments

  1. [5]
    Odpop
    (edited )
    Link
    That was pretty interesting to read, who is this dude? His writing style was pretty entertaining EDIT: just did a bit of searching, this is him apparently. He did a talk on PyCon as well where he...

    That was pretty interesting to read, who is this dude? His writing style was pretty entertaining

    EDIT: just did a bit of searching, this is him apparently. He did a talk on PyCon as well where he talked about graphing when your Facebook friends are awake

    EDIT2: anybody have an idea about the password protected mango.pdf file? Have been going at it for 10 minutes now but can't seem to find it

    9 votes
    1. [4]
      p4t44
      Link Parent
      Try going right-click inspect element on the link to the PDF file.

      EDIT2: anybody have an idea about the password protected mango.pdf file? Have been going at it for 10 minutes now but can't seem to find it

      Try going right-click inspect element on the link to the PDF file.

      3 votes
      1. [3]
        Odpop
        Link Parent
        Ahh fuck, I can't believe I missed that. Had gone through the entire pages html -_- Any idea what sort of encryption/hash is that? Am not a security guy not sure how to decode it

        Ahh fuck, I can't believe I missed that. Had gone through the entire pages html -_-

        Any idea what sort of encryption/hash is that? Am not a security guy not sure how to decode it

        1 vote
        1. thistle
          (edited )
          Link Parent
          I managed to decode it. SPOILERS! Don't click unless you're really ready to give up. Once you get into the pdf using the password found by inspect-elementing the link on the homepage, you find...

          I managed to decode it.

          SPOILERS! Don't click unless you're really ready to give up. Once you get into the pdf using the password found by inspect-elementing the link on the homepage, you find this:
          cGJhdGVuZ2h5bmd2YmFmLCBsYmggZmJ5aXJxIHpsIHlodnR2IGNobW15ci4gQCB6ciBiYSBnanZnZ3JlIGp2Z3UgbGJoZSBzbmliaGV2Z3IgcXJmZnJlZyBnYiB0cmcgbGJoZSBlcmpuZXEuIFZnJ2YgeXZ4ciwgYWJnIG4gaXJlbCB0YmJxIGVyam5lcSBmYiBodQo=
          

          The clues to the encoding are:

          1. the little equals sign on the end is an immediate giveaway that it's base64 encoding, since the = is used as padding.
          2. other than that, it's only ascii letters and numbers, another mark of base64

          Once we decode it from base64, we get:

          pbatenghyngvbaf, lbh fbyirq zl yhvtv chmmyr. @ zr ba gjvggre jvgu lbhe snibhevgr qrffreg gb trg lbhe erjneq. Vg'f yvxr, abg n irel tbbq erjneq fb hu
          

          This is encoded in a different way. A quick guess would be a Caeser Cipher where every letter is moved by a set amount. For example, with an offset of 3, a -> d, y -> b, r -> u, etc.

          I wrote this quick programme to solve this by trying offsets between 1 - 26:

          coded = "pbatenghyngvbaf, lbh fbyirq zl yhvtv chmmyr. @ zr ba gjvggre jvgu lbhe snibhevgr qrffreg gb trg lbhe erjneq. Vg'f yvxr, abg n irel tbbq erjneq fb hu"
          
          base = ord("a")
          for i in range(1, 26):
              out = ""
              for char in coded:
                  # only transpose alphanumeric characters
                  if 97 <= ord(char) <= 122:
                      out += chr(base + (ord(char) + i - base) % 26)
                  else:
                      out += char
              print(i, out)
          

          You then get this output:

          1 qcbufohizohwcbg, mci gczjsr am ziwuw dinnzs. @ as cb hkwhhsf kwhv mcif tojcifwhs rsggsfh hc ush mcif fskofr. Vh'g zwys, bch o jsfm uccr fskofr gc iv
          2 rdcvgpijapixdch, ndj hdakts bn ajxvx ejooat. @ bt dc ilxiitg lxiw ndjg upkdjgxit sthhtgi id vti ndjg gtlpgs. Vi'h axzt, cdi p ktgn vdds gtlpgs hd jw
          3 sedwhqjkbqjyedi, oek ieblut co bkywy fkppbu. @ cu ed jmyjjuh myjx oekh vqlekhyju tuiiuhj je wuj oekh humqht. Vj'i byau, dej q luho weet humqht ie kx
          4 tfexirklcrkzfej, pfl jfcmvu dp clzxz glqqcv. @ dv fe knzkkvi nzky pfli wrmflizkv uvjjvik kf xvk pfli ivnriu. Vk'j czbv, efk r mvip xffu ivnriu jf ly
          5 ugfyjslmdslagfk, qgm kgdnwv eq dmaya hmrrdw. @ ew gf loallwj oalz qgmj xsngmjalw vwkkwjl lg ywl qgmj jwosjv. Vl'k dacw, fgl s nwjq yggv jwosjv kg mz
          6 vhgzktmnetmbhgl, rhn lheoxw fr enbzb inssex. @ fx hg mpbmmxk pbma rhnk ytohnkbmx wxllxkm mh zxm rhnk kxptkw. Vm'l ebdx, ghm t oxkr zhhw kxptkw lh na
          7 wihalunofuncihm, sio mifpyx gs focac jottfy. @ gy ih nqcnnyl qcnb siol zupiolcny xymmyln ni ayn siol lyqulx. Vn'm fcey, hin u pyls aiix lyqulx mi ob
          8 xjibmvopgvodjin, tjp njgqzy ht gpdbd kpuugz. @ hz ji ordoozm rdoc tjpm avqjpmdoz yznnzmo oj bzo tjpm mzrvmy. Vo'n gdfz, ijo v qzmt bjjy mzrvmy nj pc
          9 ykjcnwpqhwpekjo, ukq okhraz iu hqece lqvvha. @ ia kj pseppan sepd ukqn bwrkqnepa zaooanp pk cap ukqn naswnz. Vp'o hega, jkp w ranu ckkz naswnz ok qd
          10 zlkdoxqrixqflkp, vlr plisba jv irfdf mrwwib. @ jb lk qtfqqbo tfqe vlro cxslrofqb abppboq ql dbq vlro obtxoa. Vq'p ifhb, klq x sbov dlla obtxoa pl re
          11 amlepyrsjyrgmlq, wms qmjtcb kw jsgeg nsxxjc. @ kc ml rugrrcp ugrf wmsp dytmspgrc bcqqcpr rm ecr wmsp pcuypb. Vr'q jgic, lmr y tcpw emmb pcuypb qm sf
          12 bnmfqzstkzshnmr, xnt rnkudc lx kthfh otyykd. @ ld nm svhssdq vhsg xntq ezuntqhsd cdrrdqs sn fds xntq qdvzqc. Vs'r khjd, mns z udqx fnnc qdvzqc rn tg
          13 congratulations, you solved my luigi puzzle. @ me on twitter with your favourite dessert to get your reward. Vt's like, not a very good reward so uh
          14 dpohsbuvmbujpot, zpv tpmwfe nz mvjhj qvaamf. @ nf po uxjuufs xjui zpvs gbwpvsjuf efttfsu up hfu zpvs sfxbse. Vu't mjlf, opu b wfsz hppe sfxbse tp vi
          15 eqpitcvwncvkqpu, aqw uqnxgf oa nwkik rwbbng. @ og qp vykvvgt ykvj aqwt hcxqwtkvg fguugtv vq igv aqwt tgyctf. Vv'u nkmg, pqv c xgta iqqf tgyctf uq wj
          16 frqjudwxodwlrqv, brx vroyhg pb oxljl sxccoh. @ ph rq wzlwwhu zlwk brxu idyrxulwh ghvvhuw wr jhw brxu uhzdug. Vw'v olnh, qrw d yhub jrrg uhzdug vr xk
          17 gsrkvexypexmsrw, csy wspzih qc pymkm tyddpi. @ qi sr xamxxiv amxl csyv jezsyvmxi hiwwivx xs kix csyv viaevh. Vx'w pmoi, rsx e zivc kssh viaevh ws yl
          18 htslwfyzqfyntsx, dtz xtqaji rd qznln uzeeqj. @ rj ts ybnyyjw bnym dtzw kfatzwnyj ijxxjwy yt ljy dtzw wjbfwi. Vy'x qnpj, sty f ajwd ltti wjbfwi xt zm
          19 iutmxgzargzouty, eua yurbkj se raomo vaffrk. @ sk ut zcozzkx cozn euax lgbuaxozk jkyykxz zu mkz euax xkcgxj. Vz'y roqk, tuz g bkxe muuj xkcgxj yu an
          20 jvunyhabshapvuz, fvb zvsclk tf sbpnp wbggsl. @ tl vu adpaaly dpao fvby mhcvbypal klzzlya av nla fvby yldhyk. Va'z sprl, uva h clyf nvvk yldhyk zv bo
          21 kwvozibctibqwva, gwc awtdml ug tcqoq xchhtm. @ um wv beqbbmz eqbp gwcz nidwczqbm lmaamzb bw omb gwcz zmeizl. Vb'a tqsm, vwb i dmzg owwl zmeizl aw cp
          22 lxwpajcdujcrxwb, hxd bxuenm vh udrpr ydiiun. @ vn xw cfrccna frcq hxda ojexdarcn mnbbnac cx pnc hxda anfjam. Vc'b urtn, wxc j enah pxxm anfjam bx dq
          23 myxqbkdevkdsyxc, iye cyvfon wi vesqs zejjvo. @ wo yx dgsddob gsdr iyeb pkfyebsdo noccobd dy qod iyeb bogkbn. Vd'c vsuo, xyd k fobi qyyn bogkbn cy er
          24 nzyrclefwletzyd, jzf dzwgpo xj wftrt afkkwp. @ xp zy ehteepc htes jzfc qlgzfctep opddpce ez rpe jzfc cphlco. Ve'd wtvp, yze l gpcj rzzo cphlco dz fs
          25 oazsdmfgxmfuaze, kag eaxhqp yk xgusu bgllxq. @ yq az fiuffqd iuft kagd rmhagdufq pqeeqdf fa sqf kagd dqimdp. Vf'e xuwq, zaf m hqdk saap dqimdp ea gt
          

          We can see that an offset of 13 gives us the decoded text!

          Sorry for spoiling it, but I did warn you.

          2 votes
  2. emdash
    Link
    Ah, aviation booking management portals and Amadeus I/O codes. Given how terribly strict security tries to be physically at airports, it's remarkable just how comparatively the aviation web is a...

    Ah, aviation booking management portals and Amadeus I/O codes. Given how terribly strict security tries to be physically at airports, it's remarkable just how comparatively the aviation web is a wild west of leaky colanders and trivial access to "private" information. Loved this blog post though, Alex did a great job and the prose of this article is humorous and enjoyable.

    5 votes