Google Blogoscoped

Forum

Google Encryption ...

Milly [PersonRank 10]

Monday, October 3, 2005
15 years ago

Google can be used to encrypt and decrypt messages.

The following message (all one line, no breaks or spaces) can be decrypted into plain text by Google in two clicks :-

NVBBSgRBDMR9gi-oo8oye5-beBBBBUXx3Ltb
TjfbkwyTjM18QvDHdi8KgZCkUqnK5c_m5ntzl9Phh
MiZcIWRGGkWBvZ4i8lQI-CL8wpLOa8oYYV-Qvd2W
OYkQ53-LWzhkQKL4dxPjpI8wnSkCsFsFVKiQsij
QaWy1ZMn0dJymCbKsa21AveqQyaeWQzvr48dHs
SrSPPKvcV-cYQ8qjkonmZWrsWYqxL013hZGlClx8f
ZWTUxNgPODrdihXOP6D71u10ppUtPzVp30PH_n1c
XvzYJY5o

The text comprises it's own brief explanation, and poses a question. I'll award a prize of fame and fortune to the first one to answer that question in a comment below.

Notes :-

1. The unscrambling is done by using Google pages *alone*: no browsing to third party information or resources is required.

2. I repeat, it can be done with *two* clicks.

3. Anyone can do it: you don't need a Google Account or API key.

4. Actually I don't have any fame or fortune to offer, so the prize is only a small feeling of smug satisfaction. Sorry, this is just for fun :-O

Milly

socrat3s [PersonRank 0]

15 years ago #

how 'bout a hint :)

petdog [PersonRank 1]

15 years ago #

crtl-v, enter, click on images... I made it with only one click :D

Philipp Lenssen [PersonRank 10]

15 years ago #

Huh?

Tony Ruscoe [PersonRank 10]

15 years ago #

I'm confused! Google only allows 256 characters in the search box so how can you enter all that? Even if you enter it in the Address bar, nothing special happens. Am I missing something?

This has had me going all day!

petdog [PersonRank 1]

15 years ago #

BTW: in the home page of google the input maxlenght is 256, but if you search for something it becomes 2048...

Tony Ruscoe [PersonRank 10]

15 years ago #

Yep – I noticed that, but still no cigar! I'll keep trying though...

Philipp Lenssen [PersonRank 10]

15 years ago #

Like Tony, I entered the string above (spaces deleted) into Google, but nothing was found.

Milly [PersonRank 10]

15 years ago #

socrat3s (and anyone), is it too soon for hints (or indeed the answer)? It's hard to judge the moment that intrigue (or at least vague interest) switches to boredom or annoyance. Perhaps I should ask Philip when to call time on the riddle?

petdog, that's a huh from me too: and it ain't nuffin to do with Images.

Tony, I'm glad it's got you going – and you're on *roughly* the right lines (maybe you need to be a little more off the beaten track :).

Of course it won't be as easy as appending the text to www.google.com/search?q= No, you'd have to hunt out the right URL root.

Though it can be approached from another angle (it's the angle from which I stumbled upon this thing, anyway). Let's see, an indirect hint for that angle: [google guid]

Milly

Philipp Lenssen [PersonRank 10]

15 years ago #

Milly, thanks for the hint. I think it's too soon for the answer :)

Cowblog on the riddle writes:

"My first reaction would be that this could be something to do with Google and Cookies or perhaps GMail. These are probably the most obvious places for encyption to be used. I looked at my google.com SID cookie and found it was 160 characters long whilst this code was 283 characters. In addition, the SID probably wouldn't have done much anyway and you'd have to tamper with the cookies to do anything."
cow.neondragon.net/index.php/1 ...

Milly [PersonRank 10]

15 years ago #

Thanks Philip.

Cowblog's post is interesting. Not Gmail though (my original Note 3 extends to not needing Gmail, Orkut, etc).

Milly

dxOne [PersonRank 1]

15 years ago #

when all spaces, – and _ are deleted G finds few news and location(gmaps). but no questions there...
so i'm still diggin

Tony Ruscoe [PersonRank 10]

15 years ago #

I already tried a few things with Gmail because I misread the original post (oops) and since then I've tried a few things, but still no luck.

Please don't tell us the answer for at least another day or so... :-)

This is a good one!

David Hergert [PersonRank 1]

15 years ago #

I am thinking something along the lines of Google cache possibly...

Dima T. [PersonRank 0]

15 years ago #

wow thats pretty hard :-
trying to solve...

Milly [PersonRank 10]

15 years ago #

dxOne, this server's formatting inserted some spaces where it broke the lines, but all the hyphens and underscores are needed.

For the avoidance of doubt, if you paste the text block above (after stripping the spaces, including any leading and trailing spaces) into this demo :-

pajhome.org.uk/crypt/md5/

You should get these outputs :-

MD4: 1523d5fc586d804e419c9cf7148ea1c1
  
MD5: 71ce25cf12479def2070e4d1362da056

SHA1: 672aed7921d101aa4cc19e89a8c43a7a24eced3f

Would someone please check that now, as reassurance that I'm not screwing things up.

(N.B. don't be mislead by my use of that page, and those hashes: it has *nothing* to do with the riddle; it's *only* to ensure we're all using the right text. Honest).

Tony, sorry, perhaps I should have specifically excluded Gmail. But I was afraid if I listed exclusions, any I forgot might be included by implication. And I can keep a secret for a few days, but I'm sure someone will beat that timescale. (Oh, and what's that "t" before your name?)

Milly

Dima [PersonRank 1]

15 years ago #

i get after stripping the spaces [I need to remove long one-liners without spaces as it breaks the forum layout. --Ed.]

these outputs:
MD4: 51d78ed785d2a85359c5c929aeae7e52
MD5: 017d56a5a6281e825bb3c2978e29ff03
SHA1: 3509cfc2f01c59bbcdb867af9e36cdbd8e262dfe

these hashes do not help :-

(and maybe the "t" is for "Tony" :P ;))

David Hergert [PersonRank 1]

15 years ago #

Yes, those three hashes are what I get. But one must be very careful to remove all spaces. With all spaces removed, the length of the code is 283 characters.

And boy, did those hashes in the previous posts screw up the look of this page...

Hey, does it have anything to do with Google Adsense? I notice long hashes on URLs of the adsense links.

Milly [PersonRank 10]

15 years ago #

Dima, I think you left a space in as character 236 (between f and Z).

Milly

Milly [PersonRank 10]

15 years ago #

Thanks for the hashes confirmation, David (and yup, I make it 283 too). My original post also messed up the page, and I think Philip's server housekeeping tidied it up afterwards (and added the spaces! ;).

Cache, Adsense – interesting thoughts. But having excluded Images, I don't think I'll include or exclude anything else you just fish for ... ;)

Milly

Philipp Lenssen [PersonRank 10]

15 years ago #

Here's Milly's original string, spaces removed, as text file:
blogoscoped.com/temp/milly-rid ...

Dima [PersonRank 1]

15 years ago #

oh.. Your'e right.. I missed a "spot" :D

Danny [PersonRank 0]

15 years ago #

This is hard.

Rich Hodge [PersonRank 6]

15 years ago #

Tried everything I could think of so far but no joy. Found parts of google I would have never ever seen (let alone the source code of the pages..) Fun stuff!

Mobile, SMS related?

Philipp Lenssen [PersonRank 10]

15 years ago #

Milly, I think it's time for another hint...

Tony Ruscoe [PersonRank 10]

15 years ago #

I agree! Another hint please... :-)

Philipp Lenssen [PersonRank 10]

15 years ago #

As for Tony's "t", if you are a regular poster with a unique name (not something like "Sam" or "Max") I sometimes create an icon for you.

Milly [PersonRank 10]

15 years ago #

Sure, Danny, but it's easy once you know how ;)

Rich, that's how I'd be investigating too, but in fact you needn't get your hands dirty with source code to find it (though you *can* of course). It's not *quite* in plain sight, but it's very close. And you might well use it in the normal course of events, even when not riddle-hunting. Indeed, I'd be surprised if some people here hadn't already done so.

Tools needed:-

1) A web browser (and web connection, natch).

That's it. Oh, I suppose using Notepad or something as a scratchpad makes investigating things easier, but paper and pencil (or a good memory) would suffice.

And just about any web browser will do, even the basic OffByOne :-

imilly.com/tools.htm#ole

(JavaScript is helpful with the things's actual purpose, in typical Google/Ajax fashion, but it's not needed for unravelling the riddle).

As for "Mobile, SMS related?" – that's interesting (though the answer isn't to be found in those "parts"). You certainly don't *need* a mobile phone (see above requirements), and I don't see how you could access it with a WAP browser, or via SMS.

But a proper browser on a mobile could probably cope, despite no specific WAP/PDA/XHTML conversion being provided by Google.

Ooh, that's lots of hints ...

Milly

P.S. I don't know if I qualify, Philip, but :-

imilly.com/favicon.ico

Jamie [PersonRank 0]

15 years ago #

I think I know how to decode this, but it's not working for me for some reason... Let me know if I'm close – I'll add a little bit so you see where I'm coming from:

:ePkh8BM9ExLWEnQsSlUoT1Uo
yUgFMipTS-xhBgIAdokIWQ

(I cheated a little :)

Milly [PersonRank 10]

15 years ago #

Yes Jamie, you're red hot :)

Cheated a little, how? By knowing something I mentioned elsewhere?

I guess the jig's about up ...

Philip, when I said "And you might well use it in the normal course of events, even when not riddle-hunting. Indeed, I’d be surprised if some people here hadn’t already done so", I didn't have you especially in mind. But now having checked the archives ... ;)

Jamie, do you want more time to fiddle with it, or shall I spell it out?

Milly

Jamie [PersonRank 0]

15 years ago #

I'll be interested to see what other people come up with. I looked at that area of Google before I cheated (by perusing a certain security related "forum"...) and either way I wasn't able to decode it. So I'm in no hurry :)

David Hergert [PersonRank 1]

15 years ago #

Another hint...what "forum" did you read that helped?

Milly [PersonRank 10]

15 years ago #

David, it was the GRC newsgroups, but finding that post would be much more than just a help.

In any event, I'll have to post the answer now, or perhaps not be able to do so until Friday or Monday.

So skip the rest of this if you want to keep looking!

=======================

Here's how Google can be used to encrypt and decrypt messages in two clicks :-

1. Append the message text (above) to this URL (which is the fixed 'root' of Google's Customized News "Share Your Edition" feature) :-

news.google.com/news?ned=:ePkh ...

i.e (and you may or may not have to strip spaces from this page's representation) :-

news.google.com/news?ned=:ePkh ...

   ... and click it.

2. Click where the resultant page displays "Click here to see message »".

That's it.

Barring accidents, you should now see :-

"Your search – Click here to see message: This is a very silly way of obscuring a message, then sharing it with someone else, who needs only to know to append it to a Google News URL. Interesting, but almost entirely useless :) Question: Where is my site. Answer: iMilly.com – did not match any documents."

If *instead* you choose to click "Make this page your customized news" (assuming you have JavaScript enabled), the URL of the "Click here to see message »" link changes from the encrypted text, into the decrypted text, and is thus readable in the tooltip and/or status line of the browser.

And if you then click "Edit", you can create your own message. Or you can start from scratch, using the "Customize this page" link (you'll want to remove lots of News sections, if you want your message to float to the top of the page).

Well, I did say almost entirely useless ... and just for fun. Is that a chorus of low groaning I hear ...

Here's the skinny :-

news.google.com/intl/en_us/abo ...

Incidentally, contrary to Google's assertions that "You can only save one customized edition per Google News domain (e.g., news.google.com and news.google.co.jp are different domains) on any given computer" ...

news.google.com/intl/en_us/abo ...

   ... and "Customized news requires you to have both Javascript and cookies turned on" ...

news.google.com/intl/en_us/abo ...

   ... by creating and bookmarking multiple "Share Your Edition" URLs, you can use many different customized editions, with or without then enabling cookies or JS.

That second point having also been once made by our host, including a link with his own encrypted 'messages' (of sorts) :-

blogoscoped.com/archive/2005-0 ...

Oh, and is that you, Rich, there in the comments?

   ;)

Milly

Milly [PersonRank 10]

15 years ago #

N.B.s

The URLs above work fine for me from this page.

Some other 'messages' won't produce such a conveniently empty News results page, but the decrypted URL is always available via the second "Make this page your customized news" option.

Thanks for my icon, Philip, and for hosting this little game.

Philipp Lenssen [PersonRank 10]

15 years ago #

OK, let me try to wrap it up and see if I understood it right.

--------- more spoilers ahead ----------

1. You created a customized Google News page
2. As one topic, you entered a custom search reading "This is a very silly way of obscuring a message, then sharing it with someone else, who needs only to know to append it to a Google News URL. Interesting, but almost entirely useless :) Question: Where is my site. Answer: iMilly.com\"
3. You copied the URL Google News offers at the bottom, reading something like "Share this with a friend."

Hope that's it. Very interesting solution to the riddle.

David Hergert [PersonRank 1]

15 years ago #

Wow very interesting. Thanks for the entertaining hunt.

Tony Ruscoe [PersonRank 10]

15 years ago #

Damn it – I was *so* close!

I tried exactly that but without the "fixed root" – i.e. I didn't put the "ePkh8BM9" before it. Since that did nothing, I gave up pursuing that idea...

Oh well. Good one Milly :-)

Jamie [PersonRank 0]

15 years ago #

Heh, ultimately it wasn't a help since I missed the mark on the fixed root. The closest I came was guessing that the fixed root was something else.

From the sounds of it I probably wasn't even the first to find it – I'd wager Tony found it before I did. Share your edition seems the only long URL you can generate with Google without logging in to adsense or your account :)

Rich Hodge [PersonRank 6]

15 years ago #

news.google.com/news?ned=:ePkh ...

DT [PersonRank 1]

15 years ago #

Base64 encoding can hardly be called encryption. It's a simple transformation.

Milly [PersonRank 10]

15 years ago #

Thanks for the kind comments everyone (except DT the grouch ;).

Philipp, yes, that's exactly right (and deleting the standard sections first helps unclutter the page).

Tony and Jamie, I did think of including the "ePkh8BM9" root in the string, but I thought that would make it too easy ...

Rich, that's an interesting hybrid URL: both encoded and plain text on the first page, even before it's clicked.

Milly

Affz [PersonRank 0]

15 years ago #

but, how to know the
"fixed ’root’ of Google’s Customized News"
??????

how to "discover" this??
"ePkh8BM9"

Milly [PersonRank 10]

15 years ago #

Affz, purely trial and error: there's no trick or cleverness involved (else I couldn't have done it).

Just follow Philipp's 1-2-3 guide above (on 10/04/05) a few times, and you'll have a small collection of URLs. Line 'em up in Notepad, and you'll notice that the first 8 characters after the 'obvious' root of "news.google.com/news?ned=:" are always the same too. I wasn't expecting that to be the case, just the "ned=:" bit, but there it was.

Or look at the URLs for the custom headings on Philipp's own customised news page example here :-

news.google.com/news?ned=:ePkh ...

Again, they all have that common root, which is obvious if, and only if, you look at them all together, rather than as individual, seemingly random, strings.

I hope that helps.

Milly

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!