Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can you brute my Javascript? This may stump average joe

Status
Not open for further replies.
JSProgramIA

JSProgramIA

Programmer
Oct 28, 2005
41
US
Ok I will give you a hint here...

I will be generating a URL to redirect to. And the URL is based on this algo:

Code: 
<script language="javascript" type="text/javascript">


function StrRotate(aString){

	 var _l1 = aString;
	_l1.substr(_l1.length - 1) + _l1.substr(0, _l1.length - 1);
	return(_l1.substr(_l1.length - 1) + _l1.substr(0, _l1.length - 1));
	
} 




var li = "1234567890abcdefghijklmnopqrstuvwxyz";		// ENTER YOUR SERIAL NUMBER HERE

if(li.length<30) {

	message = "INVALID SERIAL NUMBER. NOT ENOUGH CHARACTERS.";
	
} else {

		l = 0;
			for (i = 1; i < li.length; i++){
			
				l = l + li.charCodeAt(i);
				
			} // end of for
			
			if (li.charCodeAt(0) - 70 + l % 10 != 6) {
			
				li = "...";
				message = "INVALID SERIAL NUMBER.";
				
			} else {
			
				//-------------------------------------
				// Passed THAT test, now some more pain
				//--------------------------------------
				li = li.substr(1);
				x = "XN69-IWCH7RVPJQF3Y4G8T05A1LB.2OMDEKZSU";
				y = li;
				li = "";
				
				 for (i = 0; i < y.length; i++)
				{
					x = StrRotate(x);
					l = x.indexOf(y.charAt(i));
					if (l < 26)
					{
						li = li + String.fromCharCode(l + 65);
						continue;
					} // end if
					if (l < 36)
					{
						li = li + String.fromCharCode(l + 48 - 26);
						continue;
					} // end if
					li = li + String.fromCharCode(l + 45 - 36);
				} // end of for
				
				li = li.substr(2, Number("0x" + li.substr(0, 2))).toLowerCase();
        		if (li.substr(li.length - 5) == "-bulk"){
        
					message = "VALID SERIAL!!";
		
        		}
			
			}
	
} // End Length Check

alert(message);


</script>


I am wondering if any Guru's could write brute this. Depending on the time it takes for someone to solve this, I will know how secure this is.

( Then of course I will change it a bit ;) )

Any takers?

Giovanni
 
Sort by date Sort by votes
Unless you are implementing a true one-way transformation, this will always be a weak solution that is open to being broken. Unless you perform a check server-side, this code is nothing but obfuscation.

Are you developing this for a commercial purpose? If so... let me know when you go live so I can come and get access for free [smile]

Cheers,
Jeff

[tt]Jeff's Page [/tt][tt]@[/tt][tt] Code Couch
[/tt]
 
Upvote 0 Downvote
Point noted.

However, "easily" I don't think so. I have been a programmer for 10 years now, and my bruter was a bit challenging. I would be interested to see yours, and know how long it took.

And sorry, this is only for ordering bulk shower handles, available to only dealers with a valid password (serial).

Giovanni

 
Upvote 0 Downvote
*darn* - although the limescale build-up on our shower handle could mean I'd find a use for a single handle (dunno about bulk...) *lol*

Regarding the challenge... I have written a brute forcer in the past - and I admit that unravelling the algo is always part of the fun. I never said it would be easy... only that it would be "open to being broken".

I'll probably have a play this weekend at it.

When you are happy with the algo, look into obfuscating it as well... so it's not really obvious how it works... that way we get 2 challenges in 1 [smile]

Cheers,
Jeff

[tt]Jeff's Page [/tt][tt]@[/tt][tt] Code Couch
[/tt]
 
Upvote 0 Downvote
Thanks, I look forward to seeing a solution from someone else. The 3 other co-developers here are stumped, although they are not as skilled as you appear to be.

Good luck, and I sure will obfuscate when I am satisfied it is at least somewhat challenging.

Regards.
 
Upvote 0 Downvote
Unbelievable!!!!!!!!!!!!!!!!!!!!!!!!!!!!

So quickly????????????????!!!!!!!!!!!!!!!!!!

Ok, need to tell the Big Cheese at work his little "idea" is not going to work.


???????????

I find this absouletly amazing.

 
Upvote 0 Downvote
hmm.. seems StrRotate() does nothing more than move the last character to the first position

could be simplified to

function StrRotate(aString){
return aString.charAt(aString.length - 1) + aString.substring(0, aString.length - 1);
}

-jeff
try { succeed(); } catch(E) { tryAgain(); } finally { rtfm(); }
i like your sleeves...they're real big
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lexer
  • Locked
  • Question
Passing fields from (html-JavaScript) table to JavaScript Function
Replies
0
Views
754
lexer
lexer
Mike Lewis
  • Locked
  • Question
Anyone here got any experience of Grid.JS (a sortable Javascript grid) 1
Replies
5
Views
1K
Mike Lewis
Mike Lewis
JScannell
  • Locked
  • Question
Javascript events
Replies
1
Views
362
Daniel K
Daniel K
Marclem
  • Question
javascript:navigator.registerProtocolHandler
Replies
1
Views
341
Marclem
Marclem
JScannell
  • Locked
  • Question
Google Chrome doesn't load my javascript files
Replies
1
Views
626
JScannell
JScannell

Part and Inventory Search

Sponsor

Back
Top