This is the tutorial to crack and explain the protection scheme in the page:

			'The Snake's JavaScript HackMe No1'

The only tools you need to crack this type of protection is your mind and if you don't have a good memory a little bloc notes.

The scheme of this type of web page is:

<HTML>
<HEAD>
Javascript protection code
</HEAD>
<BODY>
Input request
Call protection code
</BODY>
</HTML>

-----------------
The Input Request
-----------------
In the <BODY> of web page they are four lines inside the code

<FORM NAME="nisui"><INPUT TYPE='hidden'>

Define the FORM name, the name is "nisui".

<INPUT TYPE="text" NAME="usercode" SIZE=10>
<INPUT TYPE="password" NAME="unlock" SIZE=10>

Insert the username and password received from the input in two variable, for the username is "usercode", for the password is "unlock".

<INPUT TYPE="button" NAME="mksh" VALUE="CHECK IT" onClick="bdkklt()">

When you press the button "CHECK IT" defined above, the Javascript function "bdkklt()" is invoked to control the input.

---------------------
Javascript Protection
---------------------

First, define two variable, the first 'tl' contain the alphabetical chars that we can insert in the username to pass the first test, all other chars are illegal chars for the first control.

tl="emnopbcdtuvwfglxyqrsazhijk"
  +"SAXYHBCDFGVWIJKLMNRTUEOPQZ";

This 'tn' is used to codify the username. Every char is codified with a number of two chars in this string, the minimun lenght of the username is inserted in position 25 (the count start at 0) and contain 0.

tn="5264656653545545464748495051575861625641424359604463"
  +"7961626364656680818267686970717273788384857475767786";

At this point start the protection scheme who make various controls on the username and the password, each control is make by a different function.
The first is "bdkklt()", when invoked this function initialize many variables:

	stC=document.nisui.usercode.value;
	yesh=1;
	x=0; 
	ind=eval("25+x"); 

stC 	- is the username who came from input.
yesh 	- ist content say you if the first test on the input is passed, if
	  the value remain 1 the test is passed, if 0 the errore message is
	  displayed.
x,ind 	- ind is calculated and remain constant in the function, its value is
	  25 and is used in the first control. The value x is not used in
	  this function.

The first control is on the username, the result is placed into 'yesh' (0= username error, 1=ok, go ahead in next control), at the end of the function
this value is controlled, if the test inside this function is passed then invoke "kltOk()" for the next test:

 if (yesh==1){
    kltOk();}
 else{
    alert("Sorry, the code is invalid !") 
     } 

Search the 26 char of the 'tn' string, this char represent the numeric value of the minimum lenght of a username string, make the control on our username input:

 if (stC.length>tn[ind]){
	...
	}
 else{
     yesh=0;
 }

Next, make a loop for every char of the username from first to last, the position of the char into the string is in 'i', the char at this position is into 'evar'.

    for (i=0;i<stC.length;i++){
        evar=stC.charAt(i);
		...
    } 
       

The test in the loop is very simple, search in a string which contains all alphabetical  chars ('tl') every char of username, if the return value of the function is -1 then the function has not retrieved the char-->the char is not alphabetical then put in 'yesh' the value 0 and at the test on 'yesh' say 'error bla...bla..bla'.

        if (tl.indexOf(evar)==-1){
           yesh=0;
           i=stC.length;  

When all this test have passed is the time to go in the function "kltOk()".

---------------
funtion kltOk()
---------------

Start putting in stC the username input and in stU the password input, in sX we put a string who contain in order all the hexadecimal base number character, the position of each char is equal to his value (Example: character 'd' is in position 13). The 'sach' variable is set to 0, the codify value of the username string is memorized into this variable:

 stC=document.nisui.usercode.value;
 stU=document.nisui.unlock.value;
 sX="0123456789abcdef";
 sach=0

The next step is a loop who take every char of username and with the two table 'tn' and 'tl' codify into a two char decimal number, every number is added to precs and the final value is the codify number of username.

 for (i=0;i<stC.length;i++){

     y=0; 			// trash value

     evar=stC.charAt(i);	// take the char at pos. i
     x=(tl.indexOf(evar))*2;    // search the char into 'tl' and multiply
	 		        // for 2
     x1=x + 2;			// add 2

     sach=eval(tn.substring(x,x1))+sach; // take the two char at pos
				// specified convert to is value and add to 'sach'
 	  }


At this time the value obtained by the username is converted into a string, this string is the hex value of the value.

	 tmis="";				// In this string is inserted the hex value

// This algoritm is a matematic method to codify a decimal base value into
// the hex rapresentation, study a little this loop, is based on the 
// division by 16 who is hex value.

     while (sach >= 16){
         zv=0;
         mn=0;
         while (zv <= sach){
               zv=eval(zv + 16);
               mn++;
     			}
         zv = zv - 16;  
         sach = eval(sach - zv);

// Note this instruction below, it add the char of major value at the end
// of the 'tmis' string, the result is a reversed string, if you want to
// obtain the value not reversed you may obtain it by substitute it with
//	        tmis=(sX.charAt(sach)) + tmis;

	        tmis=tmis + (sX.charAt(sach)); 


         sach=mn-1; 
 	}      

    tmis=tmis + (sX.charAt(sach));

-----------------------------------------

Now control that the password lenght is equal to the obtained hex value lenght.

  if (stU.length != tmis.length){
    alert("Sory, the Unlock-code is invalid !");}
 else{
	chckUN();
 }

If this test is passed the next test function will be invoked ('chkUN()').

-----------------
function chckUN()
-----------------
We are finally at the end of our work, at this point a fast analisys of this little code make easiest the crack.

First take the value of password:

 stU=document.nisui.unlock.value;

The program take the hex value of the last function and simply reverse it with the simple code and put it into 'final_code':

 final_code=""
 for (i=tmis.length;i>=0;i--){
     alert(tmis.charAt(i));
	 final_code=final_code + (tmis.charAt(i));
 }


Wow, the check for the password, the password is the hex value of the numeric value of the username codify.

 if (final_code == stU){
    alert("Nice job, Reverser ! Can you tell why the unlock-code look like"
         +" this ?");}
 else{
    alert("The unlock-code does not match the code you've entered !!!");
 }          

This is all, i hope this tutorial is as good as possible.

									Casta