Hyperpro cracking, by Iker, June 1999

Dear Fravia+,

First all of I would like to thank you for continuing to publish your webpage against all sorts of attacks and attitudes that you have found along the way. I truly felt sad (I must admit it) when you published you atummal thoughts... not for the fact that you were changing your methods, but because you seemed hurt. Kind of stupid, I guess, but since it was your webpage that started me into cracking, and most of my studies on the matter have had your and +ORC's writings as the main source... I pretty much considered you a hero of a sort. A revolutionary leader, trying to put together a group that had the same ideals, though followed different methods. Well, my own "country's" (I wish I could call it that) history influenced my image of yours I guess.

However, I have never been able to send any feedback, since I did not consider my thoughts/ ideas worthy of being spread, since they had already been told by others, and, on the other hand, due to the fact that my "technical" abilities on the matter were not good enough.
This might be my chance though to give something back ...and I am afraid that it might be the only one in a long time, though I am starting to immerse myself in studies now that the school year is over -- kind of ironic that I have to stop "studying" (or, as many people see it, repeating what people want me to) to really study. I went into the "what's new" section and I saw that a new section of java had been opened. I quickly went there and, I am proud to say "cracked" the encryption in a short time (I guess it was around one hour and a half... ok, not that short, but I really had fun with it).

I have seen that you have just opened the section and that there still are no essays how to decrypt it, so I thought I would write something. However, I am not sure whether you want essays on how to decrypt it or how to amelliorate it... so this is why I am asking before sending a useless essay... anyhow, enough of this: here is how I went over it and a first amelioration (although not implemented... but would take no time). I do know that I have to send an essay in htm format that opera will be able to view correctly, and will do that if you tell me I should send it ;)

DECRYPTION:

Tools used:
Browser (duh!;)
Brain (must have functions: how to see source code, knowledge of javascript, basic math --ok, a cheap calculator would do here... but you did learn some math, didn't you -- and, most important some intution)

Target:

Hyper java entrance at Fravia's (vao_hype.htm ... in many many mirrors of Fravia's ;) vao_hype.htm Let's go at it. Enter the site, and press enter at the prompt... hmmm, the screen suddenly filled with even more stuff after the encrypted text... clever trick ;)
Now, go see the picture if you haven't, it's worth it. OK, let's see, you get two two letter words, eight carachters followed by a dot and three more characters in red, and in another frame by it two three letter words and a five letter word with an exclamation sign at the end. Take a lot at the source code now.

First weird thing: In my netscape browser, I was not able of seeing the source code. Maybe this was done on porpouse by Fravia+, maybe not. If it was, however, there is a grave mistake: it can be seen perfectly with the internet explorer browser (don't ask why I know this :( My first try was to go with javascript off... all i got was another different message and the javascript was nowhere to be seen. All that needs to be done is save the page from a link to it (not save the page itself, that would not show the script!). Now open it in edit.com or any other text editor and you can take a look at it.

The main function is actually pretty simple: it has some text (the ciphertext). It asks for some input (key, doesn't allow an empty box or cancelling), it creates decyphered text (plaintext) using the key and the ciphertext, and then writes it to the page. If you try a couple of different keys, you will realize that some things remained unchanged no matter what you input: most important the number of words, letters and the format of the frames, colors.

The decode function changes the key to uppercase and switches some of the letters according to the "alphabet" array. (a to g, b to y... you know it ;)

Letter and non alphabetic characters are stripped off the key (you will get the same decrypted message if you just type characters... try it).

After that it starts changing the cyphertext with the new key. The code only changes alphabetic characters that are not between the tags though, so there are really not many characters to walk through. The loop takes the letter from the cypher text and moves it back (rests) the value of the letter in the key. Next it changes it to either lower or uppercase (depending on what it originally was to keep the caps) and finally adds it to the output string, that is printed at the end. When the final character in the key has been used, it loops around again. So, it is really easy to reverse the algorithm, and now we know what must be in the code for a certain letter to appear in the message... what does the message have to look like though?

THINK! As long as you remember the amount cyphertext, you can do anything else you want. Turn the computer off, take a walk by the beach, talk with your wife or girlfriend or just sit back and relax. This is a "portal" for another section, and we already know that the solution to this portals is to get the address of the new section... two short words, a word with a dot and numbers, and then a short sentence with an exclamation mark... that's it! the word with the numbers is the address, ending with... you guessed it: ".htm" and the sentence after it is some kind of congratulation message... what about he other ones? hmmm... two two letter words, ending with the same letter. Eventually it clicks "Go to xxx11xxx.htm"! Now we are ready.

How do we get the G letter there? Simple math (just add and rest, a linear equation ;) first code letter is "B" .. try it out.. "Gw tw kjr11rad.hyp ... Gam ywu ykmtm!"

Well, if it does say Go to, we seem to be on the right track (but remember, it's just a huntch... might be wrong ;) now to get "o" as output we need an "a" in the key, so let's try "ba".

Boom! "Go to kyr11jav.htp ... Sae you tkete!" We are close. Go to is definetely the beginnig of the message, and that jav on the address is another clear sign.
It still finishes with htp instead of htm, but however the final message now makes some sense:

"See you there" fits exactly.. and makes absolute sense.

Next step would be getting the "p" to become and "m", so we need a "y" in the code. I got excited of coming so close, so I made this mistake: key "Bay". Suddenly, it all broke down, with the message "Go qw car11jdd.zbp... Sdm ttu thmlj!"
Some letters did fit the message at the end (the h was there, which hadn't been before.. but the p still remained there). So I went back to the other message, and, remembering that it uses the key over and over again, I paired the words to see which were right/wrong:

Go(+) to(+) ky(?) rj(?) av (+) ht (+) pS(-) ae(-) yo (+) ut(+) ke(-) te(-)

Looking at it this way, it was clear: it was an eight letter key, the beggining of which was "baba" and the end was "?a?a"... It would have been impossible to guess this with just the address, but the last sentence made clear which pairs were wrong and which right, showing me the pattern.
So, knowing that y made the "p" become the "m" I inputed "babayaya"... and "Go to hyo11jav.htm ... Sde you theqe!"

Now no more was needed (obviously hyp11jav.htm was the right address, but just to make sure I changed the "d" in "Sde" to "e" with "g", making the key "babayaga"... and finally got the "Go to hyp11jav.htm... See you there!" message.

Well, Fravia+, that's how I got in... but as I was writing it I realized that the viewers of the message are going to know the function inside out, so I should just concentrate on the pattern, matching with pairs at the end, which I guess is the only different thing (maybe not even that ;)
As to how to ameliorate the code, I believe that the easiest way would be to add the "<" and other formatting characters into the "alphabet", so that with the wrong code, whoever was trying to access it would think that message was much longer, thus not permitting the way I used of "guessing" the message. To keep the format the same, the period and number characters might be added, so that the ".htm" format is not that obvious.

I would gladly write a javascript (I just looked at the makepa3.htm page, and I believe that the letter is an "s" after the quote character... and the six letters might be Fravia in front of it making that "Fravia's".. of course my intuition might have run out already... I'll look into it after I send the message ;)

I hope to be able to send you more soon. cheers, Iker
red

 


red

redhomepage red links red anonymity +ORC redstudents' essays redacademy database redbots wars
redantismut redtools redcocktails redjavascript wars redsearch_forms redmail_Fravia
redIs reverse engineering illegal?
s