| Author |
js16 |
djdotti
Member
Posts: 235
Location: SPYWARE = TWAT
Joined: 05.01.07
Rank: Apprentice |
|
I have completed all of the js's b4 but this on got me stumped ....
Sums, tab vars, checksum ...
No ... Im really stuck
Dotti.
SPYWARE = TWAT |
    
|
| Author |
RE: js16 |
nights_shadow
Member
Posts: 856
Location: /var/log/messages
Joined: 30.12.04
Rank: God |
|
Kind of like breaking an encryptions.
Each key is turned into a number and if multiple letters are submitted, it does math to all of them to make it unique. You basically have to reverse engineer what the encrypt method is doing and make it the same as the checksum.
What i would do is change the false alert to say alert(sum) and then do guesses from there.
 |
|
|
| Author |
RE: js16 |
djdotti
Member
Posts: 235
Location: SPYWARE = TWAT
Joined: 05.01.07
Rank: Apprentice |
|
ty dude, ill try that
Dotti.
SPYWARE = TWAT |
|
|
| Author |
RE: js16 |
sle1306
Member
Posts: 43
Location: Belgium
Joined: 06.04.07
Rank: God |
|
This one is very hard !
Can i pm someone with what i found ?
|
|
|
| Author |
RE: js16 |
mrkidd0
Member
Posts: 15
Location:
Joined: 11.02.07
Rank: Mad User |
|
u can pm me but i doubt i will get the answer quick...lol
|
|
|
| Author |
RE: js16 |
sakarin
Member
Posts: 330
Location:
Joined: 11.05.06
Rank: HBH Guru |
|
any thoughts on why is this challenge only worth 40 points. and js15 is worth 50?
js15 is as simple as alerting the comparison string. js16 will really make us reverse the algorithm so i think we should get a little more for our trouble.
im contemplating bruteforce for it but i think this chall might have more than one possible answer.
Rebirth, Lemmingmolester,Xmadx and jcqguill have done it.
Hex tut, JS tut, Sig challenge, some challenges i made |
|
|
| Author |
RE: js16 |
xtrmsk8r91
Member
Posts: 157
Location: /root
Joined: 16.10.05
Rank: Uber Elite |
|
I'm with sakarin, I tried bruteforcing it in javascblockedript but my processor went up to 100% and my browser crashed...I think it would take way too long to bruteforce it, especially considering we don't know the character set (the "tab" variable?) or the length. I'm actually really confused on how to go about this challenge, it seems impossible to reverse it because of all the factors involved in calculating the sum, and I do think there could be more than one answer...
|
|
|
| Author |
RE: js16 |
sakarin
Member
Posts: 330
Location:
Joined: 11.05.06
Rank: HBH Guru |
|
if you coded a bruteforcer for it you should know enough to answer your first doubt
Rebirth, Lemmingmolester,Xmadx and jcqguill have done it.
Hex tut, JS tut, Sig challenge, some challenges i made
Edited by sakarin on 22-06-07 00:49 |
|
|
| Author |
RE: js16 |
xtrmsk8r91
Member
Posts: 157
Location: /root
Joined: 16.10.05
Rank: Uber Elite |
|
right, I guessed about some stuff. I don't think bruteforcing is the right way to go though.
|
|
|
| Author |
RE: js16 |
sakarin
Member
Posts: 330
Location:
Joined: 11.05.06
Rank: HBH Guru |
|
by bruteforce i mean create a loop that will stop when it matches the comparison string..
the other way is to reverse the algorithm and i don't think i have the brain power to do that.. =)
Rebirth, Lemmingmolester,Xmadx and jcqguill have done it.
Hex tut, JS tut, Sig challenge, some challenges i made |
|
|
| Author |
RE: js16 |
ranma
Member
Posts: 269
Location: Behind a sphere
Joined: 27.08.05
Rank: HBH Guru |
|
|
There are definitely many possibilities for this one. I've figured out so far that he first letter doesn't matter, since "i" will always be 0 in the "for" for the first letter, and since multiplying by zero and adding 1 gives you always 1, the sum is not changed, so you can use any first letter from the set "tab". |
|
|
| Author |
RE: js16 |
sakarin
Member
Posts: 330
Location:
Joined: 11.05.06
Rank: HBH Guru |
|
at first glance i thought that indexOf had that taken care of but u're right.
and one thing is for sure there's only one php file there are at least as many right passwords as there are ascii characters.
Rebirth, Lemmingmolester,Xmadx and jcqguill have done it.
Hex tut, JS tut, Sig challenge, some challenges i made |
|
|
| Author |
RE: js16 |
xtrmsk8r91
Member
Posts: 157
Location: /root
Joined: 16.10.05
Rank: Uber Elite |
|
yeah that's what makes me think we're not supposed to bruteforce it...that said, I made a bruteforcer in C just for fun, I had to write a new indexOf function and stuff. it got my processor up to 60 degrees C though so I stopped it but if anyone wants the code PM me.
|
|
|
| Author |
RE: js16 |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
hey guys... yeah it's a tricky one!!
the first character thing is owing to a slight bugger up on my part, though when you get it you'll know what the first character is.... and there are multiple solutions, but you'll arrive at the right one long before any of the wrong one.
Good luck
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
|
|
| Author |
RE: js16 |
sle1306
Member
Posts: 43
Location: Belgium
Joined: 06.04.07
Rank: God |
|
OK i reversed it but there are thousands of possibilities !
for example (without quotes) :
[deleted]
all those are valid but not the required password!
Richo : maybe you could give us the last character of the pass ? 
Edited by SySTeM on 04-01-09 17:11 |
|
|
| Author |
RE: js16 |
sakarin
Member
Posts: 330
Location:
Joined: 11.05.06
Rank: HBH Guru |
|
richo have you coded your answer to the challenge. something that doesn't bruteforce and gives the right solution?
i mean when someone creates a challenge it's always good to do some testing before making it public.
if so could you make it avaliable on the final url so we at least know the intended solution?
i still can't get past you comment on having multiple right answers is a feature not a bug..
Rebirth, Lemmingmolester,Xmadx and jcqguill have done it.
Hex tut, JS tut, Sig challenge, some challenges i made |
|
|
| Author |
RE: js16 |
djdotti
Member
Posts: 235
Location: SPYWARE = TWAT
Joined: 05.01.07
Rank: Apprentice |
|
Im still really stuck
SPYWARE = TWAT |
|
|
| Author |
RE: js16 |
sakarin
Member
Posts: 330
Location:
Joined: 11.05.06
Rank: HBH Guru |
|
thank's for sharing..
Rebirth, Lemmingmolester,Xmadx and jcqguill have done it.
Hex tut, JS tut, Sig challenge, some challenges i made |
|
|
| Author |
RE: js16 |
I-O-W-A
[Forever Blind To See]
Posts: 206
Location: Somewhere Only I Know
Joined: 01.08.06
Rank: HBH Guru |
|
this challange has got me completley stumped lol i dont even know where to begin
^thanx x-x for the sig^
thanks CyberSpider For The Sig ^^
You See My Soul Its Kinda Grey, You See My Heart You look Away |
|
|
| Author |
RE: js16 |
sle1306
Member
Posts: 43
Location: Belgium
Joined: 06.04.07
Rank: God |
|
This challenge is IMPOSSIBLE to solve as there are billions of valid solutions ! Bruteforce would take years !
OK you want more "valid" strings ?
[deleted]
And for each you can change the first space with any 85 chars of the tab string and it will still be valid.
So what can we do now ???
[edit] there's 2 spaces between 'p' and '4d' but it shows only one after post... HTML problem 
Edited by SySTeM on 04-01-09 17:11 |
|
|
Main:
