Try and crack this code:


<script>

var pass=new Array()
var t3=""
var lim=8
pass[0]="ShrYuV93SzneQF5"
pass[1]="YRUXZUAw73X68mV"
pass[2]="wk7Dt8qaajweMAQ"
pass[3]="OQFkoiFnb8owEh"
pass[4]="9BvOtSWaxodzlrKT"
pass[5]="21BvOtSWaxodzlrK"

//configure extension to reflect the extension type of the target web page (ie: .htm or .html)
var extension=".html"
var enablelocking=0
var numletter="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
var temp3=''
var cur=0


function max(which){
return (pass[Math.ceil(which)+(3&15)].substring(0,1))
}

function testit(input){
temp=numletter.indexOf(input)
var temp2=temp^parseInt(pass[phase1-1+(1|3)].substring(0,2))
temp2=numletter.substring(temp2,temp2+1)
return (temp2)
}


function submitentry(){
t3=''
verification=document.password1.password2.value
phase1=Math.ceil(Math.random())-6+(2<<2)
var indicate=true
for (i=(1&2);i<window.max(Math.LOG10E);i++)
t3+=testit(verification.charAt(i))
for (i=(1&2);i<lim;i++){
if (t3.charAt(i)!=pass[phase1+Math.round(Math.sin(Math.PI/2)-1)].charAt(i))
indicate=false
}
if (verification.length!=window.max(Math.LOG10E))
indicate=false
if (indicate)
window.location=verification+extension
else
alert("Invalid password. Please try again")
}
</script>



<table border="1" cellspacing="0" cellpadding="0" bgcolor="#FFFFBD">
<tr>
<td width="100%"><form name="password1"><div align="center"><center><p><strong>Enter password: </strong><input
type="text" name="password2" size="15"><br>
<input type="button" value="Submit" onClick="submitentry()"></p>
</center></div>
</form>
</td>
</tr>
</table>

I could run it through a maths filter on my school computers, prob do it, but my maths isnt good enough to work it all out here :p.

Hi,
whats about the new line in numletter String? Your code throws only a syntax error.

So long, skriptor.

The new line is probably just a formatting thing posting to this thread.

once the two halves of the string are reunited again, the code looks like an obfuscated way to hide some password. Letters in the entered password are exchanged with some other letter in a simple substitution algorithm. The following letter pairs show each char with its pair...
[ ,k],[0,j],[1,m],[2,l],[3,g],[4,f],[5,i],[6,h],
[7,s],[8,r],[9,u],[a,t],[b,o],[c,n],[d,q],[e,p],
[f,4],[g,3],[h,6],[i,5],[j,0],[k, ],[l,2],[m,1],
[n,c],[o,b],[p,e],[q,d],[r,8],[s,7],[t,a],[u,9],
[v,Q],[w,P],[x,S],[y,R],[z,M],[A,L],[B,O],[C,N],
[D,Y],[E,X],[F,*],[G,Z],[H,U],[I,T],[J,W],[K,V],
[L,A],[M,z],[N,C],[O,B],[P,w],[Q,v],[R,y],[S,x],
[T,I],[U,H],[V,K],[W,J],[X,E],[Y,D],[Z,G],[*,F]

Unfortunately, there's a bug. The letter 'F' doesn't have a match (I've used * in the list above) and so the code above can't have a solution as once the substitution is done, it compares against the first 9 chars in pass[3] which has 2 'F' chars in it.

I don't know if this is any differet, but I am copy and pasting... Maybe its becuase you don't know the page.html thing.

You wanna try that again?

You need to know the .html page... like if the password was dude then the browser would look for dude.html

Yes, I gathered that.
But I think there is no 'password' that will work with this code.

The algorithm is a simple substitution which for all characters except 'F' is reversable, I've listed the character pairs above. After encrypting the first 9 characters of the password, the first 8 chars are compared against the string defined in pass[3]("OQFkoiFnb8owEh"). Since no character can be encoded to become 'F', no password will work.

This all hinges on the definition of the var numletter. In the code listing, there is a new-line in the string which is a syntax error for Javascript. I am assuming that this should be corrected to:

//note string broken up because of formatting problems
var numletter=" 0123456789" + "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ"


Is this correct?

Or, do you have a working web site we could try?

There is a password that will work, but it is hard to find.

DxY1d7-Y2

That is case sensitive... Was that hard?

There is a password that will work, but it is hard to find.
DxY1d7-Y2The code you posted earlier with the password you just provided returned invalid password.

Gollum is correct that there is no solution. I'll just attempt to re-explain why.

First, the password the user types in is encrypted. This encrypted string is tested against pass[3], which is "OQFkoiFnb8owEh". Note that the third and seventh characters are F. Since no character will encrypt to 'F', the password provided by the user, after encryption, will *never* contain an F, thus the third and seventh characters will *always* be different.

However, if the 'F's were removed from pass[3], the correct password would be "Bv b5corb".

Since these results are so drastically different from what you (Jonathan) have said they should be I can only assume that something vitally important was lost when posting to the forum, or perhaps you mistakenly posted the wrong algorithm altogether? Either way, it would be better if you could provide us with an online version so we are all working with the same code.

sorry, apoligies guys... :(

No biggie!
It's a fun little puzzle anyway

but you couldn't figure it out... oh well..

but you couldn't figure it out... oh well..um... is this supposed to be a joke? or did you forget to read through your own thread?