Javascript page
Javascript page
entrance page
advanced page

I hope syko will really do what he wrote to me:
I will hopefully add some work to the JavaScript stalking pages when I've 

thought of something ... looks to be a very interesting section. 

 Incidentally I've done a lot of JavaScript to date so if there's anything 

you would like researching I'd be happy to help.
Yes Siko! I would love you researching javascript based site protection with us. The english language parser you wrote in this essay is a quick VERY USEFUL tool for password busting, that many readers (me too) will be happy to use for other related purposes :-)
In the mean time, enjoy this program... I'm sure you'll find good use for it!

Here it is ... (ANSI C I hope ... except needs __int64 support)



/*	



	"Password finder for Fravia's excellent JavaScript Protection."

	- A Syko '98 Production

	



	### Introduction ###



	Well, Fravia, I've cracked your JavaScript gateway ...

	

	Rather than just using your hints (boring!) I decided that I would show 

        how to prove them if I was going to include them in my solution.  So here 

        it is...



	- Syko



	p.s.	this idea is great fun, please set some more challenges like it! ;-)



	### Finding Password Length ###

	

	i) An approach using code



		int i;

		for (i=1; i<255; i++) {

			if (25834242042 % i == 0) {

				printf("%d ", i);

			}

		}

	

		Result: 1 2 3 6 7 9 14 18 21 42 63 126



		Some of these seem too big, so lets think again ...



	ii) A mathematical method



		if string is all made up of 'Z' characters (biggest value) ... 

                e.g. "ZZZ", then:



		code = "((((f[35].class" tppabs="http://Fravia.org/((((f[35].class" * 1) + f[35]) * 2) + f[35]) * 3)



		... and so we can calculate this ...



		chars:	biggest value possible:



		1	278810 * 1 		=	278810

		2	278810 * 4 		=      	1115240

		3	278810 * 15		=      	4182150

		4	278810 * 64		=     	17843840

		5	278810 * 325		=     	90613250

		6	278810 * 1956		=    	545352360

		7	278810 * 13699		=   	3819418190

		8	278810 * 109600	=  	30557576000

		9	278810 * 986409	= 	275020693290



	iii) Conclusion



	      30557576000 < TARGET < 275020693290, therefore we *must* have a 9 

              character string.



	### Reducing possibilities ###



	i) Finding the last character ...



		int i;

		for (i=0; i<62; i++) {

			if (((TARGET/9) - f[i]) % 8 == 0) {

				printf("%c ", base[i]);

			}

		}

	

		Result: C Z h i r w



	ii) A bit of Zen ...

	

		Well, the last character is a letter, and Fravia has asked for a 

                passWORD, so I guess that we are considering a string with just 

                letters in it.



		... So we only need worry about base[10] to base[61].



		and also, in English generally words are all lowercase, except for 1st 

                letter (which we have thrown away), so therefore we only need to use 

                characters from



		base[36] to base[61]



	iii) Gathering information ...



		Fravia himself tells us that the 1st letter is an 'r' base[53].

		So why not incorporate this into the code? ;-)



	iv) Applying more rules of English ...



		We can also check that certain letters don't follow others so that the 

                words make sense more than before ... therefore I added the function 

                IsEnglish to the code.



		I analyzed the output of the program and then added more and more 

                filters to this routine until finally I came across the password.





	### Result ###



	This code generates 10 possibilities, of which only 1 is the correct 

        answer.

	(Could add more filters, but not worth it with this small amount of 

        information.)

	However, only 2 of these ten outputs actually make sense in English.



	It then remains to find (or guess!) the first letter ... judging from the 

        content of the pages we seek, this is very obvious from what we've got - 

        both the choice of answer and letter are simple.



	Not bad, eh? ;-)



/* And here is the code ... */



#include 

#include 

#include 



#define TARGET 25834242042

char pass[10];



char base[62] = 

"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";



int f[62] = {     	23, 

   	535,	1047,	1559,	2071,	2583,	3095,	3607,	4119,	4631,

		12,	21,	26,	38,	53,	72,	101,	139,	294,	375,

		584,	841,	1164,	1678,	2425,	4989,	6478,	10076,	14494,	21785,

		30621,  69677,	87452,	139356,	201113,	278810,	80,	83,	93,	99,

		113,	131,	159,	194,	346,	416,	619,	861,	1165,	1649,

		2256,	4766,	6077,	9554,	13713,	20576,	28894,	65661,	82386,	131248,

		164801,	262524 };



void check(__int64 number, int pos);



int isEnglish(int pos);



void main(void) {

	check(TARGET, 9);

}



void check(__int64 number, int pos) {



	char x;

	__int64 newnumber;



	number /= pos--;

	

	if (pos == 0) {

		for (x=36; x<62; x++) {

			if (number == f[x]) {

				pass[pos] = base[x];

				if (isEnglish(pos) == 1) puts(pass);

			}

		}

	}

	else {



		if (pos == 8) {

			newnumber = number - 9554;

			pass[8] = 'r';

			check(newnumber, 8);

		}

		else {

			for (x=36; x<62; x++) {

				newnumber = number - f[x];



				if (newnumber % pos == 0 && newnumber >= 12) {

					pass[pos] = base[x];

					if (isEnglish(pos) == 1) check(newnumber, pos);

				}

			}

		}

	}

}



int isEnglish(int pos) {



	if (pass[pos] == pass[pos+1]) {

		return 0;

	}



	switch (pass[pos]) {

		case 'F':

		case 'f':

			if (strchr("aefilortu", pass[pos+1]) == NULL) return 0;

			break;



		case 'J':

		case 'j':

			if (strchr("aeiou", pass[pos+1]) == NULL) return 0;

			break;



		case 'K':

		case 'k':

			if (strchr("aehilnoruwy", pass[pos+1]) == NULL) return 0;

			break;



		case 'L':

		case 'l':

			if (strchr("abdefiklnopstuwy", pass[pos+1]) == NULL) return 0;

			break;





		case 'P':

		case 'p':

			if (strchr("aehilnoprsuwy", pass[pos+1]) == NULL) return 0;

			break;



		case 'Q':

		case 'q':

			if (pass[pos+1] != 'u') return 0;

			break;



		case 'V':

		case 'v':

			if (strchr("aefilouy", pass[pos+1]) == NULL) return 0;

			break;



		case 'X':

		case 'x':

			if (strchr("aceio", pass[pos+1]) == NULL) return 0;

			break;

		default:

			break;

	}



	return 1;



}



--

Syko 

Unknown Enterprises, Inc.

You are deep inside Fravia's page of reverse engineering, choose your way out:

Javascript page
Javascript page
entrance page
advanced page

redhomepage redlinks redanonymity red+ORC redstudents' essays redacademy database
redtools redcocktails redantismut CGI-scripts redsearch_forms redmail_Fravia
redIs reverse engineering legal?

red(c) Fravia 1995, 1996, 1997, 1998. All rights reserved