This looks familiar, let’s jump right into the source code here.
It looks like we need to submit a string which will be equal to $encodedsecret after going through their encoding scheme which, when broken down looks like this:
function encodeSecret($secret) {
$secret = base64_encode($secret);
$secret = strrev($secret);
$secret = pack("H*", $secret);
return $secret;
}
If you are unfamiliar with any of these functions I encourage you to RTFM at php.net.
Since we already know the value of $encodedSecret we should be able to decode it and enter it in the form for the win. To decode it we will run their encoding scheme in reverse with our own php script:
<?
$encodedSecret = "3d3d516343746d4d6d6c315669563362";
function decodeSecret($secret) {
return base64_decode(strrev(pack("H*", $secret)));
}
echo decodeSecret($encodedSecret)."\n";
?>
So if we throw our output in the form:
