"...I don't know if you or some other +HCU cracker has already tried this
'ping'-search approach. I hope you didn't, because then I haven't
written (and you haven't read) this essay in vain ;-). And if you
didn't, then I hope I've enlightened you about the things you can do
with the speed of internet these days, and I hope you'll publish this
essay, so the entire world can use this technique..."

First letter by Gattman:
From: Gattman
Hello Fravia,
First of all I want to thank you for bringing us one of only a few sites
that really brings knowledge and challenges. A site, not for the
millions of brainless surfers, but one that appeals to the gray mass on
the top floor.
Speaking of challenges, I greatly enjoyed cracking your JavaScript
pages. But I want to bring something to everyones attention, since
judging from the solutions on 'the other side' of the pages, I'm the
only one who devised the (actually quite obvious) technique I'm about to
describe.
I cracked the two pages a few months ago. It was almost a fluke, the way
I came up with the first one. I reversed the obfuscation with a
recursive, backtracking algorithm (with the help of my friend and fellow
student Douby. He sent you an essay about ReBirth, which you have
published). I had to use Java, since it was the only available
programming environment available at that time and place. One thing I'd
like to put straight by the way: Java and JavaScript are not the same!
Almost every essay used both terms quite loosely. Java is a complete
programming language, with a compiler which generates bytecode. It was
developed by Sun.
JavaScript was developed by Netscape as a scripting language for use in
WWW-pages. It is an interpreted language.
The syntax, commands and source code are not interchangeable. They are
quite similar, but Java is much like C++ (only easier and safer in some
aspects) whereas JavaScript leans more toward Pascal. After setting that
straight, on with the story...
After getting the password length (another thing nobody seemed to do
like I did: I added up all the values in the obfuscated character array,
and divided it by the length of the array. This gave me the average
value of a character. I tried how many times I could multiply and add
until the value was greater than the target code. I got a value of 9.
This makes a password of 10 characters, since the first one is skipped.)
I generated a list of possible solutions of the desired length. I
browsed the list, and suddenly the following password yanked my
attention: '_avfurther'
Well well! I figured the first letter must be a 'j', since it would make
perfect sense: 'javfurther'.
So I fired up Netscape, entered the following URL:
http://Fravia.org/javfurther.htm
Bingo! I was in.
Time for the second entrance.
This one was really easy. It generated a password, depending on the day
of the month. But... it was reversible!!! So all I had to do, was to
generate a password from the hint-page you gave for every day of the
month, and put those through the encrypter to get 31 pages, one of which
was the right one.
I edited the script so it would open a new browser-window for every
generated page. Now I had 32 windows open. One with the entrance-page,
30 '404 not found' pages, and the right one. All I had to do was close
all windows until I found the right one. It was a bit messy, but I got
in.
Then I figured there had to be a better way to do this than just opening
31 windows. But I never payed any attention to it anymore, until
yesterday.
Because yesterday a friend of mine found a JavaScript protection on a
Quake-clan site (http://qrt.gamepoint.net). He asked if we (me and
Douby, that is) could get in. We decided to give it a shot.
The protection was really lame. Just six numbers multiplied, which
should give 32. Douby wiped the dust of his trusty calculator and
decided there were 216 solutions. This would mean 216 browser windows.
We went for it, to see how far we could get. But you know Windows... At
the 100th window or so, it became terribly instable, and decided to kill
the browser. This called for a more subtle approach. Douby made a
counter, and made the Script pop an alert window at every 20th
browser-window. Then he closed all bad windows and clicked on OK, until
he reached the inner sanctum...
But I wanted to do it another way. So I made a Java program that
generated all possibilies. And then came the good part: it connected to
every page and grabbed the server's response code. Now all I had to do
was:
if (responseCode!=404)
{print the URL, because this is the one!}
And it worked! It came up with exactly one code: 141222. That was the
same as Douby found! The speed at which it did was impressive: over 25
pages a second!
This is a great technique!
This trick is probably faster than a dictionary check on the average PC,
and generates a much better outcome: it also works if the password does
not contain any words at all, like this example. And it keeps you from
endlessly entering passwords.
With a protection as complex as your first JavaScript entrance, you
would be completely helpless if the password didn't make sense. Now I
can try all possible addresses (about a thousand 'tails', with any
possible first character, at 25 pages a second: (1000*62)/25) within an
hour!
This is quite interesting...
I don't know if you or some other HCU cracker has already tried this
'ping'-search approach. I hope you didn't, because then I haven't
written (and you haven't read) this essay in vain ;-). And if you
didn't, then I hope I've enlightened you about the things you can do
with the speed of internet these days, and I hope you'll publish this
essay, so the entire world can use this technique.
(By the way, if you are interested in the source, or just want to try
out the program yourself, then just reply, and I'll mail it to you. I'd
attach it to this mail, but I know how much you hate attachments.)
Keep up the great site!
Gattman signing off (phew, finally...).
I told him I would have published with or without source code
Thanks for publishing! Here are two source codes attached. You can use
the Hacker.java to show my technique without giving away the solution to
the JavaScript gateway.
The other source, (FraviaCrack.java) can be posted on the other side of
the gateway, as yet another solution.
The sources are heavily commented (sorry that some lines are a bit
long...).
I don't know if you have any experience with Java applications, so I'll
explain how to use them:
First, you need the Sun JDK (get it for free at the Sun page).
Then you need to compile it:
javac -O Hacker.java (the -O option means 'Optimize during compilation')
And finally run it:
java Hacker (This is case-sensitive. Most PC users don't get that, so I'll mention it here)
That's all!
Have fun with it!
Later, Gattman