 |
 |
entrance page
|
advanced page |
I hope syko will really do what he wrote to me:
I will hopefully add some work to the JavaScript stalking pages when I've
thought of something ... looks to be a very interesting section.
Incidentally I've done a lot of JavaScript to date so if there's anything
you would like researching I'd be happy to help.
Yes Siko! I would love you researching javascript based site protection with us. The
english language parser you wrote in this essay is a quick VERY USEFUL tool for
password busting, that many readers (me too) will be happy to use for other
related purposes :-)
In the mean time, enjoy this program... I'm sure
you'll find good use for it!
Here it is ... (ANSI C I hope ... except needs __int64 support)
/*
"Password finder for Fravia's excellent JavaScript Protection."
- A Syko '98 Production
### Introduction ###
Well, Fravia, I've cracked your JavaScript gateway ...
Rather than just using your hints (boring!) I decided that I would show
how to prove them if I was going to include them in my solution. So here
it is...
- Syko
p.s. this idea is great fun, please set some more challenges like it! ;-)
### Finding Password Length ###
i) An approach using code
int i;
for (i=1; i<255; i++) {
if (25834242042 % i == 0) {
printf("%d ", i);
}
}
Result: 1 2 3 6 7 9 14 18 21 42 63 126
Some of these seem too big, so lets think again ...
ii) A mathematical method
if string is all made up of 'Z' characters (biggest value) ...
e.g. "ZZZ", then:
code = "((((f[35].class" tppabs="http://Fravia.org/((((f[35].class" * 1) + f[35]) * 2) + f[35]) * 3)
... and so we can calculate this ...
chars: biggest value possible:
1 278810 * 1 = 278810
2 278810 * 4 = 1115240
3 278810 * 15 = 4182150
4 278810 * 64 = 17843840
5 278810 * 325 = 90613250
6 278810 * 1956 = 545352360
7 278810 * 13699 = 3819418190
8 278810 * 109600 = 30557576000
9 278810 * 986409 = 275020693290
iii) Conclusion
30557576000 < TARGET < 275020693290, therefore we *must* have a 9
character string.
### Reducing possibilities ###
i) Finding the last character ...
int i;
for (i=0; i<62; i++) {
if (((TARGET/9) - f[i]) % 8 == 0) {
printf("%c ", base[i]);
}
}
Result: C Z h i r w
ii) A bit of Zen ...
Well, the last character is a letter, and Fravia has asked for a
passWORD, so I guess that we are considering a string with just
letters in it.
... So we only need worry about base[10] to base[61].
and also, in English generally words are all lowercase, except for 1st
letter (which we have thrown away), so therefore we only need to use
characters from
base[36] to base[61]
iii) Gathering information ...
Fravia himself tells us that the 1st letter is an 'r' base[53].
So why not incorporate this into the code? ;-)
iv) Applying more rules of English ...
We can also check that certain letters don't follow others so that the
words make sense more than before ... therefore I added the function
IsEnglish to the code.
I analyzed the output of the program and then added more and more
filters to this routine until finally I came across the password.
### Result ###
This code generates 10 possibilities, of which only 1 is the correct
answer.
(Could add more filters, but not worth it with this small amount of
information.)
However, only 2 of these ten outputs actually make sense in English.
It then remains to find (or guess!) the first letter ... judging from the
content of the pages we seek, this is very obvious from what we've got -
both the choice of answer and letter are simple.
Not bad, eh? ;-)
/* And here is the code ... */
#include
#include
#include
#define TARGET 25834242042
char pass[10];
char base[62] =
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
int f[62] = { 23,
535, 1047, 1559, 2071, 2583, 3095, 3607, 4119, 4631,
12, 21, 26, 38, 53, 72, 101, 139, 294, 375,
584, 841, 1164, 1678, 2425, 4989, 6478, 10076, 14494, 21785,
30621, 69677, 87452, 139356, 201113, 278810, 80, 83, 93, 99,
113, 131, 159, 194, 346, 416, 619, 861, 1165, 1649,
2256, 4766, 6077, 9554, 13713, 20576, 28894, 65661, 82386, 131248,
164801, 262524 };
void check(__int64 number, int pos);
int isEnglish(int pos);
void main(void) {
check(TARGET, 9);
}
void check(__int64 number, int pos) {
char x;
__int64 newnumber;
number /= pos--;
if (pos == 0) {
for (x=36; x<62; x++) {
if (number == f[x]) {
pass[pos] = base[x];
if (isEnglish(pos) == 1) puts(pass);
}
}
}
else {
if (pos == 8) {
newnumber = number - 9554;
pass[8] = 'r';
check(newnumber, 8);
}
else {
for (x=36; x<62; x++) {
newnumber = number - f[x];
if (newnumber % pos == 0 && newnumber >= 12) {
pass[pos] = base[x];
if (isEnglish(pos) == 1) check(newnumber, pos);
}
}
}
}
}
int isEnglish(int pos) {
if (pass[pos] == pass[pos+1]) {
return 0;
}
switch (pass[pos]) {
case 'F':
case 'f':
if (strchr("aefilortu", pass[pos+1]) == NULL) return 0;
break;
case 'J':
case 'j':
if (strchr("aeiou", pass[pos+1]) == NULL) return 0;
break;
case 'K':
case 'k':
if (strchr("aehilnoruwy", pass[pos+1]) == NULL) return 0;
break;
case 'L':
case 'l':
if (strchr("abdefiklnopstuwy", pass[pos+1]) == NULL) return 0;
break;
case 'P':
case 'p':
if (strchr("aehilnoprsuwy", pass[pos+1]) == NULL) return 0;
break;
case 'Q':
case 'q':
if (pass[pos+1] != 'u') return 0;
break;
case 'V':
case 'v':
if (strchr("aefilouy", pass[pos+1]) == NULL) return 0;
break;
case 'X':
case 'x':
if (strchr("aceio", pass[pos+1]) == NULL) return 0;
break;
default:
break;
}
return 1;
}
--
Syko
Unknown Enterprises, Inc.
You are deep inside Fravia's page of reverse engineering,
choose your way out:
 |
 |
entrance page
|
advanced page |
homepage
links
anonymity
+ORC
students' essays
academy database
tools
cocktails
antismut CGI-scripts
search_forms
mail_Fravia
Is reverse engineering legal?
(c)
Fravia 1995, 1996, 1997, 1998. All rights reserved