|
THE SNAKES HACKME
#1 - TUTORIAL
|
written by the snake
Thanks to Randy and Casta, for sending me their solutions to this
Hackme !!!
This
hackme is creating an Unlock-code that is based on the Code that the
reverser
typed in. If you have some knoledge in JavaScript or/and in programming,
it
should be kind of easy, if not, that's the reason i wrote this tutorial.
Here
is the main goal for this hackme, then we will go part by part :
- check
if any Code was entered.
- check if the Code
uses the "right" characters.
- generates some numeric
value from the Code characters.
- convert this numeric
value to HEX. - this is the reason to ask you to
understand why
the
Unlock-Code will look
as it is".
First, i need to apologize to those
who are using Internet explorer. After publishing
this hackme on Sandman's webpage,
i realize that some instructions i used, can't
execute by the IE, and you get
the "Sorry, the code is invalid !" regardless what
ever you type in. In my next "hackme's"
i will check this first...
Let have first a look at some instructions
that i used in this JavaScript :
evar=stC.charAt(i) - "evar"
will hold the character that in stC in position (i). notice that when
we say "position/index" the count starts from 0, not from 1 !!!
example : stC = "snake"
"i" = 4
"evar" = "e" (the 4th char in stC is "e")
if (tl.indexOf(evar)==-1) - checks
if char that in "evar" is in "tl". if not, the returned value
is -1, when found, returned value is position in tl that it is in.
example : tl = "abcdefg"
"c" found in position 2 in tl...
returned value for this check is 2.
x=(tl.indexOf(evar))*2 -
"x" will hold the value of the position that the char in "evar"
is in
tl * 2.
example : tl = "abcdefg" "evar" = "e"
char of "evar" (e)
is in pos 4 in tl so x = 8 (4*2)
OK, let examine the functions one
by one :
Here is the common variables for our script :
tl is our "table letters" - only this letters can be used as
a valid Code !!!
tl="emnopbcdtuvwfglxyqrsazhijkSAXYHBCDFGVWIJKLMNRTUEOPQZ"
tn is our "table numbers"
tn="5264656653545545464748495051575861625641424359604463796162636465668081
7961626364656680818267686970717273788384857475767786"
function bdkklt()
this function will check if Code enterd is valid.
{
stC=document.nisui.usercode.value;
stC = the code entered
yesh=1;
yesh =1/0 1- Code valid 0- Code invalid
x=0;
ind=eval("25+x");
ind = 25 (uses as index in tn - tn(25) = 0)
if (stC.length>tn[ind]){
if length of our Code > 0 (any char entered ?)
for (i=0;i<stC.length;i++){
this loop will check each char of Code to see if
it
evar=stC.charAt(i);
is in tl. if char were not found, the returend value
if (tl.indexOf(evar)==-1){
<-- of
this "if" will be -1, and "yesh" will be set to "0"
yesh=0;
and "i" will be set to length of stC, this will finish
i=stC.length;
the loop before ending it normaly. else, when all
}
chars of stC were found in "tn" "yesh" will have
}
the value of "1" that means, Code is valid.
}
else{
yesh=0;
yesh = 0 means no Code was entered
}
if (yesh==1){
if all letters used for Code are in "tl", we can
go
kltOk();}
to next function, else, show "Sorry...".
else{
alert("Sorry, the code is invalid !")
}
}
function kltOk()
{
stC=document.nisui.usercode.value; stC
= the code entered
stU=document.nisui.unlock.value;
stU = the Unlock-code entered
sX="0123456789abcdef";
sX = represent HEX digits !!!
sach=0
for (i=0;i<stC.length;i++){
loop works from 0 thru length of stC
y=0;
this var is just for confuse :)
evar=stC.charAt(i);
"evar" will hold the character that in stC in position
(i).
x=(tl.indexOf(evar))*2;
"x" = value of the position of "evar" in "tl"
*2
x1=x + 2;
"x1" = x+2 (will use for "stop" index in next substring)
sach=eval(tn.substring(x,x1))+sach;
"sach" will sum all the numeric values of the letters
}
We will look now how this loop works for "abcde"
as Code :
loop #1
i = 0
evar = a
x = 40
x1 = 42
sach = 42
the value for a
in "tn" from pos 40,21 is 42
if i=stC.length
next loop |
loop #2
i = 1
evar = b
x = 10
x1 = 12
sach = 42 + 54
the value for b
in "tn" from pos 10,11 is 54
if i=stC.length
next loop |
loop #3
i = 2
evar = c
x = 12
x1 = 14
sach = 96 + 55
the value for c
in "tn" from pos 12,13 is 55
if i=stC.length
next loop |
loop #4
i = 3
evar = d
x = 14
x1 = 16
sach = 151 + 45
the value for d
in "tn" from pos 14,15 is 45
if i=stC.length
next loop |
loop #5
i = 4
evar = e
x = 0
x1 = 2
sach = 196 + 52
SACH = 248
the value for e
in "tn" from pos
0,1 is 52
i=stC.length
no more loops !!! |
When we done with this loop "sach" = 248.
Now will come the main idea of my hackme, to convert this number
"248" to an HEX value.
The way to convert a decimal number to hex is this way :
248 / 16 = 15 (8)
8 = 8
8
15 / 16 = 0
(15) 15 = f
8f
0 / 16 = 0
no more divided is posible...
The logic is that the remainder is for the hex digits, and the
result is for the next divide.
we have hex code, but for now, it is in reverse order !!!
Since i don't know how to deal with the result and the remainder
in JavaScript, (if someone
know how, i'll be happy if he can tell me and the others !!)
i've create this loop for doing this
work (in Pascal it done with DIV and MOD) :
tmis="";
while (sach >= 16){
perform this loop while sach equal or greater then
16
zv=0;
mn=0;
while (zv <= sach){
zv=eval(zv + 16);
zv will sum 16 + 16 + 16 ... until zv > sach
mn++;
mn will increace by 1 to get the "result" but it
will
}
be 1 more then we need
cause "until zv > sach"...
zv = zv - 16;
here we subtruct 16 cause the 1 extra time..
sach = eval(sach -
zv); put
the "remainder" in "sach" (sach = 248 - 240)
tmis=tmis + (sX.charAt(sach));
tmis = 8 (sX(8))
sach=mn-1;
sach = 15 (subtruct 16 cause the 1 extra time..
)
}
at the example above, this loop works 1 time but
other
number will make this loop work more time...
tmis=tmis + (sX.charAt(sach)); after
loops ended, here we add the last hex digit. (f)
if (stU.length != tmis.length){
ok, we have the real hex code in wrong order, but
we
alert("Sory, the Unlock-code is invalid !");}
can now check if it is the right length...
else{
chckUN();
if length of the hex code is same lenght of the Unlock
}
code, we can go on to last check....
}
The reason i've create it the wrong order is just to make it
harder to reverse, to create it in the
right order, we can use this instruction : tmis=(sX.charAt(sach))+tmis
; instead of this
instruction : tmis=tmis + (sX.charAt(sach));...
function chckUN()
this function will set the right order of hex code
and check it.
{
stU=document.nisui.unlock.value;
final_code=""
for (i=tmis.length;i>=0;i--){
loop from i=length of hex-code until i<0
final_code=final_code + (tmis.charAt(i));
final_code = f8
}
if (final_code == stU){
is the Unlock-code entered = the hex code this JS
generated ?
alert("Nice job, Reverser ! Can you tell why the
unlock-code look like"
+" this ?");}
else{
alert("The unlock-code does not match the code you've
entered !!!");
}
}
Thanks to all for creating hackme's, tuts etc. This is how we can all tearn
more and
understand this JS. Keep doing this, so we can get better
and better !!!
Page created by the
snake
Date craeted 28th February 1999
|