Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New to the CF scene
    Join Date
    Dec 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    JS - Can't decipher code

    Hi,

    Trying to understand what the below means.

    {"isAuthenticated":false,"isAuthenticatedLocalCheck":"function(input) { var k = [11, 5, 7, 3]; var c = \"\"; var p = \"\\x78\\x6C\\x6A\\x73\\x67\\x60\\x7F\\x6C\\x79\"; for (var i = 0; i < input.length; i++) c += String.fromCharCode(input.charCodeAt(i) ^ (k[i % k.length]));return c == p;}"}
    Can someone point me in the right direction?
    Thanks.

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,734
    Thanks
    202
    Thanked 2,508 Times in 2,486 Posts
    The code has been obfuscated (encrypted) to keep your prying eyes away from it. Why do you want to decrypt it?

    “I don't pretend we have all the answers. But the questions are certainly worth thinking about..” - Arthur C. Clarke quotes (English Writer of science fiction, b.1917

  • #3
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    I probably shouldn't do this, but anybody who uses "protection" as weak as that deserves what they get.

    It's looking for a password. And the password it will match with is "simplexor".

    Isn't that horrible???
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #4
    New to the CF scene
    Join Date
    Dec 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sorry Philip I should have said.

    Its a hacking challenge from here.

    http://www.depleted.org/~penfold/web-challenge4.php

    I am really stuck on this one. I'm not looking for an answer but some help.

    I know this part is hex but its seems to be in the wrong order. Thats all I know.

    \x78\\x6C\\x6A\\x73\\x67\\x60\\x7F\\x6C\\x79\

  • #5
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,734
    Thanks
    202
    Thanked 2,508 Times in 2,486 Posts
    Well, Old Pedant has given you the answer.

    ^ means bitwise XOR.

  • #6
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    That's a "challenge"???? It took me about 3 minutes. Oh, okay, 5...but only because I had a typo first time through.

    Here's all you have to do is transform it from looking for an input to producing an output.
    Last edited by Old Pedant; 12-10-2010 at 06:38 PM. Reason: Changed at request of originator of the challenge
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #7
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,734
    Thanks
    202
    Thanked 2,508 Times in 2,486 Posts
    Although like any Javascript password script the protecton is weak, and quite easily overcome by an expert, it would defeat any ordinary person, especially if the script was placed in an external .js file (or two or more!) that could not be read with View Source, with perhaps further obfuscation.
    Last edited by Philip M; 12-11-2010 at 03:23 PM.

  • #8
    New to the CF scene
    Join Date
    Dec 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi guys,

    I was wondering if you could remove the answer for the challenge, as it will spoil it for anyone else who is attempting it. I've no problems with providing hints, or clues - but posting complete answers will ruin it for anyone else.

    Thanks in advance.

  • #9
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Only if you promise to come up with a *REAL* challenge. <grin/>

    Okay, I'll do it.

    But do make the next one more difficult, please?

    ***********

    OOPS... I can't edit a post older than a day, apparently! You'll have to ask the moderator to do so.

    Or maybe just go change the challenge slightly? Just go change what the actual word is without changing the problem?

    I did change the two posts where I explained how to solve it.
    Last edited by Old Pedant; 12-10-2010 at 06:40 PM.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #10
    Kor
    Kor is offline
    Red Devil Mod Kor's Avatar
    Join Date
    Apr 2003
    Location
    Bucharest, ROMANIA
    Posts
    8,478
    Thanks
    58
    Thanked 379 Times in 375 Posts
    The code itself bears the decipher key. It is enough to apply the key upon the other member of the comparison to find which is the comparison term.

    This is why javascript will never be a trusty language for using/storing secret data

    Quote Originally Posted by dlofnep
    I was wondering if you could remove the answer for the challenge
    Why? It could be, anyway, too late. Same as for WikiLeaks, if they would ever decide to clean their files.

    It's not a big deal to solve it. You should never relay on JavaScript to secure things. Use a server-side language for that. Or it is a test, or something like that?
    Last edited by Kor; 12-11-2010 at 02:58 PM. Reason: ok, ok... I have also deleted the solution. Let it be as you want. :)
    KOR
    Offshore programming
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

  • #11
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,734
    Thanks
    202
    Thanked 2,508 Times in 2,486 Posts
    Quote Originally Posted by Kor View Post
    Or it is a test, or something like that?
    Yes, Kor. See Post #4. But as you say, too late now!

  • #12
    Kor
    Kor is offline
    Red Devil Mod Kor's Avatar
    Join Date
    Apr 2003
    Location
    Bucharest, ROMANIA
    Posts
    8,478
    Thanks
    58
    Thanked 379 Times in 375 Posts
    Quote Originally Posted by Philip M View Post
    Yes, Kor. See Post #4. But as you say, too late now!
    Yea. I guessed so... This is the reason for I have also deleted my solution afterward. Yet it was also published and public for 5 minutes, or so
    KOR
    Offshore programming
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •