bay_js_2.htm: Hyperpro cracking, simple cryptanalysis

	Hyperpro cracking Simple cryptanalysis	Hyper Javascript
03 June 1999	by bajunny
	Courtesy of Fravia's page of reverse engineering	slightly edited by Fravia+
fra_00xx 98xxxx handle 1100 NA PC	Yeah, it was very easy indeed. But it was MEANT to be easy, dear bajunny, because I aim to use this section (starting from HERE) as the real hyper laboratory, and I am sure that many readers that will join us here (either trough the BabaYaga image, or through the reversing, or through noticing that the only inverted letters are A, B, Y and G) will be able to help us to go FURTHER. And further we will go, starting from the essays that are beginning to rain in right now...
	There is a crack, a crack in everything That's how the light gets in
Rating	(x)Beginner ( )Intermediate ( )Advanced ( )Expert

Hyperpro cracking
Simple cryptanalysis
Written by bajunny

Introduction

Cracking and cryptanalysis are alike. Maybe the same.
I like it.

Tools required

Trained eyes. JS-enabled browser.

Target's URL/FTP

Fravia+'s puzzle

Program History

Your_target's_history (if any)

Essay

OK, lets crack super-pooper JavaScript hyperprotection..

In effect, Fravia+ gives us so many hints counting them can trouble password search. Zero'th level observation: usual cherished filename-encrypted technology. But let's see the text:

1) Figure it out... looking at this Bilibin's picture
2) and at the Javascript code :-)

Well, in fact hint (1) is all we need but we are Fravias so let's start instead from (2). It's a very simple Vigenere-like cipher. It would be true Vigenere if the alphabet were ABCDE....XYZ. Cracking such ciphers even with unknown alphabets IS possible (and quite easy - see LANAKI lessons) - but it requires a fair amount of ciphertext (at least 80-150 chars).
Here we know the alphabet and are ready to feed in some possible plaintext. It generates a filename, so ".htm" is an obvious candidate in place of ".fzn" inside the encrypted filename "ihp11pey.fzn".
More observations: Fravia+ ciphers preserves letter case, so uppercase chars are crypted to uppercase ones. More possible plaintext: "Bu ru" -- maybe "Go to". Quite probable. So it's time to check passwords. I was so lazy so I only put some dumping code to decode() routine to see chars dump in the process of decrypting:
(I just reformat the original code a little)

......
                var lowercase = input_char_value >= 26
? true : false;
//XXX
document.write(
  alphabet.charAt(input_char_value) +
'('+input_char_value+ ')__' +
  key.charAt(key_index) +'('+
alphabet.indexOf(key.charAt(key_index))+ ')__'
  );

                input_char_value -=
alphabet.indexOf(key.charAt(key_index));

//XXX
document.write( '(' + input_char_value + ')');

                input_char_value += 26;

                if (lowercase)
                        input_char_value =
input_char_value % 26 + 26;
                else   input_char_value %= 26;
//XXX
document.write(
  alphabet.charAt(input_char_value) + '<' + '/p>' );
......

For more comfort, let's place it horizontally and forget the numbers, I will present some steps on the right, later comment them, password will be in uppercase below plaintext guesses

B u  r u  i h p p e y  f z n  B e k  z u s  z i k r k 
       < ciphertext

G o  t o  ? ? ? ? ? ?  h t m  ? ? ?  ? ? ?  ? ? ? ? ? 
       < [1] 
B A



G o  t o  ? ? ? j a v  h t ?  ? ? ?  y o u  ? ? ? ? ? 
       < [2]
B A  B A        A B A  B A ?         B A B 
                           Y
|                 |                  |

G o  t o  h ? ? j a v  h t m  ? ? e  y o u  t h ? ? e 
       < [3]
B A  B A  Y x y A B A  B A Y  x y A  B A B  A Y x y A




G o  t o  h y p j a v  h t m  S e e  y o u  t h e r e 
       < [4]
B A  B A  Y A G A B A  B A Y  A G A  B A B  A Y A G A

[1] "BA" starts pretty well, we immediately see the match on "Go to" and supporting match "you", very inspiring

[2] we see no match for "m", so passwd here must contain "Y", note also a magic "jav" in filename!

[3] it's time to decide on passwd length; main problem with Vigeneres is cycling; it can be easily spotted in the real world; we still do not know two passwd characters (denoted as "x" and "y")

[4] easily spotted "there" and expecting something like "hyp" in filename cause we already saw "javfurther" and lot of other Fravia+'s filenaming habits

Hey presto - password is "BABAYAGA". Or "Baba Yaga" - a mythical personage of many russian fairy tales.
Nasty old witch. Means something like "babay aga" - "old man" in Turkish.
Crearly you could also have just had a look at Bilibin's picture and then you will have to admit the "plentity" of hints left by Fravia+.

Russian is my native language so I spotted the answer somewhere between stages [2] and [3]. See: my browser doesn't show pictures by default...

Final Notes

Remark: actually I cannot take JavaScript tricks to the heart.
JS is lousy. It is quick&dirty fix appeared in browser war between M$ and NS.
Of course one can employ very complex crypto even with JavaScript. And I'm sure we will learn some nice advanced tricks here, together. But teh same level of protection (or better) can be achieved in much more reliable - and comfortable way on the server side. Also beware JavaScript's number representation if you dare to use it for protection, he-he.

Ob Duh

"Ob Duh" section is great, but now it's 3 am and I don't want to type anymore still my eyes can't stand default text so I feverishly delete it!

You are deep inside Fravia's page of reverse engineering, choose your way out:

Hyper javascript

links

Is reverse engineering legal?