Target: Lev3.htm
4thlev.htm
511.htm
6theaven.htm
Seventhsl.Htm
I hope you were busy doing your studies
on Leveltu.htm. Don't forget : take your time - rushing through the
first lessons could bring you a setback when we reach more difficult tasks.
(And they will come, watch out for lesson 4 !)
Enough said, on with the show.
---------------------------------------
REVERSING Lev3.Htm
--------------------------------------
O.k. let's first have a quick look at
the passwords and satisfy our curiousity. As you see, you won't have done
your homework to break in this 'well-protected' page. So let's have a look,
can this code help us to collect new knowledge. Give it a try ! I
don't want to talk again how this
document.entry.user.value-creature comes
to live. If you have done your studies for Leveltu.HTM, this thing ought
to be an open book for you. If you still feel uncertain with this, collect
some (simple) javascript-stuff from the web and cut it into little pieces.
Some helpful readings :
- jsintro.zip from voodoo : take a look
at chapter2.htm and you will find a really good explanation
of these object-hierarchies.
- NS4Map.Zip : another handy information,
which you should print and sort in your
javersript-reversing-notebook.
Oh, I see you're getting nervous. After all let's start with the code. At first, look how it works :
The user enters his his name and his password.
These two entries are checked (I should better say, it's a weak try
to check if the form was completely filled). Should the user have filled
both fields (with anything), then the program tests, if username and password
are correct. That's it.
What I like by looking at this code :
- all variables are declared (using the'var'-command).
In javascript you actually don't have to declare your variables, you could
use them without these 'vars'. BUT : declaring all your variables is not
only a much better style for programming, it could prevent you from some
'mysterious' bugs too ! More about such a 'bug' you can read in Lesson
4 !
What I don't understand :
The use of the alert-boxes in function
ValidateUsr (). Look :
function ValidateUsr ()
{
var txt=document.entry.user.value
var pass=document.entry.password.value
if (txt=='pass')
{
alert('Please complete
this form');
var xxx=1
}
if (pass=='txt')
{
alert('please complete
this form');
var xxx=1
}
if (xxx==0)
// HERE : xxx is Undefined and never == 0 !
{
alert('Entry was not
sucsessful');
var xxx=0
}
else
{
AreYouWho(txt, pass)
}
}
So to give this little alert-box the change to see the light of day, you have to define it for the first time :
....
var pass=document.entry.password.value
var xxx=0;
// <-- add this code
(To define a variable is to give her some value, to declare a variable is to write its name in the 'log-book')
Now, give it a try and don't put anything in the input-boxes. And here we are : it works, another newborn alert-box.
And now look here :
if (xxx==0)
{
alert('Entry was not
sucessful');
var xxx=0
// HERE
}
You could also say : xxx='Sandman' or whatever you like. This variable won't be used again. Don't say, I'm pedantic, add such useless code and you will pretty soon know why the programs nowadays are getting bigger and bigger. Hi, BillGate$, hope you read this !
BTW : did I tell you already something
about global and local variables ? I see, in Lesson 1 I said : a global
variable is a variable, which is declared outside any function.
So any function can use this variable ...
No need to mention this again, but just
put one thing in your brain : 'which is **declared** outside ..'
The declaration is the point I want to
show you ! As you have learned today, you do NOT have to declare variables
before you use them. Am I talking cryptic ? Don't worry, in Lesson
4 will show you a good example.
On with Lesson 3:
Another thing, that could be improved, is this :
if (txt=='pass')
{
alert('Please complete
this form');
xxx=1
// one declaration is enough !
}
if (pass=='txt')
{
alert('please complete
this form');
xxx=1
// one declaration is enough !
}
Let's say, we will leave the idea of the program and NOT tell the user, which field he has left empty. (Rather useless, if you have only two lines of input, but could be of interest if you have a entry-form with much more fields to fill).
Got any idea ? Let me help. How's that :
function ValidateUsr ()
{
var txt=document.entry.user.value
var pass=document.entry.password.value
var xxx=1;
// HERE
if ((txt=='') || (pass==''))
// and HERE
{
alert('Please complete
this form');
xxx=0;
}
if (xxx==0)
{
alert('Entry was not
sucessful');
}
else
{
AreYouWho(txt, pass)
}
}
Surely not the best and shortest way, but a little bit better, don't you think so. (And you can shorten my code of course, but I will leave this up to you. Hint : get rid of the second 'if'-loop)
Ah, and what's that '||' ? It's the brother
of '&&' ! Both are 'logical operators'. The first is called 'OR',
the later 'AND'. OR is TRUE, if one or two of the operands are TRUE
AND is TRUE, if both of the operands are TRUE. Easy to remember, isn't
it?
Be careful ! Don't get mixed up with the
'bit-operators'. These are for example the '&' and the '|'. You use
them if you want to manipulate some numbers.
So, let's come to an end with this program
and have a look at function AreYouWho(txt, pass). How can you improve this
one ? Here is my solution :
function AreYouWho(txt, pass)
{
var yyy=0;
if ((txt=='pass') && (pass=='txt'))
{
yyy=1;
}
if (yyy!=0)
{
location.href='gotit3.htm'
}
else
{
alert('Incorect Log-In
Pass word or User Name')
location='wrong3.htm'
}
Or another one (even shorter): (It's not bad at all, to start with a 'large' code and optimize it step by step)
function AreYouWho(txt, pass)
{
if ((txt=='pass') && (pass=='txt'))
{
location.href='gotit3.htm'
}
else
{
alert('Incorect Log-In
Pass word or User Name')
location='wrong3.htm'
}
Well, I think, this should be enough with
Lev3.HTM - Why don't we have already a look at 4thLev.HTM ?
---------------------------------------
REVERSING 4thLev.Htm
--------------------------------------
Hmm, is there anything new I can tell you
? I don't think so. But don't go on with the next level until you
understood this code. Try to work with the code, try to improve it, try
everything you want. You will see, that this is the best way to learn that
stuff.
This reminds me : I got an interesting
essay from Jeff about LevelOne.Htm - worth being stationed in the
students-essays-section ! 4thLev.Htm gives you all material for another
little essay. Cmon, boys.
I' m gonna continue with the next :
---------------------------------------
REVERSING 511.Htm
--------------------------------------
What can I tell you about this code ? Let
me have a look. First thing : the 'prompt-box'. Great to keep lamers
out. I don't need to tell you how to catch this piece of code using
your browsers
SHIFT+SAVE-function. O.k., you could use
a sitegrabber like teleport, but IMO this is just another lamers try !
(And if one knows a little bit about the 'mysteries' inside his browsers
cache (*grin*), this teleporting-show is a little bit stupid. You don't
use a machine-gun to shoot a fly ! - I hope, you don't use a machine-gun
at all !). And BTW, the extension of javascript-
only-programs is 'js' ! Happy fishing
!
Second thing : this whole 'if-loop'-mumbo-jumbo should put a smile on your face. NOW you know how to do this much better using some ANDs or ORs like we did before. Another good opportunity to write an essay !
Third thing : instead of this huge amount
of usernames and passwords you could put them all in an array. Saves a
lot of code ! Forgive me, but we will have a deeper look at arrays in Tutorial
Nr 5 (reversing some encryptions - stay patient)
O.k., I will leave it up to you again
to write another essay. Waiting for your contributions :)
The next patient, please :
---------------------------------------
REVERSING 6theaven.Htm
--------------------------------------
A rather good protection IMO ! Some other
good examples of this protection you will find at Sandman's Site (the second
CrackMe) or here : http://qrt.gamepoint.net How to get through this gate
? The only thing I know - taking the javascript- way - is to write a little
program (maybe in javascript) and get all possible solutions. Could be
a good opportunity for a teamwork-task ! Anyone interested ?
Well, the code : nothing new that I could
tell you. So once again, I will leave this up to you. (Should there be
anything you don't understand, so feel free to ask me on Sandman's messageboard.
But please be patient, I am a rare messageboard-visitor)
And there is still time for another one
:
---------------------------------------
REVERSING Seventhsl.Htm
--------------------------------------
*Grin* I would call this a nice
try, anyway !
THE END
PLEASE work on these CrackMes. It is IMPORTANT
! As I said, should you miss some information feel free to ask me on the
messageboard. No homework today, just : learn ! And how's about writing
some CrackMes for The Sandman's site ? Test your new knowledge !!
And you should prepare rather good : in
the next tutorial we will reverse Leight.Htm (and some similiar code).
This will be the start of the REAL interesting path !!
Watch out ! Coming soon !
Hope I see some of you in Lesson Four.