...

View Full Version : JS - Can't decipher code



martyoo
12-07-2010, 04:59 PM
Hi,

Trying to understand what the below means.


{"isAuthenticated":false,"isAuthenticatedLocalCheck":"function(input) { var k = [11, 5, 7, 3]; var c = \"\"; var p = \"\\x78\\x6C\\x6A\\x73\\x67\\x60\\x7F\\x6C\\x79\"; for (var i = 0; i < input.length; i++) c += String.fromCharCode(input.charCodeAt(i) ^ (k[i % k.length]));return c == p;}"}


Can someone point me in the right direction?
Thanks.

Philip M
12-07-2010, 05:03 PM
The code has been obfuscated (encrypted) to keep your prying eyes away from it. Why do you want to decrypt it?

“I don't pretend we have all the answers. But the questions are certainly worth thinking about..” - Arthur C. Clarke quotes (English Writer of science fiction, b.1917

Old Pedant
12-07-2010, 08:17 PM
I probably shouldn't do this, but anybody who uses "protection" as weak as that deserves what they get.

It's looking for a password. And the password it will match with is "simplexor".

Isn't that horrible???

martyoo
12-09-2010, 03:59 PM
Sorry Philip I should have said.

Its a hacking challenge from here.

http://www.depleted.org/~penfold/web-challenge4.php

I am really stuck on this one. I'm not looking for an answer but some help.

I know this part is hex but its seems to be in the wrong order. Thats all I know.


\x78\\x6C\\x6A\\x73\\x67\\x60\\x7F\\x6C\\x79\

Philip M
12-09-2010, 05:25 PM
Well, Old Pedant has given you the answer. :(

^ means bitwise XOR.

Old Pedant
12-09-2010, 09:21 PM
That's a "challenge"???? It took me about 3 minutes. Oh, okay, 5...but only because I had a typo first time through.

Here's all you have to do is transform it from looking for an input to producing an output.

Philip M
12-10-2010, 10:30 AM
Although like any Javascript password script the protecton is weak, and quite easily overcome by an expert, it would defeat any ordinary person, especially if the script was placed in an external .js file (or two or more!) that could not be read with View Source, with perhaps further obfuscation.

dlofnep
12-10-2010, 04:01 PM
Hi guys,

I was wondering if you could remove the answer for the challenge, as it will spoil it for anyone else who is attempting it. I've no problems with providing hints, or clues - but posting complete answers will ruin it for anyone else. :(

Thanks in advance.

Old Pedant
12-10-2010, 07:35 PM
Only if you promise to come up with a *REAL* challenge. <grin/>

Okay, I'll do it.

But do make the next one more difficult, please?

***********

OOPS... I can't edit a post older than a day, apparently! You'll have to ask the moderator to do so.

Or maybe just go change the challenge slightly? Just go change what the actual word is without changing the problem?

I did change the two posts where I explained how to solve it.

Kor
12-11-2010, 03:49 PM
The code itself bears the decipher key. It is enough to apply the key upon the other member of the comparison to find which is the comparison term.

This is why javascript will never be a trusty language for using/storing secret data :)



I was wondering if you could remove the answer for the challenge


Why? It could be, anyway, too late. Same as for WikiLeaks, if they would ever decide to clean their files. :D

It's not a big deal to solve it. You should never relay on JavaScript to secure things. Use a server-side language for that. Or it is a test, or something like that?

Philip M
12-11-2010, 04:01 PM
Or it is a test, or something like that?

Yes, Kor. See Post #4. But as you say, too late now!

Kor
12-11-2010, 04:09 PM
Yes, Kor. See Post #4. But as you say, too late now!
Yea. I guessed so... This is the reason for I have also deleted my solution afterward. Yet it was also published and public for 5 minutes, or so :D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum