Thema: Javascript: Secret Area!!

Hi all,

This challenge is impossible. It depends heavily on the precision/scale of doubles. ECMA defines a standard, but imprecision is everywhere. Different browsers will give different results. I tested Opera and Firefox and they give different result, e.g.

When encrypting "abcd"...
... in Opera: kNGUNBWC
... in FireFox: qkVSQxZ
... in Internet Explorer: JJou0VzZ

It's quite an interesting challenge, but I doubt anyone will have much fun deciphering the internal browser handling of doubles.

Hopefully I didn't overlook something.
mego

2

Re: Javascript: Secret Area!!

Yes. This is true! Garfield tells me that this is a code with the Name "Site Protector v2" and it's unbreakable. The only possibility is Bruteforce.
The code comes from an old Friend and i didn't know that the code is called "Site Protector v2".

But it's a good example to see how safe javascript is! cool

3

Re: Javascript: Secret Area!!

Yes, I understood.

I am ok for brute forcing the password, but what I am saying is that depending on the browser you get different encryptions!! That will force me to bruteforce in all different browsers out there and hopefully none of them changed their javascript implementation :s.... Moreover, I truly hope it doesn't also depend on the PC specs (32-bit/64-bit). The challenge is build upon the imprecision of doubles... :s

Could you at least tell us in which browser this can be solved? Hopefully the pass is short, bruteforcing in browsers is usually very slow.. sad

mego

Re: Javascript: Secret Area!!

Here's a working version: http://www.javascriptsource.com/passwor … 23741.html

I'm not going to brute this, cause my firefox stop working after a certain time.  I changed dom.max_chrome_script_run_time and dom.max_script_run_time to 0 and it keeps stop working after a time.

5

Re: Javascript: Secret Area!!

Here is another one:

http://www.jsmadeeasy.com/javascripts/P … sample.htm

Re: Javascript: Secret Area!!

I think that a hint for the used charset a-z,  A-Z, Numbers is usefull.

Longer passwords still keep unbreakable with bruteforce. Maximum size for this script is 16 chars.
Only possible way at this time is trying a dictionary at my opinion.

Zuletzt bearbeitet von Garfield (14.06.2013 14:42:54)

7

Re: Javascript: Secret Area!!

But then you still need to bruteforce in every possible browser.. because the algorithm is browser dependent!
For starters it would be nice to know which browser was used to generate the hash, then we can re-implement the exact behavior in a different language which allows for faster BF. Moreover, it might be possible to do a little bit smarter of a BF if we partially reverse the algorithm..

Today I ran a dictionary attack in FF, after couple of hours nothing turned up. It's pretty slow you know...

Re: Javascript: Secret Area!!

I agree that there are different results with internet-explorer and firefox.

I did a brute with german and english dictionary without positive results with internet-explorer.

It's interesting why there are such differences within the javascript engines.

I know that the code is from 1999/2000. I'll try to encrypt "abcd" later in a virtual machine with Windows 2000 and ie/ff. The result could help us maybe too.

Zuletzt bearbeitet von Garfield (15.06.2013 10:29:11)

Re: Javascript: Secret Area!!

mego schrieb:

When encrypting "abcd"...
... in Opera: kNGUNBWC
... in FireFox: qkVSQxZ
... in Internet Explorer: JJou0VzZ

Google Chrome and Apple Safari have same results as Firefox (all 5 browsers tested with Windows64)

10

Re: Javascript: Secret Area!!

Update: An old Firefox from 2005 gives me same results as Internet-Explorer.

The solution from this challenge is not a word from english/german dictionary generated with IE. (bruteforce tested)

C-Tex, please tell us with which browser and version the password has been generated and something about dictionary or password length and it's charset.

11

Re: Javascript: Secret Area!!

Hi,

the password is generated with IE 9.The charset is UTF-8. Password length ist 10 chars.

The Password consists numbers and letter. The letters are written uppercase.

I hope that now it is possible to solve the challenge! wink

12

Re: Javascript: Secret Area!!

IE9 of all browsers... arghh... VirtualBox.. here we go.. :-)

** UPDATE **
Looks pretty impossible.. reversing the algorithm falls dead when you reach the
"for(count=0;count!=basecode.length;count++)" - loop

I see no way to reverse this (or get an close reverse approximation), meaning we would have to build a table with all possible inputs and their resp. output. I checked with a few values (encrypting) and it seems the length of this loop is usually around 8. Meaning we would have to BF upto 8 characters from the "acharset"... in IE9... :s

To BF a password of 10 characters with charset 0-9A-Z seems pretty painful too. I guess the only option is a dictionary attack with uppercase and leetspeak replacements... in IE9... :s.

Zuletzt bearbeitet von mego (18.06.2013 17:39:19)

13

Re: Javascript: Secret Area!!

mego schrieb:

To BF a password of 10 characters with charset 0-9A-Z seems pretty painful too. I guess the only option is a dictionary attack with uppercase and leetspeak replacements... in IE9... :s.

IE9 and newer have same results.

BF with browser... i got 36 passwords per second. This would take years^^

14

Re: Javascript: Secret Area!!

I *almost* got a remake build in Java.. sadly there are still some rounding bugs in IE that I don't know how to do in Java.. sad. So close!!

Stupid thing is that if it only differs a little the results will be completely different..

15

Re: Javascript: Secret Area!!

Ok guys I have changed the password now. It should be found in an English dictionary. A dictionary attack should give you the solution! wink

16

Re: Javascript: Secret Area!!

No luck for me yet.. the previous "dictionary" (german, uppercase with digits) seemed easier to me.

@C-tecx: can you provide the encrypted string for "abcd" (or any other known plaintext). That way everyone can check their implementation/browser for the correct result.

Another option would actually be to "fix" the "cutoff()" function. This is where all the rounding errors happen.

17

Re: Javascript: Secret Area!!

Hi mego,
here are some encrypted strings.

javascript is encrypted as VNl_w_92
abcd is encrypted as JJou0VzZ
secret is encrypted as MRRn6bha
12345xyz is encrypted as kQxJdWg9

i hope this helps you!

18

Re: Javascript: Secret Area!!

Solved! :-)

@C-tecx: I like the solution word :-) hehe

Re: Javascript: Secret Area!!

Finally I got it!

That was an awesome challenge smile
In this topic are enough hints to solve this challenge.

cheers
°BLIND°

20

Re: Javascript: Secret Area!!

would u fix the round value and so the encrypted char for corrected IE round bug.
so is that  intended ??? or bug??

javascript is encrypted as jloS3z7n
abcd is encrypted as qkVSQxZ
secret is encrypted as k9xr693F


the encrypted values from  many and recent browser are different from old IE encrypted value.
the reason is round function as mentioned below forum.

how about the fix or correction of the encrypted value ??

or how can i module or remake the round function as js in old IE brower???

thanks
regards

Zuletzt bearbeitet von sisyang3 (29.01.2024 07:25:57)