In days part there were sites known to store login status in a client-side cookie obscured by a XOR cyper. When first visting the site some code like this would run:
$cookie = xor_crypt($json_encode(array("login"=>"false")));Then $cookie would be set on the client side, something like data=GkAPXlVaD0BZE1RSDREGE08=. A successful login would containg a similar:
$cookie = xor_crypt($json_encode(array("login"=>"true")));That would result in the cookie data=GkAPXlVaD0BZE0ZBFAdBTA==. Looking at there two values it is plain that they are very similar. That only a few positions have changed indicate a basic symmetric cypher, in this case just a simple XOR of the JSON value against a fixed key.
While it is trivial to brute-force the key, it is more fun to guess. A website setting a single long key might indicate a serialized array and logging in and out gives some indicate to what is being set. Then we can determine the key:
$ct = base64_decode("GkAPXlVaD0BZE1RSDREGE08=");
$pt = json_encode(array("login"=>"false"));
$key = "";
for($i=0;$i<strlen($ct);$i++) {
$key .= $ct[$i] ^ $pt[$i % strlen($pt)];
}This gives abc123abc123abc123abc1 .. which is both human readable and contains repetitive.
Now it is just a matter of determining the value of login that we desire and re-encoding the cookie.