Home > Uncategorized > H4sIAAA What’s so important about this string?

H4sIAAA What’s so important about this string?

December 7, 2016 Leave a comment Go to comments

my_tweet

This may be a long shot, but if anyone ever searches for this string, I know exactly what you are looking at – It’s a base64 encoded zipped string.

Want to see what it actually it, base64 decode the sting, and unzip the result, here’s the code you need in c#

public static void CopyTo(Stream src, Stream dest)
{
byte[] bytes = new byte[4096];

int cnt;

while ((cnt = src.Read(bytes, 0, bytes.Length)) != 0)
{
dest.Write(bytes, 0, cnt);
}
}

public static byte[] Zip(string str)
{
var bytes = Encoding.UTF8.GetBytes(str);

using (var msi = new MemoryStream(bytes))
using (var mso = new MemoryStream())
{
using (var gs = new GZipStream(mso, CompressionMode.Compress))
{
//msi.CopyTo(gs);
CopyTo(msi, gs);
}

return mso.ToArray();
}
}

public static string Unzip(byte[] bytes)
{
using (var msi = new MemoryStream(bytes))
using (var mso = new MemoryStream())
{
using (var gs = new GZipStream(msi, CompressionMode.Decompress))
{
//gs.CopyTo(mso);
CopyTo(gs, mso);
}

return Encoding.UTF8.GetString(mso.ToArray());
}
}

Categories: Uncategorized
  1. dananos
    December 7, 2016 at 4:07 pm
    Reply

    To help google, here’s some related markers

    H4sIAAAAAAA
    H4sIAAAAAA
    H4sIAAAAA
    H4sIAAAA
    H4sIAAA
    H4sIAA
    H4sIA
    H4sI
    H4s
    H4

  2. Developer
    July 17, 2017 at 7:27 am
    Reply

    after 7 months of your post, i had the same problem and your post helped me solving it. Thanks for your post 🙂

  3. Roland
    February 9, 2018 at 4:44 pm
    Reply

    You don’t need to write a single line of code if you have access to a UNIX shell. With the encoded string sitting in “inputfile” in the current folder:

    base64 -Di inputfile|zcat

  4. darkevilmac
    May 29, 2021 at 6:15 am
    Reply

    Currently working on reverse engineering a website to create a web crawler.

    Thank you so much for making this post, you saved me quite the headache.

    As a side note people might find this site useful to take a quick look at the data without opening up an IDE, I found it after reading this post and also noticed that it was able to detect the file type after I had decoded the Base64 – https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D‘,true)Unzip(”,false)

    I don’t have any affiliation with that site by the way, just ended up finding it useful for this situation and others may find it helpful as well.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: