Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Javascript 16. bruteforce, really


asdfgasdfg's Avatar
Member
0 0

So I finally reached javascript 16 and after reading through the javascript and learning about the algoritm I created my own bruteforce in python, but since the algorithm uses 65 characters brutforcing the password will take forever, I only reach about 100k checksums per second with my python script. Is there some clue I've missed on different characters I can filter or something? Or is it possible to create a bruteforce for 1kk+ checksums per second?

Also I've read though the articles and a lot of threads and most information I can find it that the password is 12 characters long, and may look like this '4LetterWord-4Digits-4LetterWord' without the '-'. 12 characters long with 65 possible characters mean about 6,831,675,453,247,426,400,256 total combinations and then 12 characters long are only rumors.


rex_mundi's Avatar
☆ Lucifer ☆
3,110 12
  1. The password is 12 characters long
  1. The password is in the format wordNUMBERword all lowercase chars.
  2. The password 'makes sense'

All those hints referred to when the challenge originally only accepted one answer.

It was changed ages ago to also accept multiple solutions where those rules no longer apply.

However, since you already know the format of the original answer, a simple combined dictionary attack using a common 4 letter wordlist and a list of 4 digit numbers, should take no time at all to complete, in comparison to blindly bruteforcing 12 chars with a full charset.


synstealth's Avatar
PHP WARRIOR
2,490 1

ha,, to me.. in my opinion.. the password DOES not make sense. LOL :P


ArgonQ's Avatar
Member
0 0

I never did crack the original pass..mmmh think i'll have a try using python. begin@19:37–> end @20:07–> got one but i does not look meaningful :(

edit Hmm got some more but still not meaningful, this could take a while.

@asdfgasdfg: keep your code flat. try psyco or pypy for speedup.

edit @20:54 got it, hehehe.


asdfgasdfg's Avatar
Member
0 0

Yea I'm done with this challenge now, I have to say dictionary attack is the way to go. A medium dictionary and search "4-letter-word 4-digits 4-letter-word" combinding a 12 character long string


synstealth's Avatar
PHP WARRIOR
2,490 1

the idea of this 4letter word+4digit+4letter word combination has nothing to do with a specific word to be used as a password that makes sense. it is only there to make you think harder!

this challenge is all about getting the right checksum. the password itself must go through the iteration to the point where the position of the character that is given in a order , by using that position number makes a big difference so that is why I had to go through each line combined from 2 wordlists to compare with the checksum using my php script, I got a long list of passwords, and all of them worked…

that is why I said the password does not make sense lol.


Euforia33's Avatar
philalethes
0 0

That is basically how I solved it but word lists or dictionary attacks aren't really necessary. Just set a charset and it will spit out a working "password" in less than a second, at the time it seemed more like coding a keygen than anything else, but that was just my approach.


FikretPhh's Avatar
Member
1,260 0

To those that might still be having trouble with this, check that your "tab" variable contains the right number of space characters (copy pasting from the site can cut off some of them, and they do matter for the reverse algorithm). If u need help just PM me it really isn't that hard :)


diamont's Avatar
Member
0 0

just made the Javascript 16.

Use Branch and Bound for the bruteforce.

My bound: stop doing sums when number is over the goal.