Nds-pmd, NuData - any experience?

Hello

I have 3 sites; all having some nds-pmd parameter in Payloads.
Does anyone ever had any experience with the kind of parameter and what to do? Is there any solution; anyone can help me out?

Depending on the sites in question they can retrieve/require different variables/information from the device sending the request.

Tip:
Take the original b64 string found from “ base64NuDetectData”

Summary

ZXlKdVpITXRjRzFrSWpvaWUxd2lhblp4ZEhKblVXNW5ibHdpT250Y0lucGplblpwWENJNk1DeGNJbnBvZVZ3aU9sd2ljbUYwWENJcw0KWENKNlpucGNJam95TURnNU1UWTBPREF3TEZ3aWVtTjJYQ0k2WENKdVlYRmxZblp4WENJc1hDSjZkVzl3Wmx3aU9qRXNYQ0o2Wm1KYw0KSWpwY0lrY3RXbUp2ZG5seVhDSXNYQ0o2ZG5GemFWd2lPbHdpY0VzNVkwVTBXV2RJV0VSY0lpeGNJbnB1YjJaeGVGd2lPakk1TEZ3aQ0KZG1ObFhDSTZYQ0pjSWl4Y0lucHViM05jSWpwY0luUmlZblI1Y2x4Y1hDOW1jWGhmZEdOMVltRnlYMnM0Tmx4Y1hDOTBjbUZ5Wlhadw0KWDJzNE5qb3hNRnhjWEM5RVJrVXhMakl4TURnd01pNHdNREZjWEZ3dk56WXdNell5TkRwb1puSmxjWEp2YUhSY1hGd3ZjWEpwTFhoeQ0KYkdaY0lpeGNJbnB2YjF3aU9sd2lkR0ppZEhseVhDSXNYQ0o2Wm1aY0lqbzJNalF3TmpZMU5qQXdMRndpYUc1Y0lqcGNJamd1TWk0eg0KWENJc1hDSjZibTltWENJNlhDSm9ZWGhoWW1waFhDSXNYQ0p4ZG5GbmJWd2lPaTB4TWpBc1hDSjZkV1pjSWpwYlhDSjZkVzV3WENJcw0KWENKNmRXZG1jbHdpTEZ3aWVuVjBiRndpTEZ3aWVuVjBabnBjSWl4Y0lucDFjSE5jSWl4Y0lucDFaMk5jSWl4Y0lucDFibVZjSWl4Yw0KSW5wMWVuQmNJaXhjSW5wMWIyTmNJaXhjSW5wMWVXWmNJaXhjSW5wMWNHVmNJaXhjSW5wMWRHTm1YQ0lzWENKNmRXcDJYQ0lzWENKNg0KZFdWdVhDSmRMRndpZW05NlhDSTZYQ0pPWVhGbFluWnhJRVpSV0NCdmFIWjVaeUJ6WW1VZ2F6ZzJYQ0lzWENKNmIyTmNJanBjSW1aeA0KZUY5MFkzVmlZWEpmYXpnMlhDSXNYQ0o2Ym05cFhDSTZYQ0l4TUZ3aUxGd2llbVp3WENJNlhDSm9abHdpTEZ3aWVtOTZjMXdpT2x3aQ0KVkdKaWRIbHlYQ0lzWENKNlkzcHBYQ0k2TVRBc1hDSm1aVndpT2x3aVhDSXNYQ0pxZUdWY0lqb3lNelkwT0RsOUxGd2lhbWRjSWpwYw0KSWpFdWFpMDNOVFl4TXpndU1TNHlMa1JVZEZoa1ExUkZPRkpvT1dsUlRIRlRZMUpOVUU0c0xDNUVVakJxVW1SRVF6TXdiVlpoU25SbA0KYW01Qk5rRnhXVE0zZWtoRlpFdFFUMGhUVEVaM2FFUTFVMmhKUkVKMVNsVlJNamMyVkZvM2REZE9VWGRJTURaWU0za3RYMGcwVGxabg0KYXpKblNHWkdlV2czZDJVMk1GaHRWSEpJVDJkWVIyZFpOM2QyWVVacU0zRjVRbFV5YlUxb01GQk9Sa056T1hwc2RYbEhiREZGUzNvdA0KVUVKb2N6Vm5NbFpKVDJjMVRYa3dZelk1VlhGemNUQnZZMVJaYTBkeWMydGljRWsyWnpWQ0xVcHBjbXhJZEdoMWNqUm9SbWN3TFZwTQ0KT1hGMFVHa3pWMnhhVjNKUFdYQmhRelozUkZZeVNYUk1NVWhYZEdOU2JrNU1PVkI0VjNoT2VWazBVeTFrWDNNdE56UldUVGxvVHpSSw0KU1VrMFluUjFjM3B5UVV0WmRscFVVMmt6UVRWd2NWWnZZakJpUzJSTFNFeFhkQ3dzWENJc1hDSm1kbkZjSWpwY0lqY3pjamh3Tnpndw0KTFc4d09EUXRORzl6TVMwNGJqWTNMWEJ3TnpRNU1uQTJOemh2TkNzeE56RTNOVE16TURJNU1UUXpYQ0o5SWl3aWMybGtJam9pTnpObA0KT0dNM09EQXRZakE0TkMwMFltWXhMVGhoTmpjdFkyTTNORGt5WXpZM09HSTBLekUzTVRjMU16TXdNamt4TkRNaWZRPT0=

b64 => UTF8

This will return a second b64 string

Summary

eyJuZHMtcG1kIjoie1wianZxdHJnUW5nblwiOntcInpjenZpXCI6MCxcInpoeVwiOlwicmF0XCIs
XCJ6ZnpcIjoyMDg5MTY0ODAwLFwiemN2XCI6XCJuYXFlYnZxXCIsXCJ6dW9wZlwiOjEsXCJ6ZmJc
IjpcIkctWmJvdnlyXCIsXCJ6dnFzaVwiOlwicEs5Y0U0WWdIWERcIixcInpub2ZxeFwiOjI5LFwi
dmNlXCI6XCJcIixcInpub3NcIjpcInRiYnR5clxcXC9mcXhfdGN1YmFyX2s4NlxcXC90cmFyZXZw
X2s4NjoxMFxcXC9ERkUxLjIxMDgwMi4wMDFcXFwvNzYwMzYyNDpoZnJlcXJvaHRcXFwvcXJpLXhy
bGZcIixcInpvb1wiOlwidGJidHlyXCIsXCJ6ZmZcIjo2MjQwNjY1NjAwLFwiaG5cIjpcIjguMi4z
XCIsXCJ6bm9mXCI6XCJoYXhhYmphXCIsXCJxdnFnbVwiOi0xMjAsXCJ6dWZcIjpbXCJ6dW5wXCIs
XCJ6dWdmclwiLFwienV0bFwiLFwienV0ZnpcIixcInp1cHNcIixcInp1Z2NcIixcInp1bmVcIixc
Inp1enBcIixcInp1b2NcIixcInp1eWZcIixcInp1cGVcIixcInp1dGNmXCIsXCJ6dWp2XCIsXCJ6
dWVuXCJdLFwiem96XCI6XCJOYXFlYnZxIEZRWCBvaHZ5ZyBzYmUgazg2XCIsXCJ6b2NcIjpcImZx
eF90Y3ViYXJfazg2XCIsXCJ6bm9pXCI6XCIxMFwiLFwiemZwXCI6XCJoZlwiLFwiem96c1wiOlwi
VGJidHlyXCIsXCJ6Y3ppXCI6MTAsXCJmZVwiOlwiXCIsXCJqeGVcIjoyMzY0ODl9LFwiamdcIjpc
IjEuai03NTYxMzguMS4yLkRUdFhkQ1RFOFJoOWlRTHFTY1JNUE4sLC5EUjBqUmREQzMwbVZhSnRl
am5BNkFxWTM3ekhFZEtQT0hTTEZ3aEQ1U2hJREJ1SlVRMjc2VFo3dDdOUXdIMDZYM3ktX0g0TlZn
azJnSGZGeWg3d2U2MFhtVHJIT2dYR2dZN3d2YUZqM3F5QlUybU1oMFBORkNzOXpsdXlHbDFFS3ot
UEJoczVnMlZJT2c1TXkwYzY5VXFzcTBvY1RZa0dyc2ticEk2ZzVCLUppcmxIdGh1cjRoRmcwLVpM
OXF0UGkzV2xaV3JPWXBhQzZ3RFYySXRMMUhXdGNSbk5MOVB4V3hOeVk0Uy1kX3MtNzRWTTloTzRK
SUk0YnR1c3pyQUtZdlpUU2kzQTVwcVZvYjBiS2RLSExXdCwsXCIsXCJmdnFcIjpcIjczcjhwNzgw
LW8wODQtNG9zMS04bjY3LXBwNzQ5MnA2NzhvNCsxNzE3NTMzMDI5MTQzXCJ9Iiwic2lkIjoiNzNl
OGM3ODAtYjA4NC00YmYxLThhNjctY2M3NDkyYzY3OGI0KzE3MTc1MzMwMjkxNDMifQ==

b64 => UTF8

This will return an ROT13 encoded string
(Which is just shifting the characters of the variables 13 characters)

Summary

{“nds-pmd”:“{"jvqtrgQngn":{"zczvi":0,"zhy":"rat","zfz":2089164800,"zcv":"naqebvq","zuopf":1,"zfb":"G-Zbovyr","zvqsi":"pK9cE4YgHXD","znofqx":29,"vce":"","znos":"tbbtyr\/fqx_tcubar_k86\/trarevp_k86:10\/DFE1.210802.001\/7603624:hfreqroht\/qri-xrlf","zoo":"tbbtyr","zff":6240665600,"hn":"8.2.3","znof":"haxabja","qvqgm":-120,"zuf":["zunp","zugfr","zutl","zutfz","zups","zugc","zune","zuzp","zuoc","zuyf","zupe","zutcf","zujv","zuen"],"zoz":"Naqebvq FQX ohvyg sbe k86","zoc":"fqx_tcubar_k86","znoi":"10","zfp":"hf","zozs":"Tbbtyr","zczi":10,"fe":"","jxe":236489},"jg":"1.j-756138.1.2.DTtXdCTE8Rh9iQLqScRMPN,.DR0jRdDC30mVaJtejnA6AqY37zHEdKPOHSLFwhD5ShIDBuJUQ276TZ7t7NQwH06X3y-_H4NVgk2gHfFyh7we60XmTrHOgXGgY7wvaFj3qyBU2mMh0PNFCs9zluyGl1EKz-PBhs5g2VIOg5My0c69Uqsq0ocTYkGrskbpI6g5B-JirlHthur4hFg0-ZL9qtPi3WlZWrOYpaC6wDV2ItL1HWtcRnNL9PxWxNyY4S-d_s-74VM9hO4JII4btuszrAKYvZTSi3A5pqVob0bKdKHLWt,","fvq":"73r8p780-o084-4os1-8n67-pp7492p678o4+1717533029143"}”,“sid”:“73e8c780-b084-4bf1-8a67-cc7492c678b4+1717533029143”}

Then by either writing a script yourself or using a public one via google. Take that ROT13 encrypted text and make it readable.

Summary

{
“nds-pmd”: {
“wiqdgtData”: {
“mmpiv”: 0,
“mul”: “eng”,
“msm”: 2089164800,
“mpi”: “andebiq”,
“mhbc”: 1,
“mos”: “T-Mobile”,
“midsv”: “cX9pR4LxUQK”,
“mafdk”: 29,
“ipr”: “”,
“mao”: “google/sdk_gubner_x86/generate_x86:10/QSR1.210802.001/7603624:ucirbeta/dei-kef”,
“mbb”: “google”,
“msm”: 6240665600,
“ua”: “8.2.3”,
“maf”: “unknown”,
“didtg”: -120,
“muf”: [
“mhac”,
“mtfs”,
“mtlr”,
“mtfmr”,
“mnpf”,
“mtcp”,
“mhra”,
“mfc”,
“mre”,
“mtcp”,
“mjv”,
“men”
],
“mpm”: “Andebiq FDX built for x86”,
“mcb”: “sdk_gubner_x86”,
“mif”: 10,
“mpu”: “us”,
“mpms”: “Google”,
“mpsi”: 10,
“sr”: “”,
“wk”: 236489
},
“wt”: “1.w-756138.1.2.QGgKqPGR8Eu9vDYdFpEZCA,.QE1wEqWP39zINWxrwaN6NaK38wUTqXBCUFXSyqO5FuVQOhQZ9G94Y9e7AD13F06K3l-_U5AIh9tUSeSil6jr73XzB4Y4TTrY7j5inf4dlOnGbYj3Jj7YPHpf3qvTUl2XzQ-COuf7c4VBG5Zl4d79Jdfhd0bpGwdHr01u4s9d1dLVayF5jWy9kpL6tVaJ5ZjC5HOFyXN9vRfWyAl5OFJVVzq4N6ab8pLrM-5I57BL3VWWvBI9oLI4BgrnfmQTHxG3Bof”,
“fvq”: “73r8p780-o084-4os1-8n67-pp7492p678o4+1717533029143”
},
“sid”: “73e8c780-b084-4bf1-8a67-cc7492c678b4+1717533029143”
}

This was an example from Kohls. You will need to figure out what data is required and how to modify it.

P.S not every nudata request will pull / request the same information. Each target has specific requirements and can choose to change what is required on any number of variables.

Hope this helps!

Yeah what he said basically thanks

1 Like