'; document.writeln(my_chunk); } } // --> --> nb_descrip.html The Seeker's compilation of Javascript password systems : Phase 2 - short description

D
E
S
C
R
I
P
T
I
O
N


 		javascri.gif

fravia's
"Hyper" Javascript
~
Javascript
hyperprotections
and protections developing lab



~

continued by The Seeker



Fravia's Nofrill
Web design
('98 ~ '99)

Started
June 1999
Welcome to The Seeker's "password-compilation" Javascript page
Phase 2 : short description
This is a 'living' workshop on Javascript site protection.
(moderated by The Seeker)

This is the attempt to continue with the work started with the compilation. (And just another work in progress). So don't expect, that you will find here, at the beginning (June-July 1999) everything ready to download. It will surely take some time to put all things together.
It is not my intention to explain everything. I will need your help.
I am neither your guru nor your trainer, just the moderator of these pages. I know for sure, that there is a whole lot of better javascript-coders out there, so please
contribute
The Seeker

[The Hardcoded Ones] ~ [The Gate-Keepers] ~ [The Logicals] ~ [The Maths] ~ [The Encrypted] ~ [Special : using cookies] ~ [The Commercials]
Javascript protection reversing
Fravia's living workshop on Javascript site protection : The short description
(moderated by The Seeker)
Second issue : (a quick look) behind the looking glass
work in progress ! Unfinished !
Last modified : 12.06.99
I think it is a joly good idea to make the 2nd phase a short description (or at least an attempt to) of all of our collected protections. Since I will be offline most of the time til mid july, this is just another started work in progress. I will try to put as much as possible together before I am offroad. In this overview I left out 'the dull ones' and 'the standalone encryption' (this one could be a future workshop - in the meantime I have sent Fravia+ another compilation concerning standalone encryption-only)

I think it could save a lot of time if we have a summarized overview of all the schemes of our future targets. Having such an overview could lead us to write decoders of more 'common' use, so that a decoder for one scheme could be easily rewritten for another scheme.
My thoughs for the future :
- Phase 3 : a more detailed description of every protection (whereby a lot of Phase 2 will have to be rewritten or ameliorated)
- Phase 4 : the coding

Every suggestions are welcome ! BTW : Is there any interest in establishing a special messageboard for this thing ?
~
Business as usual : Please contribute
The Seeker
The Hardcoded Passwords

the dull ones not much to say
the old CHR$-trickworks as it says
the old *.js-trickhidding the passwords and usernames in a pw.js-file
BTW : could this work : <META HTTP-EQUIV="Pragma" CONTENT="no_cache"> - ??
the old substring-trickworks as it says

The Gate-Keepers

Javascript Password System (JPS) - password (date-depending) gives access to hidden directory
- directory-name is created with XORing the password with a reference-string-value
McCombs Protection - password (date-depending) gives access to file
- file-name is created using the same XORing as JPS

The Logicals

The Screen-Sizeuses screen coordinates

The Maths

The Calculatoruses multiplication and sum
Lef's Password Pro reminds me of what :-)
but looks a bit easier to decode than THE MASTER's one ;-)
Chen's Password Pro II all 'Chens' are modifications of 'Lefs Password Pro'
different version seem to use different 'reference-strings'
Chen's Password Pro IIa~
Dude'S Protection, Realize 2heavy maths
Kipling's Crackme~
WarpVersion 07.10.98 :
password --> XORed --> filename
password --> XORed --> ((((a+a)*a+b)*b+c)*c) --> magic number
if magic number == hardcoded number --> access
Version 13.03.99 :
additional maths to get magic number

The Encrypted

Capo Encrypter v.2.0 password and username are compared with encrypted pw and name
If result is o.k, protected file is loaded
There is an older version, where you can simply read the 'hidden' filename
In a newer version the 'hidden' filename is encrypted too, but a simple alert-box is all you need :-)
interesting : trying to anti-bookmark with adding some date-dependant stuff to the URL (could be worth some investigation)
Cyberarmy's Escape-Encrypter code will get 'escaped' - not very strong :-)
The Index-List uses same approach as Login Script Creator
Login Script Creator 3.1hash-keys
Login Script Creator 4.0hash-key and decode-key
Login Script Creator 5 Beta~
dRnSofts Crackme~
Infohiway's Encoder file-name is encrypted, access to file via 'eval'

Special : using cookies


Wai's cookie protection~
The JavaScript Source's cookie protection~
Warp - Cookie version~

The Commercials

Jammer~
Page Parser~
Jammer~
JMyth~
Javascript Scrambler~
Psyral Phobia~
ScryptKeeper~
Micro$oft's JS-Encrypter~


(c) Fravia & The Seeker 1999. All rights reversed 

Page started by The Seeker
Page created: June 1999
Logo