How do I convert a Bit Torrent info_hash (obtained from Wireshark) to a SHA1 hash

I'm running Snort which detects some P2P activity, specifically the BitTorrent announce request. I see the HTTP GET /announce.php?info_hash=XXX... request and I'm trying to convert this XXX into a proper SHA1 hash to try and get an idea of what is being downloaded.

I've read various things that say this is U开发者_JS百科RL encoded, and others that say just remove the % character - however I am unable to reproduce this.

Can anyone suggest how to do this?

info_hash is an SHA1 hash. It's a binary hash, URL-encoded for inclusion in a URL.

If you want to turn it into a hex-encoded hash, you will need to extract it from the URL, URL-decode, and hex-encode. For example in Python:

>>> '%00%01%02%20%25ABC+XYZabc%7F%80%81%FE%FF'
'%00%01%02%20%25ABC+XYZabc%7F%80%81%FE%FF'
>>> urllib.unquote_plus(_)
'\x00\x01\x02 %ABC XYZabc\x7f\x80\x81\xfe\xff'
>>> _.encode('hex')
'00010220254142432058595a6162637f8081feff'

Okay, know I know. info_hash is an SHA1 hash. And an example of it is: %5d%97%dbA%d7a%2b%92%f5%c2%ef%dcv%bf%e7%e6%03%24%85%0a. If you use $_GET['info_hash'], it will not work, because of the %s. You need to use $_SERVER['QUERY_STRING']. Code example how to get SHA1 hash of info_hash in PHP:

$arye = $_SERVER['QUERY_STRING'];
$arye = explode('info_hash=', $arye)[1];
$arye = explode('&', $arye)[0];
$arye = explode('%', $arye);
$arp = '';
foreach($arye as $ara) {
    if (strlen($ara) == 2) {
        $arp .= $ara;
    }else{
        $e1 = substr($ara, 0, 2);
        $e2 = substr($ara, 2, 1);
        $e2 = unpack('H*', $e2)[1];
        $arp .= $e1;
        $arp .= $e2;
    }
}

echo $arp; // This will be your SHA1 hash

Hash: %5d%97%dbA%d7a%2b%92%f5%c2%ef%dcv%bf%e7%e6%03%24%85%0a -> 5d97db41d7612b92f5c2efdc76bfe7e60324850a

No, you can,

infohash == sha1(torrentfile["info"])

But you could use info_hash as key to search it on DHT network