Closed Thread Icon

Preserved Topic: Encryptic JavaScript (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=18321" title="Pages that link to Preserved Topic: Encryptic JavaScript (Page 1 of 1)" rel="nofollow" >Preserved Topic: Encryptic JavaScript <span class="small">(Page 1 of 1)</span>\

 
sunsuron
Maniac

From: Cyberajaya, Kuala Lumpur, Malaysia
Insane since: Jul 2002

posted posted 07-12-2002 07:09

Anybody dare to decryptic this valid encryptic javascript sniplet ? :


<script language="JavaScript1.2">
eNc='enbtldou/vshud)&=rbshqu!m`oft`fd<#K`w`Rbshqu0/3#!rsb<#rbshqu/kr#?=.rb&*&shqu?&(:';
eval(unescape('str%3D%27%27%3B for%20%28 var%20c%3D0%3Bc%3CeNc.length%3Bc++%29str+%3DString.fromCharCode%28eNc.charCodeAt%28c%29%5E1%29%3Beval%28str%29'));
</script>

mr.maX
Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 07-12-2002 09:18

The second line (which does decrypting) looks like this:

str=''; for ( var c=0;c<eNc.length;c++)str+=String.fromCharCode(eNc.charCodeAt(c)^1);eval(str)

And when you run that code on eNc variable (in order to decrypt it), you'll get the following JS code:

document.write('<script language="JavaScript1.2" src="script.js"></sc'+'ript>');

So, basically, the purpose of this waste-of-time script is to include another JavaScript file called "script.js", which resides in the same folder as the calling page...


sunsuron
Maniac

From: Cyberajaya, Kuala Lumpur, Malaysia
Insane since: Jul 2002

posted posted 07-12-2002 10:28

You got it mr.max!
I'll upgrade it next time
Thanks !

hlaford
Lunatic

From: USA! USA! USA!
Insane since: Oct 2001

posted posted 07-12-2002 15:21

i am tempted to laugh at the poor soul who thought that up, but i think i may be working with him.

Slime
Mad Scientist

From: Massachusetts, USA
Insane since: Mar 2000

posted posted 07-12-2002 16:21

You know, by replacing the word "eval" in that script with "alert", you can get a popup that contains the first bit of code that is executed =)

Then you just have to replace eval in *that* with alert also. (you can do this all in one step by assigning the first part to a variable, then running .replace(/eval/,'alert') on that variable, and eval'ing that.

Proving, once again, that there is no such thing as security with client side coding.

Synthetic
Lunatic

From: under your rug,
Insane since: Jul 2001

posted posted 07-15-2002 06:12

WoW that's pretty cool maX & Slime

Could you point me to more info or sites to learn more about how that stuff works? I've searched google but found mostly junk...

Is this page using the same type of browser encryption? or something else?

edit = {edit removed link, I wouldn't want to give them free promotion now would I lol}

[This message has been edited by Synthetic (edited 07-16-2002).]

mr.maX
Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 07-15-2002 06:27

Synthetic, I would suggest you not to waste time with this. As Slime said you can secure/encrypt client-side code...

Anyway, the web site that you linked uses similar technique, and if you want to see the actual code, just replace document.write() statement with alert() and you'll see the code.

BTW One thing that's funny about that web site is that they "encrypted" complete HTML code, including META data (keywords & description), and as a result search engines won't index them at all, because they don't interpret JavaScript code...


lallous
Lunatic

From: Lebanon
Insane since: May 2001

posted posted 07-15-2002 08:30

in addition to slime's code revealing techniques, i'ld also say that you'ld add a <form name='test'><textarea name=src></textarea></form>
and then instead of alert()ing the decrypted code, just do document.test.src.value = [decrypted string goes here]

so like that you can copy/paste the decrypted text for later usage.

mr.maX
Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 07-15-2002 10:38

Under Windows 2K/XP, you can simply press Ctrl+C when alert box appears and its contents will be copied to clipboard. This also works with all other kinds of dialog boxes. So, there's no need for using forms and textarea fields (unless you stil use the old Windows 9x)...

I bet that nobody knew this *trick*, heh...


sunsuron
Maniac

From: Cyberajaya, Kuala Lumpur, Malaysia
Insane since: Jul 2002

posted posted 07-15-2002 10:39

Instead of sniplets why challenge to find the correct password for this one


<SCRIPT LANGUAGE="JavaScript">

var base= new Array("0", "1", "2", "3", "4", "5", "6", "7", "8", "9","A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z","a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z")

var pass=""

var z=23;

var y=28;

var f= new Array();

var K= new Array();

for (x=0; x<10; x++){

f[x]=x<<9

f[x]+=23

}

for (x=10; x<36; x++){

y=y<<1

v= Math.sqrt(y)

v = parseInt(v,16)

v+=5

f[x]=v

y++

}

for (x=36; x<62; x++){

z=z<<1

v= Math.sqrt(z)

v = parseInt(v,16)

v+=74

f[x]=v

z++

}

var iCounter = 3

function inc() {

iCounter--

if (iCounter > 0) {

if (confirm("\nPassword is incorrect."))

Check()

else

alert('Password incorrect.\nHahahahahaha.');

history.go(-1);

}

else

alert('\nYour three tries are up.\nAccess Denied.');

history.go(-1);

}

function Check() {

pass = prompt("Enter your password.","")

if(pass==null &#0124; &#0124; pass==""){ history.go(-1) }

else {

var lpass=(pass.length)+1

for (l=1; l<lpass; l++) {

K[l]=pass.charAt(l)

}

var code=0;

for (y=1; y<lpass; y++) {

for(x=0; x<62; x++){

if (K[y]==base[x]){

code+=f[x]

code*=y

}

}

}

if (code== 374044)

go()

else

inc()

}

}

function go() { location.href=pass+".htm"; }
</SCRIPT>




Slime
Mad Scientist

From: Massachusetts, USA
Insane since: Mar 2000

posted posted 07-15-2002 13:18

I must admit, that's pretty tricky.

>> and << are bitshift operators, right?

I'll have a look at this later on.

lacapaca
Maniac

From: home sweet home
Insane since: Jun 2002

posted posted 07-16-2002 14:18

*rmr1 that gets the code=374044, but i still don't get why you started charAt with index 1? character 1 doesn't matter? also, the last one will be <undefined>. typo?? (this is why i had to put an extra character at the beginning)

i'm wondering, did you just put me to crack someone's page for you or you just want to test your code? i could explain how i did it so you could improve it (i also have a few pointers of my own)

anyway, i liked the idea but it wasn't too hard to figure it out.

[edit: typos and minor corrections ]

[This message has been edited by lacapaca (edited 07-16-2002).]

lacapaca
Maniac

From: home sweet home
Insane since: Jun 2002

posted posted 07-17-2002 19:19

some ideas:

  • just do the multiplication first, then the addition. that will add more complexity and make it harder to find the code.
  • try to use some one-way function to get the code
  • extend the charset



if you do the multiplication last, then the number of characters in the pass can be found easily (the code has to be dividable by it) and that's half the work

hope this was helpful

p.s. i wrote a proggie in ms vc++ 6 for this, if you're interested...

lallous
Lunatic

From: Lebanon
Insane since: May 2001

posted posted 07-19-2002 10:37

so basically you brute-force cracked it? cause porting it to vc will faster the bruteforce process (especially that the charset is small).


lacapaca
Maniac

From: home sweet home
Insane since: Jun 2002

posted posted 07-19-2002 15:53

well, that's what i was saying. brute force was made way too simple by the algorithm. it can find the correct pass in no time.

but what do you think lallous about the way he gets the password, copying it into the K array but starting from 1 and to length+1?? do you think he wanted it that way?

i don't think it was 100% brute force (that would be blind search, imho). i used the information i could form the code.

you think there's another way to 'crack' it?

lallous
Lunatic

From: Lebanon
Insane since: May 2001

posted posted 07-20-2002 10:10
quote:
for (y=1; y<lpass; y++)
{
for(x=0; x<62; x++)
{
if (K[y]==base[x])
{

code+=f[x]
code*=y

}
}

}



that was the core checking, and all the arrays are constants independant of the password entered.

code initially is zero.
i denote by x1, x2, xn the value of f[x] when K[y]==base[x].

the formula at every 'y' change is:

y=1 -> (0+x1)*y1 = x1*y1
y=2 -> (x1*y1 + x2)*y2 = x1*y1*y2 + x2*y2
.
.
.
y=n -> x1*y1*y2*...*yn + x2*y2*y3*...yn + .... + xn*yn

every yj * yi is known -> y1*y2 = constant ...
so we only have to find x1 to xn (where n is the length of the password) such: x1*k1 + x2*k2 + ... + xn*kn = 374044
(where 'k' = constant)

so it is simpler than bruteforcing because one can write a smart/optimized bruteforcer.

i looked at it a bit fast, so excuse me if i was wrong!

what do you think laca?

lacapaca
Maniac

From: home sweet home
Insane since: Jun 2002

posted posted 07-20-2002 21:17

yeah... i thought about this and i don't think it's bruteforce, i think it's reverse engineering. the 'core checking' as you so elegantly put it is too simple. it can be reversed with a bit of guessing. i don't think that guessing part qualifies for brute force.

if the multiplication would come first, then it would be harder, given a good initial f[x] is chosen. that multiplication just has to go!

that's what I think.
btw, how in the hell did you guess my name (actually nickname) is laca????

lallous
Lunatic

From: Lebanon
Insane since: May 2001

posted posted 07-22-2002 08:16

i called you 'laca' just because of lazyness, most of us call half of our names sometimes...

btw, i like this sort of password hacking and stuff...

lacapaca
Maniac

From: home sweet home
Insane since: Jun 2002

posted posted 07-22-2002 11:46

well, i guessed that you like this kind of stuff. lol, you're the only guy (girl?) who hangs around here (besides me ). even this sunsuron fellow abandoned his thread

anyway, i like this stuff too (go figure). but i don't bother to secure javascript. it's useless, imho, as one can see here...

lallous
Lunatic

From: Lebanon
Insane since: May 2001

posted posted 07-22-2002 14:59

lallous is male (derived from elias->lello->lallous).

javascript can be secure!

you can make something really hard to be broken using only the md5() and some techniques!

(md5() was ported to javascript).

if you've got something nice and does not require much time, post it so we can play with !

lacapaca
Maniac

From: home sweet home
Insane since: Jun 2002

posted posted 07-22-2002 17:53

i was talking about securing javascript, i.e. the code.
you can secure data with md5, but not code.

as i said i don't develop javascript security code, but if i come across something interesting i'll let you know

btw. doesn't yahoo use some kind of encryption at login (md5 maybe??)

lallous
Lunatic

From: Lebanon
Insane since: May 2001

posted posted 07-23-2002 09:08

when i refered to using md5() i was giving an example in the same context as this thread it self! secure/hide a page that is hidden (you don't know its name).

so you're interested in protecting the code itself?
yes, javascript can't really do it...
not even a win32 app can do it...it has be said that:
"if it runs, it can be defeated"
pardoy of Arnold's movie:
"If it bleeds, it can be killed" ...

so no matter how much you hide/protect the code, at certain levels your code will be exposed to trained eyes...

yes, yahoo uses md5 in its unsecure login page.

/lallous

Slime
Mad Scientist

From: Massachusetts, USA
Insane since: Mar 2000

posted posted 07-23-2002 11:13

Hmm, well, now that I've seen sunsuron's code, I believe that you *could* hide a password through JS reasonably successfully if you could find a function whos inverse is nearly impossible to find. This is the basic idea behind encryption algorithms.

lallous
Lunatic

From: Lebanon
Insane since: May 2001

posted posted 07-23-2002 14:43

yes, Slime you can hide other pages' name/link/passwords very securely but you can't hide the page's code itself securely. the page can always be decrypted as you showed above.

anyway, what's the url ?

Slime
Mad Scientist

From: Massachusetts, USA
Insane since: Mar 2000

posted posted 07-23-2002 14:55

Well, the advantage is that you can use this to hide the name of a file. And if you otherwise prevent anyone from getting a directory listing, finding that file could require the knowing its filename.

« BackwardsOnwards »

Show Forum Drop Down Menu