💾 Archived View for tilde.team › ~aprilnightk › try3301 › cluehub › 2014_onion3.gmi captured on 2022-03-01 at 15:31:01. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-12-03)

➡️ Next capture (2023-01-29)

-=-=-=-=-=-=-

ONION 3 page

Link obtained at previous stage:

fv7lyucmeozzd5j4.onion

<!--1033-->

87de5b7fa26ab85d22... (string is growing with time)

Finally index.html turned into this:

<!--1033-->
87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee743297817febd7741ededf07ca0c7e8b1788ea4131441a8f71c63943d8b56aea6a45159e2f59f9a194af23eaabf9de0f3123c041c882d5b7e03e17ac49be67cef29fbc7786e3bda321a176498835f6198ef22e81c30d44281cd217f7a46f58c84dd7b29b941403ecd75c0c735d20266121f875aa8dec28f32fc153b1393e143fc71616945eea3c10d6820bd631cf775cf3c1f27925b4a2da655f783f7616f3359b23cff6fb5cb69bcb745c55dff439f7eb6a4094bd302b65a84360a62f94c8b010250fcc431c190d6ed8cc8a3bfce37dddb24b93f502ad83c5fa21923189d8be7a6127c4105fcf0e5275286f2

! I'm unsure as to what to do with this one. [LOOSE END]

Onion 3 server status page

[UPDATE THIS WITH THE STATUS PAGE LEAKAGE INFO]

Following is the source code of the status page for onion 3, which was refreshed after the leakage was found:

HTML source. Warning: large size!

Appended to the end of the server status was yet another very long string. This string was found to contain two image files in a similar ordering as the RSA onion, except that there was some data between them (OOB or Out Of Bounds data):

[0xFF 0xD8..............................] [Data in between JPGs] [..............................0xD8 0xFF]

After building the first JPG from the hex:

xxd -p -r < server-status.hex > server-status.jpg

One obtains the image [[Liber_Primus#05.jpg|05.jpg]]. Doing the same for the reversed copy of the second JPG yields the same image as the first, except for that OOB data.

Comparing the first and second images

cmp -l server-status.jpg rev.server-status.jpg

one obtains the OOB data:

a02373230202020202833313020202020213433302020202021333130202020202135313a06363
330202020202939313020202020203331302020202020323330202020202028313a06323230202
020202534323020202020202139302020202025343230202020202632323a08313020202020203
2333020202020203331302020202029393130202020202636333a0135313020202020213331302
02020202134333020202020283331302020202022373230a0a

Note that all of these bytes are within the printable range of ASCII characters, and many of them appear to be ASCII for digits (e.g. 0x30, 0x39).

Converting this string to binary:

xxd -b oob.hex oob.bin

and reversing that:

xxd -r oob.bin oob-rev.bin

we obtain:

272     138     341     131     151

366     199     130     320     18

226     245     91      245     226

18      320     130     199     366

151     131     341     138     272