💾 Archived View for tilde.team › ~aprilnightk › try3301 › cluehub › 2014_onion3.gmi captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
Link obtained at previous stage:
<!--1033--> 87de5b7fa26ab85d22... (string is growing with time)
Finally index.html turned into this:
<!--1033--> 87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee743297817febd7741ededf07ca0c7e8b1788ea4131441a8f71c63943d8b56aea6a45159e2f59f9a194af23eaabf9de0f3123c041c882d5b7e03e17ac49be67cef29fbc7786e3bda321a176498835f6198ef22e81c30d44281cd217f7a46f58c84dd7b29b941403ecd75c0c735d20266121f875aa8dec28f32fc153b1393e143fc71616945eea3c10d6820bd631cf775cf3c1f27925b4a2da655f783f7616f3359b23cff6fb5cb69bcb745c55dff439f7eb6a4094bd302b65a84360a62f94c8b010250fcc431c190d6ed8cc8a3bfce37dddb24b93f502ad83c5fa21923189d8be7a6127c4105fcf0e5275286f2
! I'm unsure as to what to do with this one. [LOOSE END]
[UPDATE THIS WITH THE STATUS PAGE LEAKAGE INFO]
Following is the source code of the status page for onion 3, which was refreshed after the leakage was found:
HTML source. Warning: large size!
Appended to the end of the server status was yet another very long string. This string was found to contain two image files in a similar ordering as the RSA onion, except that there was some data between them (OOB or Out Of Bounds data):
[0xFF 0xD8..............................] [Data in between JPGs] [..............................0xD8 0xFF]
After building the first JPG from the hex:
xxd -p -r < server-status.hex > server-status.jpg
One obtains the image [[Liber_Primus#05.jpg|05.jpg]]. Doing the same for the reversed copy of the second JPG yields the same image as the first, except for that OOB data.
Comparing the first and second images
cmp -l server-status.jpg rev.server-status.jpg
one obtains the OOB data:
a02373230202020202833313020202020213433302020202021333130202020202135313a06363 330202020202939313020202020203331302020202020323330202020202028313a06323230202 020202534323020202020202139302020202025343230202020202632323a08313020202020203 2333020202020203331302020202029393130202020202636333a0135313020202020213331302 02020202134333020202020283331302020202022373230a0a
Note that all of these bytes are within the printable range of ASCII characters, and many of them appear to be ASCII for digits (e.g. 0x30, 0x39).
Converting this string to binary:
xxd -b oob.hex oob.bin
and reversing that:
xxd -r oob.bin oob-rev.bin
we obtain:
272 138 341 131 151 366 199 130 320 18 226 245 91 245 226 18 320 130 199 366 151 131 341 138 272