I am doing a child exploitation case.
The files sent via a Law Enforcement P2P RoundUp program are showing a SHA1 value where the alpha digits are exceeding "F". (Base32)
example
File name Bla-Bla-Bla.jpg
SHA-1 61JDINFW6E7YIQZF6LHIHIE4Y4WNY62U
I am not sure if these are coming from NCMEC or the Law Enforcement P2P program or??.
The SHA-1 value reported in FTK is Base 16 is f2123434b6f13f844325f2ce83a09cc72cdc7b54.
I have run into this on nearly every CP case where a P2P (Ares) is used but no one seems to have an answer.
Have you encountered this and if so, have you found any type of converter that will do the conversion (if possible)
If there is some kind of conversion process or program, no one I have contacted, including our ICAC detectives, can provide an answer to that.
UpDate. if you do ever run across a SHA1 Base32 and need to convert it to Base16 this converter does the trick. https://
To avoid using third-party programs, I suggest going with python. Here are the lines of codes that perform conversion back and forth.
SHA1 From HEX to Base32
python -c "import base64; res = base64.b32encode('f2123434b6f13f844325f2ce83a09cc72cdc7b54'.decode('hex')); print(res)"
SHA1 From Base32 to HEX
python -c "import base64; res = base64.b32decode('61JDINFW6E7YIQZF6LHIHIE4Y4WNY62U', map01=b'I').encode('hex'); print(res)"
Run them in the console having python installed beforehand.
Or you could use
Recipe from Base32 to HEX
[{"op""From Base32","args"["A-Z2-7=",true]},
{"op""To Hex","args"["Space"]}]
Recipe from HEX to Base32
[{"op""From Hex","args"["Space"]},
{"op""To Base32","args"["A-Z2-7="]}]
Click Load recipe button to test these ones out
Great… Thanks!