Preserved Topic: Encryptic JavaScript (Page 1 of 1) |
|
---|---|
Maniac From: Cyberajaya, Kuala Lumpur, Malaysia |
posted 07-12-2002 07:09
Anybody dare to decryptic this valid encryptic javascript sniplet ? : |
Mad Scientist From: Belgrade, Serbia |
posted 07-12-2002 09:18
The second line (which does decrypting) looks like this: |
Maniac From: Cyberajaya, Kuala Lumpur, Malaysia |
posted 07-12-2002 10:28
You got it mr.max! |
Lunatic From: USA! USA! USA! |
posted 07-12-2002 15:21
i am tempted to laugh at the poor soul who thought that up, but i think i may be working with him. |
Mad Scientist From: Massachusetts, USA |
posted 07-12-2002 16:21
You know, by replacing the word "eval" in that script with "alert", you can get a popup that contains the first bit of code that is executed =) |
Lunatic From: under your rug, |
posted 07-15-2002 06:12
WoW that's pretty cool maX & Slime |
Mad Scientist From: Belgrade, Serbia |
posted 07-15-2002 06:27
Synthetic, I would suggest you not to waste time with this. As Slime said you can secure/encrypt client-side code... |
Lunatic From: Lebanon |
posted 07-15-2002 08:30
in addition to slime's code revealing techniques, i'ld also say that you'ld add a <form name='test'><textarea name=src></textarea></form> |
Mad Scientist From: Belgrade, Serbia |
posted 07-15-2002 10:38
Under Windows 2K/XP, you can simply press Ctrl+C when alert box appears and its contents will be copied to clipboard. This also works with all other kinds of dialog boxes. So, there's no need for using forms and textarea fields (unless you stil use the old Windows 9x)... |
Maniac From: Cyberajaya, Kuala Lumpur, Malaysia |
posted 07-15-2002 10:39
Instead of sniplets why challenge to find the correct password for this one |
Mad Scientist From: Massachusetts, USA |
posted 07-15-2002 13:18
I must admit, that's pretty tricky. |
Maniac From: home sweet home |
posted 07-16-2002 14:18
*rmr1 that gets the code=374044, but i still don't get why you started charAt with index 1? character 1 doesn't matter? also, the last one will be <undefined>. typo?? (this is why i had to put an extra character at the beginning) |
Maniac From: home sweet home |
posted 07-17-2002 19:19
some ideas:
|
Lunatic From: Lebanon |
posted 07-19-2002 10:37
so basically you brute-force cracked it? cause porting it to vc will faster the bruteforce process (especially that the charset is small). |
Maniac From: home sweet home |
posted 07-19-2002 15:53
well, that's what i was saying. brute force was made way too simple by the algorithm. it can find the correct pass in no time. |
Lunatic From: Lebanon |
posted 07-20-2002 10:10
quote:
|
Maniac From: home sweet home |
posted 07-20-2002 21:17
yeah... i thought about this and i don't think it's bruteforce, i think it's reverse engineering. the 'core checking' as you so elegantly put it is too simple. it can be reversed with a bit of guessing. i don't think that guessing part qualifies for brute force. |
Lunatic From: Lebanon |
posted 07-22-2002 08:16
i called you 'laca' just because of lazyness, most of us call half of our names sometimes... |
Maniac From: home sweet home |
posted 07-22-2002 11:46
well, i guessed that you like this kind of stuff. lol, you're the only guy (girl?) who hangs around here (besides me ). even this sunsuron fellow abandoned his thread |
Lunatic From: Lebanon |
posted 07-22-2002 14:59
lallous is male (derived from elias->lello->lallous). |
Maniac From: home sweet home |
posted 07-22-2002 17:53
i was talking about securing javascript, i.e. the code. |
Lunatic From: Lebanon |
posted 07-23-2002 09:08
when i refered to using md5() i was giving an example in the same context as this thread it self! secure/hide a page that is hidden (you don't know its name). |
Mad Scientist From: Massachusetts, USA |
posted 07-23-2002 11:13
Hmm, well, now that I've seen sunsuron's code, I believe that you *could* hide a password through JS reasonably successfully if you could find a function whos inverse is nearly impossible to find. This is the basic idea behind encryption algorithms. |
Lunatic From: Lebanon |
posted 07-23-2002 14:43
yes, Slime you can hide other pages' name/link/passwords very securely but you can't hide the page's code itself securely. the page can always be decrypted as you showed above. |
Mad Scientist From: Massachusetts, USA |
posted 07-23-2002 14:55
Well, the advantage is that you can use this to hide the name of a file. And if you otherwise prevent anyone from getting a directory listing, finding that file could require the knowing its filename. |