Identifying an unknown data encoding?

Question

I'm trying understand an undocumented API I have discovered, and I can't get past the format of the data that is being returned.

Here is an example of what I get back when I perform a GET on the url I'm looking at:

A+uZL4258wXdnWztlEPJNXtdl3Tu4hRITtW2AUwQHUK5c6BATSBU/XsQEVIttCpI7wrW/oXWiBloT8+cdtUWBag3mzk3cLohKPvi7PWpf7jqCSbjNGh+5Iv5Gb8by2k31kp62sfwZ+i8r/3TA6nGrnJb6edOB7d0c6F34RTFRrrZSeJtiWYXAJ5JeD3yJY+C

At first I thought this was base64 encoded, but that just gives me back gibberish:

echo -n "<above snippet>" | base64 -D
?/???ݝl?C?5Vy??????,?8?s?@M T?{R-?*H?
???ֈhOϜv??7?97p?!(???????   &?4h~???i7?Jz???g輯???Ʈr[??N?ts?w??F??I?m?f?Ix=?%?

When I strip the URL down to just the domain, I get a website with cyrillic text. Maybe the data could be converted to cyrillic somehow?

Does this data format look familiar to you?

I'll continue to keep trying and report back if I make any progress.

Answer 1

This is definitely base64, because of the / and + characters.

When you decode that string using base64, you get this hexdump:

00000000  03 eb 99 2f 8d b9 f3 05  dd 9d 6c ed 94 43 c9 35  |.../......l..C.5|
00000010  7b 5d 97 74 ee e2 14 48  4e d5 b6 01 4c 10 1d 42  |{].t...HN...L..B|
00000020  b9 73 a0 40 4d 20 54 fd  7b 10 11 52 2d b4 2a 48  |.s.@M T.{..R-.*H|
00000030  ef 0a d6 fe 85 d6 88 19  68 4f cf 9c 76 d5 16 05  |........hO..v...|
00000040  a8 37 9b 39 37 70 ba 21  28 fb e2 ec f5 a9 7f b8  |.7.97p.!(.......|
00000050  ea 09 26 e3 34 68 7e e4  8b f9 19 bf 1b cb 69 37  |..&.4h~.......i7|
00000060  d6 4a 7a da c7 f0 67 e8  bc af fd d3 03 a9 c6 ae  |.Jz...g.........|
00000070  72 5b e9 e7 4e 07 b7 74  73 a1 77 e1 14 c5 46 ba  |r[..N..ts.w...F.|
00000080  d9 49 e2 6d 89 66 17 00  9e 49 78 3d f2 25 8f 82  |.I.m.f...Ix=.%..|

This just looks like 128 bytes of random data. And whenever you call this API URL again, you get a different string, although it starts with the same few characters.

Perhaps you should ask the maintainers of that website how to use their API. Maybe this string is some session ID that you should use in further calls.