decode a scratch session id (the main part) into json data

sessionid decode.py

# https://gist.github.com/FAReTek1/4834beace3876cd60912094c3c637f3a

import base64
import json
import string
import zlib
from datetime import datetime


def b62_decode(s: str):
    chars = string.digits + string.ascii_uppercase + string.ascii_lowercase

    ret = 0
    for char in s:
        ret = ret * 62 + chars.index(char)

    return ret


def decode_session_id(session_id: str) -> tuple[dict[str, str], datetime]:
    """
    Extract the JSON data from the main part of a session ID string
    Session id is in the format:
    <p1: long base64 string>:<p2: short base64 string>:<p3: medium base64 string>

    p1 contains a base64-zlib compressed JSON string
    p2 is a base 62 encoded timestamp
    p3 might be a `synchronous signature` for the first 2 parts (might be useless for us)

    The dict has these attributes:
    - username
    - _auth_user_id
    - testcookie
    - _auth_user_backend
    - token
    - login-ip
    - _language
    - django_timezone
    - _auth_user_hash
    """
    p1, p2, p3 = session_id.split(':')

    return (
        json.loads(zlib.decompress(base64.urlsafe_b64decode(p1 + "=="))),
        datetime.fromtimestamp(b62_decode(p2))
    )

import string + string.digits + string.ascii_uppercase + string.ascii_lowercase probably takes 62 characters in itself. it might be better to just write the text out, although it was easier to write because of code completion

Did you test it?

yes, i tested it on 2 of my session ids, which obviously i cannot show @TheCommCraft

apparently, the last time i logged into scratch was 2 weeks ago. my browser history corroborates this