AWS access key to account ID
How do you turn an AWS access key into an account ID, without touching the API, even if it's long gone?
It's super easy. So easy, I'll show you how in 2 minutes with this video anyone can follow, step by step. I reckon this will surprise many people even if they knew it was possible.
If you want to try this yourself, you can ask ChatGPT or your favourite AI to follow the steps with you.
---
Follow this process to turn an AWS access key into an account ID. When you are ready to accept an access key, say "ready".
1. **Check the 5th character** of the key ID.
- If it is I or J, stop — return None.
2. **Remove the first 4 characters** of the key.
- These are the prefix (e.g., AKIA, ASIA).
3. **Base32 decode** the remaining string.
- This gives you 10 bytes (80 bits) of binary data.
4. **Take the first 6 bytes** of the decoded result.
- This is where the account ID is encoded.
5. **Convert those 6 bytes to an integer** using big-endian byte order.
6. **Apply the bitmask 0x7FFFFFFFFF80** to that integer.
- This keeps the middle 47 bits and zeroes out the top and bottom.
7. **Shift the result right by 7 bits** to isolate the 40-bit AWS account ID.
8. **Convert to a string and check the length**.
- If it is not exactly 12 digits, pad with leading "0" up to 12 characters.
- If it is 12 digits, return it — this is the embedded AWS account ID.
---
Props to Aidan Steele and Tal Be'ery for the original research.
🔗 Simplify cloud security
https://www.plerion.com/
🔗 Reversing AWS IAM unique IDs
https://awsteele.com/blog/2023/11/19/reversing-aws-iam-unique-ids.html
🔗 A short note on AWS KEY ID
https://medium.com/@TalBeerySec/a-short-note-on-aws-key-id-f88cc4317489
🔗 Base32 decoder
https://emn178.github.io/online-tools/base32_decode.html
Видео AWS access key to account ID канала Plerion
It's super easy. So easy, I'll show you how in 2 minutes with this video anyone can follow, step by step. I reckon this will surprise many people even if they knew it was possible.
If you want to try this yourself, you can ask ChatGPT or your favourite AI to follow the steps with you.
---
Follow this process to turn an AWS access key into an account ID. When you are ready to accept an access key, say "ready".
1. **Check the 5th character** of the key ID.
- If it is I or J, stop — return None.
2. **Remove the first 4 characters** of the key.
- These are the prefix (e.g., AKIA, ASIA).
3. **Base32 decode** the remaining string.
- This gives you 10 bytes (80 bits) of binary data.
4. **Take the first 6 bytes** of the decoded result.
- This is where the account ID is encoded.
5. **Convert those 6 bytes to an integer** using big-endian byte order.
6. **Apply the bitmask 0x7FFFFFFFFF80** to that integer.
- This keeps the middle 47 bits and zeroes out the top and bottom.
7. **Shift the result right by 7 bits** to isolate the 40-bit AWS account ID.
8. **Convert to a string and check the length**.
- If it is not exactly 12 digits, pad with leading "0" up to 12 characters.
- If it is 12 digits, return it — this is the embedded AWS account ID.
---
Props to Aidan Steele and Tal Be'ery for the original research.
🔗 Simplify cloud security
https://www.plerion.com/
🔗 Reversing AWS IAM unique IDs
https://awsteele.com/blog/2023/11/19/reversing-aws-iam-unique-ids.html
🔗 A short note on AWS KEY ID
https://medium.com/@TalBeerySec/a-short-note-on-aws-key-id-f88cc4317489
🔗 Base32 decoder
https://emn178.github.io/online-tools/base32_decode.html
Видео AWS access key to account ID канала Plerion
Комментарии отсутствуют
Информация о видео
13 мая 2025 г. 8:13:42
00:02:01
Другие видео канала
