H4sIAAA What’s so important about this string?
This may be a long shot, but if anyone ever searches for this string, I know exactly what you are looking at – It’s a base64 encoded zipped string.
Want to see what it actually it, base64 decode the sting, and unzip the result, here’s the code you need in c#
public static void CopyTo(Stream src, Stream dest)
{
byte[] bytes = new byte[4096];int cnt;
while ((cnt = src.Read(bytes, 0, bytes.Length)) != 0)
{
dest.Write(bytes, 0, cnt);
}
}public static byte[] Zip(string str)
{
var bytes = Encoding.UTF8.GetBytes(str);using (var msi = new MemoryStream(bytes))
using (var mso = new MemoryStream())
{
using (var gs = new GZipStream(mso, CompressionMode.Compress))
{
//msi.CopyTo(gs);
CopyTo(msi, gs);
}return mso.ToArray();
}
}public static string Unzip(byte[] bytes)
{
using (var msi = new MemoryStream(bytes))
using (var mso = new MemoryStream())
{
using (var gs = new GZipStream(msi, CompressionMode.Decompress))
{
//gs.CopyTo(mso);
CopyTo(gs, mso);
}return Encoding.UTF8.GetString(mso.ToArray());
}
}
To help google, here’s some related markers
H4sIAAAAAAA
H4sIAAAAAA
H4sIAAAAA
H4sIAAAA
H4sIAAA
H4sIAA
H4sIA
H4sI
H4s
H4
LikeLike
after 7 months of your post, i had the same problem and your post helped me solving it. Thanks for your post 🙂
LikeLike
You don’t need to write a single line of code if you have access to a UNIX shell. With the encoded string sitting in “inputfile” in the current folder:
base64 -Di inputfile|zcat
LikeLike
H4sIAAAAAAAACgEwAs/9
LikeLike
SEO
LikeLike
Currently working on reverse engineering a website to create a web crawler.
Thank you so much for making this post, you saved me quite the headache.
As a side note people might find this site useful to take a quick look at the data without opening up an IDE, I found it after reading this post and also noticed that it was able to detect the file type after I had decoded the Base64 – https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D‘,true)Unzip(”,false)
I don’t have any affiliation with that site by the way, just ended up finding it useful for this situation and others may find it helpful as well.
LikeLike