Kevin pinged me earlier today with an interesting issue. He had a Base64 representation of data. Base64 is usually used to create a string representation of binary data. But did you know that you can also Base64 encode string data? In his case it was being used in some PHP code to encode layout for a blog theme. He needed to get to the original code but wasn't sure how to do that in ColdFusion. Here is what I came up with. First, start off with your Base64 string. (Note - in the code template below I'm going to add a few spaces just to make it wrap better. )
<cfset b64 = 'Pz4gPC9kaXY+PCEtLSBlbmQgcGFnZSAtLT4NCgo8ZGl2I GlkPSJmb290ZXItd3JhcCI+DQoKCTxkaXYgaWQ9ImZvb3RlciIgY2xhc3 M9ImNsZWFyZml4Ij4NCgkNCgkJPHAgaWQ9ImxlZ2FsIj5Db3B5cmlnaHQ gJmNvcHk7IDIwM DggPGEgaHJlZj0iPD8gYmxvZ2lu Zm8oJ3VybCcpOyA/PiI+PD8gYmxvZ2luZm8oJ25h bWUnKTsgPz48 L2E+DQoJCSZidWxsOyA8P3BocCBpZihpc19ob21lKCkpIDogPz48YSBocmVmPSJodHRwOi8vd29yZHByZXNz dGhlbWVzYmFzZS5jb20vIiB0aXRsZT0iV29yZHByZXNzIHRlbXBsYXRlcyI+V2 9yZHByZXNzIHRlbXBsYX RlczwvYT48P3BocCBlbmRpZjsgPz4NCgkNCgk8L2R pdj4NCgk8P3BocCB3cF9mb290ZXIoKTsgPz4NCgo8L2Rpdj48IS0tIGVuZCBm b290ZXItd3Jhc CAtLT4NCgoNCjwvYm9keT4NCjwvaHRtbD4gPD8='>
Ok - so now what? ColdFusion provides a toBase64 function but no "from"Base64. There is a toString function, but since Base64 is already a string, running toString on it doesn't do anything. However, we can convert this into binary data using toBinary:
<cfset f = ToBinary(b64)>
And now we have a binary representation of the Base64 string. But how do we view it? If you try to output f you will get an error. But now is the time where toString helps out:
<cfset z = toString(f)>
<cfoutput>
#htmleditformat(z)#
</cfoutput>
And when output we get:
?> </div><!-- end page --> <div id="footer-wrap"> <div id="footer" class="clearfix"> <p id="legal">Copyright © 2008 <a href="<? bloginfo('url'); ?>"><? bloginfo('name'); ?></a> • <?php if(is_home()) : ?><a href="http://wordpressthemesbase.com/" title="Wordpress templates">Wordpress templates</a><?php endif; ?> </div> <?php wp_footer(); ?> </div><!-- end footer-wrap --> </body> </html> <?
Wow that PHP code looks awesome! Anyway - I hope this helps others. This is the first I've seen of Base64 versions of strings. It seems to be used as a way to obfuscate the code. I've also heard that apparently this has been used to hack Wordpress themes as well.
Archived Comments
Base 64 representations of strings are also sometimes used in windows active directory properties and also in http headers when using http authentication.
Ah cool - thanks Michael.
You could also have used the BinaryEncode() function.
i.e. BinaryEncode(b64,"Base64")
Wow, even simpler. Thanks Joshua!
I meant:
<cfset f = BinaryDecode(b64,"Base64") />
for the conversion. Long morning already...
Alright, I thought I better make right for my faux pas:
<cfset b64 = 'Pz4gPC9kaXY+PCEtLSBlbmQgcGFnZSAtLT4NCgo8ZGl2I GlkPSJmb290ZXItd3JhcCI+DQoKCTxkaXYgaWQ9ImZvb3RlciIgY2xhc3 M9ImNsZWFyZml4Ij4NCgkNCgkJPHAgaWQ9ImxlZ2FsIj5Db3B5cmlnaHQ gJmNvcHk7IDIwM DggPGEgaHJlZj0iPD8gYmxvZ2lu Zm8oJ3VybCcpOyA/PiI+PD8gYmxvZ2luZm8oJ25h bWUnKTsgPz48 L2E+DQoJCSZidWxsOyA8P3BocCBpZihpc19ob21lKCkpIDogPz48YSBocmVmPSJodHRwOi8vd29yZHByZXNz dGhlbWVzYmFzZS5jb20vIiB0aXRsZT0iV29yZHByZXNzIHRlbXBsYXRlcyI+V2 9yZHByZXNzIHRlbXBsYX RlczwvYT48P3BocCBlbmRpZjsgPz4NCgkNCgk8L2R pdj4NCgk8P3BocCB3cF9mb290ZXIoKTsgPz4NCgo8L2Rpdj48IS0tIGVuZCBm b290ZXItd3Jhc CAtLT4NCgoNCjwvYm9keT4NCjwvaHRtbD4gPD8='>
<cfset f = BinaryDecode(b64,"base64") />
<cfset f = charsetEncode(f,"utf-8") />
<cfoutput>#f#</cfoutput>
That will replace the toString() call and allows you to explicitly specify the binary encoding.
Some helper functions for you. Includes Base64URL functions which is needed for several Google APIs.
http://pastebin.com/bFb1bBpU
That's nice Grumpy. Any reason you don't want to share your real name? :)
I've never had a good handle on the binaryEncode / binaryDecode functions. I've read the docs before, but something about them never clicked.
Thanks Ray. No real name because I don't want to get too involved with the community. I have some very differing opinions on what makes good CF code and don't want to have to defend or spend my time convincing people why I think it's the better approach. So I just pop up every once in a while, usually to rant, and then lurk again.
However, this time I got to be helpful. :-)
That's unfortunate. I firmly believe that you should be able to state your opinion even if it is in the minority. I invite you - next time - to go public here. If folks complain, I'll put a stop to it. (Well, if they make it personal. I'm all for a good, respectful argument. ;)
Thanks Grumpy, havent tried them yet but exactly what I was looking for; functions to handle the base64url functions. Facebook Deauthorize Callback depends on base64url vs base64.