Member preview

Decoding a great message from a security recruiter.

My friend Matt (who publishes a security blog called PennysylforniaGeek) received the following message from a recruiter:

51 58 5a 77 63 69 42 33 59 6d 38 67 63 58 4a 77 59 6e 46 32 59 58 51 68 49 46 59 6e 61 58 49 67 64 47 4a 6e 49 47 34 67 59 58 4a 71 49 45 5a 79 63 47 68 6c 64 6d 64 73 49 46 4a 68 64 43 42 6c 59 6e 6c 79 49 47 64 31 62 6d 63 67 65 6d 35 73 49 48 5a 68 5a 33 4a 6c 63 6d 5a 6e 49 47 78 69 61 43 34 67 57 6d 77 67 63 48 6c 32 63 6d 46 6e 49 48 5a 6d 49 47 34 67 61 6d 4a 6c 65 58 45 67 65 6d 35 6c 65 48 4a 6e 49 48 6c 79 62 6e 46 79 5a 53 42 32 59 53 42 6e 64 58 49 67 54 6d 68 6e 59 6d 46 69 65 6d 4a 6f 5a 69 42 51 62 6d 55 67 5a 6d 4e 75 63 48 49 67 62 6d 46 78 49 47 78 69 61 43 64 78 49 47 39 79 49 47 34 67 65 48 4a 73 49 48 4a 68 64 48 5a 68 63 6e 4a 6c 49 48 5a 68 49 47 39 6f 64 6e 6c 78 64 6d 46 30 49 47 4a 6f 5a 79 42 75 59 32 4e 35 64 6e 42 75 5a 33 5a 69 59 53 42 6d 63 6e 42 6f 5a 58 5a 6e 62 43 42 7a 5a 57 4a 36 49 47 64 31 63 69 42 30 5a 57 4a 6f 59 58 45 67 61 47 4d 75 49 46 42 75 5a 58 49 67 5a 32 49 67 63 48 56 75 5a 7a 38 4e 43 67 3d 3d

None of the letters go further than the letter F so a good place to start is ASCII/hexadecimal conversion. Throwing that into a free online converter, you get the following:

Q X Z w c i B 3 Y m 8 g c X J w Y n F 2 Y X Q h I F Y n a X I g d G J n I G 4 g Y X J q I E Z y c G h l d m d s I F J h d C B l Y n l y I G d 1 b m c g e m 5 s I H Z h Z 3 J l c m Z n I G x i a C 4 g W m w g c H l 2 c m F n I H Z m I G 4 g a m J l e X E g e m 5 l e H J n I H l y b n F y Z S B 2 Y S B n d X I g T m h n Y m F i e m J o Z i B Q b m U g Z m N u c H I g b m F x I G x i a C d x I G 9 y I G 4 g e H J s I H J h d H Z h c n J l I H Z h I G 9 o d n l x d m F 0 I G J o Z y B u Y 2 N 5 d n B u Z 3 Z i Y S B m c n B o Z X Z n b C B z Z W J 6 I G d 1 c i B 0 Z W J o Y X E g a G M u I F B u Z X I g Z 2 I g c H V u Z z 8 N C g = =

If you’re a normal person and still aren’t clear what that means, the trailing == indicates base64 padding. To decode that, you’ll need to get rid of the spaces (my default is the .trim method because I think in Javascript) and run the result through another converter. Matt came up with a more concise terminal command:

echo “QXZwciB3Ym8gcXJwYnF2YXQhIFYnaXIgdGJnIG4gYXJqIEZycGhldmdsIFJhdCBlYnlyIGd1bmcgem5sIHZhZ3JlcmZnIGxiaC4gWmwgcHl2cmFnIHZmIG4gamJleXEgem5leHJnIHlybnFyZSB2YSBndXIgTmhnYmFiemJoZiBQbmUgZmNucHIgbmFxIGxiaCdxIG9yIG4geHJsIHJhdHZhcnJlIHZhIG9odnlxdmF0IGJoZyBuY2N5dnBuZ3ZiYSBmcnBoZXZnbCBzZWJ6IGd1ciB0ZWJoYXEgaGMuIFBuZXIgZ2IgcHVuZz8NCg==” | base64 — decode

That returns the following:

Avpr wbo qrpbqvat! V’ir tbg n arj Frphevgl Rat ebyr gung znl vagrerfg lbh. Zl pyvrag vf n jbeyq znexrg yrnqre va gur Nhgbabzbhf Pne fcnpr naq lbh’q or n xrl ratvarre va ohvyqvat bhg nccyvpngvba frphevgl sebz gur tebhaq hc. Pner gb pung?

Which is almost human readable. This is where I trailed off and had to deal with some parenting stuff. But Matt figured out it was encoded with ROT13, which is often called the Caesar cipher because Julius Caeser developed it. The encoding is pretty simple: swap each letter for the 13th one that comes after it. Using that logic, you wind up with the final message:

Nice job decoding! I’ve got a new Security Eng role that may interest you. My client is a world market leader in the Autonomous Car space and you’d be a key engineer in building out application security from the ground up. Care to chat?

All in all, we both thought it was the best recruiter message either of us had seen.