JS16 completion time
sakarin wrote: yes and then read them all in hopes of finding one that looks like it..
it's still dumb and you made it obvious that you don't intend on correcting it. feature not a bug thing.
I gave serious thought to correcting it….
But then I thought "If i was using this on a real site (suspend disbelief here people!), would i change this?"
Would you?
yes i was refering to that comment. and i answered that when you first said it. i said yes you could consider it a feature on a realistic mission. which brings me back to my first post on this topic.
and all the other ones. this javascript challenge doesn't test any javascript knowlege apart from being able to read it..
yes it's clever (but not a new concept) yes it's not impossible and should be kept, no it should't be on the javascript section.
Here are simple calcul that can give an idea of how long the password is :
x : number of caracter. 100 represent an average ascii number. x/2 represent the average value that should take i.
(x100x/2)(x100x) + (x100x)(x100x) + … (x100x/2)(x100x)*x= 88692589 (5 000x^4)*x = 88692589 5 000x^5 = 88692589 x = 7.076
So this mean the password should have around 6 to 8 caracter.
BTW : Javascript is poorly coded … "substring(i,i+1)" shoud be "charAt(i)" … "sum = sum+(indexni)(indexii);" should be "sum += (indexni)(indexii);"
Arto_8000 wrote: Here are simple calcul that can give an idea of how long the password is :
x : number of caracter. 100 represent an average ascii number. x/2 represent the average value that should take i.
(x100x/2)(x100x) + (x100x)(x100x) + … (x100x/2)(x100x)*x= 88692589 (5 000x^4)*x = 88692589 5 000x^5 = 88692589 x = 7.076
So this mean the password should have around 6 to 8 caracter.
BTW : Javascript is poorly coded … "substring(i,i+1)" shoud be "charAt(i)" … "sum = sum+(indexni)(indexii);" should be "sum += (indexni)(indexii);"
Ok someone correct me if I am wrong here, but according to my calculations, the password is at least 10 characters long.
function Check(checksum)
{
var tab = " azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789_$&#@";
var entry = document.forms[1].elements[0].value;
var n = entry.length;
var sum = 1;
for(var i=0;i<n;i++)
{
var index = tab.indexOf(entry.substring(i,i+1));
sum = sum+(index*n*i)*(index*i*i);
}
if(sum==checksum)
{
window.location = entry+".php";
}
else
{
alert("Wrong Pass!! Try Again.");
}
return false;
}
Since the checksum is calculated using the sum of muliplication, if we put in all @ as our password, the max sum for 9 characters (using all @) gives us a sum of 84272401, which is less then checksum of 88692589. I hope I am wrong becuase at this point the only solution seems to be a bruteforce, which at 10 chars can take ages to run.
Ok, i ran my bruteforcer for 24 hours, tested over a 5 qradrillion password which gave me over 80 million valid passwords. I was importing those passwords into a SQL DATABASE which I was running a dicitionary attack against to remove those passwords which didn't contain atleast one valid word. All was a waste of time, non-sense and garbage.
Them a little hint was given about the format of the password. I reprogrammed my bruteforcer to take in various combinations of that format and well, I generated a very similar passowrd in 13 seconds and the actual password in 1:52 seconds in a debug build.
still don't have the points yet, cuz the page is broke. There is a mechanism to stop from bruteforcing the site for the answer. Not that I did that, but its still giving me an error… unless that's part of the challenge.
itaymm PM'd me mentioning that his code [REMOVED]
Since my own code was slower, I ended up modifying his code to run continuously and write matches to a file – yet I still haven't found the "right" or intended password, only a ton of collisions that work. Without looking at the forum tips, it's pretty tough.
Incidentally, I originally completed the challenge by trial and error. =)