Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 15
Members Online: 3

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Page 2 of 2 < 1 2
Author

RE: javascript 16

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 07-10-08 20:58
s33us00n wrote:
Somebody told me that the words have the same length(4 letters) and the number has 4 digits....

The number probably makes sense as well ^^


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-10-08 00:23
Prime Numbers...are easier way.

Brute Force is good option if you were planing to live ten thousand years...
(JS16) Smile


Great! Shock Now i just need 743 posts to solve the challenge...(That's not going to happen Wink)
(Other 16)






Edited by on 09-10-08 00:24
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-10-08 15:18
I finally solved it.Pfft I have to say that it was useful and i learned many things from it, even if it wasn't fair with those false positives.
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-01-09 13:00
The password can be a random jumble of letters.

Also, the first letter doesn't matter, since addition to 'sum' from it is multiplied by i, which is zero for the first letter.

I solved it with a recursive brute-force thingy in C, which ran and gave me an answer in the blink of an eye. I was able to generate 500000 valid passwords (which work) in under half a minute.

If anyone doesn't believe me, just PM me.

-ken
Author

RE: javascript 16

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 24-01-09 13:02
The challenge was changed a week or two ago. The first version only accepted one answer, not all of them. The answer it accepted was in a wordnumberword format. Hence the confusion.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-01-09 13:25
*bashes head on table*

Sorry about that.

While I'm here, I'll just point out that symbols also give false positives. [If someone has already mentioned this, disregard me].

-ken

Edited by on 24-01-09 14:11
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-09-09 21:30
SadSadSad

am not studyin anythin for my semesters coz of this friggin challenge!!!

been doodling algorithms for 4 hrs on the trot now... damn this thing!!!SadSadSad


Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-01-10 15:55
Well so far I've seen multiple posts in this thread that say its "numberWORDnumber" and a few that say its "wordNUMBERword", also that there are two words of the same length, that would make the "numberWORDnumber" format not possible.

I plan on trying a completely different approach than trying to bruteforce the checksum.

I just wanted to point out that the people coming to this thread for help are jsut gonna leave more confused than they were before reading it.

On that note, I think its a great challenge. I wouldnt want the last challenge in the category to be very easy (because then where is the challenge?). I know I used the same method for js challenges like 9-14 and was hoping they get a little harder (as they did).

*EDIT*
I recently started looking at other js 16 thread and saw that system_meltdown has stated:

Password format: wordNUMBERword.

So that should make this sooo much easier.



Edited by on 22-01-10 16:12
Author

RE: javascript 16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 22-01-10 16:42
although the original password was in the stated format, the php script to check the answer was updated to accept any password that will pass with the same checksum, as it was considered too hard due to large number of collisions (im almost certain that's not how you spell that)


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-10 16:47
Hi all!

A coworker just pointed me to this challenge. It was really fun to take. Thanks a lot!

I think it was a really good idea to change the task so that every password matching the checksum is accepted. It makes the challenge both more fun (because, IMHO, math and optimization are more fun than dictionary attacks) and more realistic (because real-world servers should only store hashed passwords anyway, so there is no point in having "one true" password in this challenge).

Some of the problems that people had with "false positives" before the change could have been avoided, though. For example, hts007 pointed out in one thread that he had lots of false positives with 9 characters. In that case, his generator cannot be correct, since there are no solutions with 9 characters, not even false positives.

Some people mentioned earlier that the password must have exactly 12 characters for mathematical reasons. This is not completely true. If you also allow passwords that contain spaces, the password can have either 12 or 18 characters. I know that there was a "no spaces" hint given, but that was before the change. After the change, passwords with spaces can be just as valid.

If you make some reasonable restrictions about the use of spaces to mimic human passphrase choices (namely no spaces at the beginning or at the end of the string, only one space beween every pair of "words"), the total count of correct solutions with 18 characters shrinks to an amyzingly small number: only 43206 combinations of 17 characters (the first character is ignored by the algorithm and can thus be anything) match the checksum. With 12 characters, however, the number is still far greater.

Regarding only passwords without spaces, I have written a mathematically optimized generator (using C) that produces approximately 100,000 _correct_ solutions per second on my desktop PC (faster than my console can scroll). If anyone of you can do better, let me know :-). I randomly picked one of these solutions to complete the challenge. When I tried another one, a got a "wrong password" page (i.e. the JavaScript decided that the solution was correct, but the server didn't). I assume that this is only because I am not allowed to take the same challenge twice, which is a pity. Perhaps someone could at least implement an error message that is less misleading.

BTW: I found it a bit of a pain that I had to complete some more challenges just to be able to post here, because I was only interested in this particular challenge. OTOH, as a professional numericist, I shouldn't be doing these things anyway ;-)

Anyway, it was a nice challenge.
Have fun, and greetings from Germany,

H.
Author

RE: javascript 16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 23-01-10 18:30
I am pretty sure I used password with less then 12 characters, although I'm not certain because it's been a while since I completed this mission and the code for bruteforcing is gone. I do have one simple reason to think this though, I was linear bruteforcing(in perl, and by that time the code was lacking any optimisation what so ever, so it was pretty slow), starting on 8 character long passwords, and I was able to produce valid password within a day. And there is no way in hell it would be possible for my script to compare that many combinations... Otherwise I liked your post.


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-01-10 20:23
Hi clone4,

I am pretty sure I used password with less then 12 characters


It is pretty easy to show that all solutions have no less than 12 characters, and all solutions without spaces have no more than 12 characters (making 12 characters the only choice for passwords without spaces).

To calculate the checksum, every part of the sum is multiplied by the number of characters. This means that the password length must be a divisor of the whole sum (minus one, because it starts with 1 instead of 0). Therefore, the password length must be a divisor of 88692588.

The prime factors of 88692588 are: 2, 2, 3, 3, 2463683. Since we can obviously exclude passwords that are several megabytes large, we have only the factors 2, 2, 3, 3 left. The only numbers that can be built with these factors are 2, 3, 4, 6, 9, 12, 18, 36. Therefore the length of the password must be one of these eight numbers. All others in between (5, 7, 8, 10, 11, 13...) can be completely ignored, because they cannot provide a solution.

Now check the possible numbers around the magic 12, namely 9 and 18. If you take only 9 characters, the highest possible checksum that you can achieve (by choosing the password "@@@@@@@@@") is still smaller than the required sum. Thus, all password with 9 or less characters are too small. If you take 18 characters, the smallest checksum that you can achieve without spaces (by choosing the password "aaaaaaaaaaaaaaaaaa") is already too large. This leaves us with the only valid number between 9 and 18: All solutions without spaces have exactly 12 characters.

in perl, and by that time the code was lacking any optimisation what so ever, so it was pretty slow


I'm sure that you're aware of this, so just as a hint to everyone else: Choosing a faster language (say, C instead of PHP) and "tactical" optimizations (like clever memory management) can perhaps speed up your program by a factor of 10, or even 100. But choosing the right algorithm can easily yield a factor of 1000000. My generator's speed comes not from calculating a bazillion checksums per second, but from avoiding to calculate these.
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-10 23:37
1. "The password actually MAKES SENSE. It's not just random." : system_meltdown
2. "12~18 chars."
3. "wordNUMBERword"
Reading these hints, i coded my cpp in 10 min, then found password in 51 seconds !

Edited by on 27-01-10 23:41
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-01-10 21:01
Hi NeoInDark,


1. "The password actually MAKES SENSE. It's not just random." : system_meltdown
[...]
3. "wordNUMBERword"


These two hints are no longer valid, since the rules for this challenge were changed (around the beginning of 2009, as pointed out earlier in this thread). There are countless valid solutions now, and most of these actually neither make sense nor conform to the named format.


2. "12~18 chars."


This hint stays true, because it follows mathematically from the generation of the checksum (see posts above), which was not changed. The range "12~18", however, is a somewhat misleading way to put it. To be more specific, the length of any solution is either 12 or 18 characters, not something in between. Most solutions have 12 characters. Some have 18 characters (but only if you include spaces). But there can be no solutions with 13, 14, 15, 16 or 17 characters.


Reading these hints, i coded my cpp in 10 min, then found password in 51 seconds !


Under the old version of this challenge, this would be quite an accomplishment. With the new rules, however, 51 seconds for one solution is pretty slow (compare my numbers above).

It can of course be fun to solve this challenge as if the rules didn't change, because the old version was harder and one can learn a lot about dictionary attacks when doing so. The problem is that the results of such a game can no longer be tested, because the old validator is no longer around. Noone can check if a proposed solution is "the one" that was originally intended by the old version of this challenge. Today there are numerous different passwords that conform to the wordNUMBERword format and make sense and are accepted as correct by the challenge. How would one know if he had really found "the" password?

Since this is no longer possible, there is simply no point in regarding hints 1 and 3 at all. They no longer apply.

That said, I really think that the new rules for this challenge are better. They are easier, but I guess that this challenge is still hard for a lot of people. You don't get to learn as much about dictionaries, but if you try to write a generator that is as fast as possible (as I did), you can still learn a lot. For examble about the effectiveness of "cutting trees" when implementing a tree search over an exponentially large space (implementers of chess programs can also tell a tale about that). Or about the golden rule: Don't invent your own hash function or encryption when you want something to be secure. These (especially the last one) are lessons that could not be learnt from the old version of this challenge.
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-01-10 09:11
Hi HawQmaster,

Thnx for ur points about solution,

but i was trying to pass the challenge by one acceptable password.

btw, i agree with u, we can solve it better and nice Wink
Author

RE: javascript 16

zero_ryuki
Member



Posts: 6
Location:
Joined: 02.02.07
Rank:
Guest
Posted on 23-05-10 06:42
i did it with 'try and error the sum' then just find the right answer
Author

RE: javascript 16

goluhaque
Member



Posts: 197
Location: India
Joined: 17.02.10
Rank:
Apprentice
Warn Level: 30
Posted on 25-06-10 17:30
I coded my program, and got a _lot_ of positives/collisions ....and the surprise? None worked.


That applause I receive from y'all on posting this post would have gotten me drunk on power if I hadn't already been high on life.
Author

RE: javascript 16

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 26-06-10 17:14
goluhaque wrote:
I coded my program, and got a _lot_ of positives/collisions ....and the surprise? None worked.


Then your program isn't calculating correctly.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: javascript 16

goluhaque
Member



Posts: 197
Location: India
Joined: 17.02.10
Rank:
Apprentice
Warn Level: 30
Posted on 27-06-10 03:33
spyware wrote:
goluhaque wrote:
I coded my program, and got a _lot_ of positives/collisions ....and the surprise? None worked.


Then your program isn't calculating correctly.

It did. I checked the checksum and edited the script a little bit to make it alert something(like true) if the value of the password==checksum.


That applause I receive from y'all on posting this post would have gotten me drunk on power if I hadn't already been high on life.
Page 2 of 2 < 1 2