Hi everyone,
first i want to tell reverser+ that his affirmation in the main entrance
is not quite correct:
"All my pages are optimized for Opera browsers, could not care less
about lusers using Netscape or M$IE".
In the Java problem, the ones that use Opera (me) are the lusers, coz
Opera has some bugs in Java. How can it be possible that the Javascript
generated code with Opera for the password 'javfurther' is 4205221038
(should be 25834242042). However, if i give Opera the explicit array of
f, it calculates the value: 25834242024, but compares that value with
25834242042 (the same) and it returns false! So i had to use Netscape
for this approach.
for a good reason, reverser+ invites us not only to find the passwords
that
matches the number 25834242042, but to choose the passwd that makes
sense. that was the second plan applied by reverser+ in order to put our
brains at work. however, we had to search in 308 passwords, that is
easy,
but what if the password was 'makessense' and the postgenerated passwds
for the number 1313019801 (that is the code for 'makessense') were in
number of four thousands, that would be a real searching, and would
really eliminate the ones that search for 'jav' or 'frav' or whatever.
by the way, reverser+ gived too much hints, some of these 'crackers'
should
not pass the gateway. they used your 'r' last leter hint, or the passwd
must contain 'jav' or 'ava', and other 'deductions' like this.
the password length was easy to find, and with a little thinking, any
real cracker should know to build a program that generates all valid
passwds from a code and see which makes sense.
this c++ program shows a real solution using backtracking
<---------------------- cut here ----------------------->
// reverser.cpp - (c) 1998 by +mISu
//
// cracker for reverser+ advanced java 'easy' entrance
// it gives all the valid passwds for 25834242042
// but it is really sad to search for 'xubwqhdich.htm'
// on reverser.org. this shows no imagination, so you'll
// have to find the correct passwd from these ones...
//
// compile 'wcl386 /k1000 reverser'
#include <iostream.h>
#define XFROM 36
#define TARGET 25834242042
int main(int argc, char* argv[])
{
long f[62]= { 23, 535, 1047, 1559, 2071,
2583, 3095, 3607, 4119, 4631,
12, 21, 26, 38, 53,
72, 101, 139, 294, 375,
584, 841, 1164, 1678, 2425,
4989, 6478, 10076, 14494, 21785,
30621, 69677, 87452, 139356, 201113,
278810, 80, 83, 93, 99,
113, 131, 159, 194, 346,
416, 619, 861, 1165, 1649,
2256, 4766, 6077, 9554, 13713,
20576, 28894, 65661, 82386, 131248,
164801, 262524 };
char base[62]={'0','1','2','3','4','5','6','7','8','9',
'A','B','C','D','E','F','G','H','I','J',
'K','L','M','N','O','P','Q','R','S','T',
'U','V','W','X','Y','Z','a','b','c','d',
'e','f','g','h','i','j','k','l','m','n',
'o','p','q','r','s','t','u','v','w','x',
'y','z'};
__int64 temp,stack[8];
int i,j,x,sc,stackx[9],n;
char pass[11]="?123456789",nl[2]={0x0d,0x0a};
sc=0;
n=0;
x=XFROM;
cout << "reverser advanced java \'easy\' entrance valid passwds" <<
endl;
cout << "(c) 1998 by +mISu" << endl;
cout << "find the good one, it REALLY makes sense!" << endl;
cout << "___________________________________________________" <<
endl << endl;
cerr << "Working..." << endl;
temp=TARGET/9;
ag: while(sc<8)
{
while((x>61)|(temp-f[x])%(8-sc))
{
if(x<62) { x++; continue; }
backt: sc--;
if(sc<0) goto end;
temp=stack[sc];
x=stackx[sc]+1;
if(x>61) goto backt;
}
stack[sc]=temp;
stackx[sc]=x;
temp=(temp-f[x])/(8-sc);
sc++;
x=XFROM;
}
for(i=XFROM;i<62;i++) if(temp==f[i])
{
for(j=0;j<8;j++) pass[9-j]=base[stackx[j]];
n++;
pass[1]=base[i];
if(n<100) cout << "0";
if(n<10) cout << "0";
cout << n << ": " << pass << endl;
break;
}
goto backt;
end:return 0;
}
<---------------------- cut here ----------------------->
+mISu (plusmisu@eudoramail.com)
homepage
links
+ORC
bots wars
reality cracking
counter measures
bots wars
antismut CGI tricks
academy database
tools
javascript tricks
cocktails
search_forms
mail_reverser
Is software reverse engineering illegal?