I have an application that pulls some JSON definition files from the internet. In former versions of the application, these files were genuine json files; now, in a later version, they seem to be encrypted/obfuscated. The files that get downloaded now seem to be base64-encoded; decoding them leads to binary files that have the String Salted12 plus 8 more ascii characters in front of them.
Examples:
Salted12OBWfTKpl<B4>{J<E0> <D1>...
Salted12DPEPlodlks^Q^H]^Q<88><A6><D5>...
Salted12WeuyYPkh<D6>"<F9>^I^_6^Q<AB><ED>^Y
Salted12hJhPiiUX<E7>Yu<D9><DB><9F><D9><BD>
I assume the 8 extra bytes are some kind of encryption key (or, maybe the 16 leading bytes are the key, and the devs chose fixed the first 8 bytes)
Comparing the size of old versions of the json files with the new ones suggests the new ones are uncompressed, and have a 1:1 character encryption after the header bytes:
File old size new size
1.93.json 10999 10864
edit.json 2135 2160
next.json 252 976
(The change in number of bytes isn't the same for all files, but as the contents have probably changed with the new version, this is to be expected).
Now my question is: Is there a standard, "well-known", library/framework that obfuscates JSON like this, or will i have to reverse the application to find out how the encryption works?
Salted__(instead ofSalted12) followed by 8 random bytes (not ASCII characters) of salt. – Ilmari Karonen Jul 06 '16 at 19:23