How to identify Encryption algorithm for data coming in field/attribute values of an xml

All we need is an easy explanation of the problem, so here it is.

I have data coming in the form of XML with certain XML attributes being encrypted. I am very new to encryption/decryption. So I would like a detailed explanation on how to find the encryption algorithm, if at all there is any applied on this data. Or is it some other form of encoded format? Please ask any question related to data, I would be more than happy to help on that. Sample encrypted data looks like this:


How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

This is just straight ASCII represented in hexidecimal. I removed the newlines and the following python code will display it:

>>> from binascii import unhexlify
>>> ascii = "7b5c727466315c616e73695c616e7369637067313235325c64656666305c6465666c616e67313033337b5c666f6e7474626c7b5c66305c666e696c2054696d6573204e657720526f6d616e3b7d7b5c66315c666e696c5c66636861727365743020417269616c3b7d7b5c66325c666e696c5c6663686172736574302054696d6573204e657720526f6d616e3b7d7d0d0a7b5c636f6c6f7274626c203b5c726564305c677265656e305c626c7565303b7d0d0a5c766965776b696e64345c7563315c706172645c6366315c66305c667332305c7061720d0a5c6366305c6631204c6f74204e696e65202839292c206f66204245415220435245454b20504f4c4f2052414e43482c20616e206164646974696f6e20696e20456c6c697320436f756e74792c2054657861732c206163636f7264696e6720746f20746865206d6170206f7220706c61742074686572656f66207265636f7264656420696e20436162696e657420432c20536c696465204e6f2e20343535206f662074686520506c6174205265636f726473206f6620456c6c697320436f756e74792c2054657861732e5c6366315c66325c7061720d0a7d0d0a00"
>>> unhexlify(ascii)
'{\\rtf1\\ansi\\ansicpg1252\\deff0\\deflang1033{\\fonttbl{\\f0\\fnil Times New Roman;}{\\f1\\fnil\\fcharset0 Arial;}{\\f2\\fnil\\fcharset0 Times New Roman;}}\r\n{\\colortbl ;\\red0\\green0\\blue0;}\r\n\\viewkind4\\uc1\\pard\\cf1\\f0\\fs20\\par\r\n\\cf0\\f1 Lot Nine (9), of BEAR CREEK POLO RANCH, an addition in Ellis County, Texas, according to the map or plat thereof recorded in Cabinet C, Slide No. 455 of the Plat Records of Ellis County, Texas.\\cf1\\f2\\par\r\n}\r\n\x00'

Things to recognize are the 0x0a, 0x0d ASCII characters at the end that represent a line feed and carriage return respectively. Also a lot of the text is between 0x41 to 0x5A (A-Z), and 0x61 to 0x7A (a-z).

To address your question about recognizing encryption. Unless the communication protocol or file format provides you with the algorithm type there is generally no way to tell one encryption algorithm from another just based on encrypted data. For files it can be provided in a file header value. You’d still have to know what value in the header represent an encryption algorithm, and then further you’d have to determine which algorithm the value represented. For secure communication protocols the algorithms are generally negotiated during the protocol’s initialization.

Method 2

Most Encryption methods leave something like a fingerprint – for example: fixed first couple of characters; lenth of hashes; etc.
By such it’s possible to determine the algorithm used…

I havn’t found a particular documentation oder article by a quick google search, but I stumbled uppon following project (simple python script):

Check that out – maybe it guesses your hashes correctly 🙂

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply