Courtesy of Fravia's page
of reverse engineering
Well, MR and some other javacrackers
have written to me that the 'easy' devious entrance is indeed TOO easy. May be, yet
as you know
I see exactly who peruses my pages, and I can assure you that out of
4-5000 hits (March 1998) per day only 10-12 "new" identities land on the devious page in a week.
MUCH more difficult :-)
MR to Fravia+: 26 March 1998
Greetings to all fellow crackers...
Nothing really new in this essay but Fravia+ wanted us to write him our
ways to the "devious" page, so I do...
Well, I finally got to the devious page thru the easy entrance (lamer) :)
although I first tried the hard entrance for a couple of days.
Here are my approaches.
First of all I saved a copy of javdevio.htm and started to study the
After a short look at the functions used to encrypt the username and
password I already knew that it wouldn't be easy to reverse them.
And after a closer look at them I concluded that it's just impossible
due to the fact that Sine functions are being used. As most of you know
there are infinitely many arguments that produce a given Sine value.
So I tried to understand the "general" principle of the code I was
starring at, and found out that the 'username' and 'password' were
totally independent in the protection scheme. That means, you can actually
think of them like just two passwords that both must be correct to get
F1 encrypts username, F2 encrypts password, if both encrypted values
coincide with the user-array-values, then F3,F4, and the 3rd user-array
value are used to calculate the name of the page.
Since there was no way to reverse the encryption algorithm and
a few "manual" attempts with likely words as username/password
combinations didn't work, I saw nothing better than a brute force
Somewhere in this phase I found out which 2 user/pass combinations in
the user-array are yet "unused" and also found the thing with the username
It was used twice and one of them belonged to the array-entry leading to
the devious page.
So one username that would let you enter the devious page was already
(='username'). The "only" thing to do was to find the password belonging
to that user.
(Alas, none of the other 4 known passwords matched the
password-array-value for that user :-)
So from this point on I concentrated on searching the password, that
would work in combination with the username "username".
Alas, all my attempts to find the right password with the brute force
method failed. Since I didn't know the length of the password I had to
start with 1 and increase the length in case of no success.
I gave up after the length of 6.
It took hours already, and multiplying by 36 possible characters at the
7th position implied that it would take days. (Funny... the correct password
was mozilla which indeed is 7 characters long!)
Then I searched the web for word lists and found quite a few (the
biggest one 2.5 MB I think) but obviously not the right ones, because
checking them gave me no results.
So I was at the end and took once more a very careful look at the
myown511.htm page, read the DECIDING sentence:
"The correct password, that would land you on my 'devious' page on 20
MARCH 1998, would land you on vournt.htm on another march day... another,
not any other day... duh" and finally I understood it's meaning!
(I had read it before but somehow I understood it wrong.)
The CORRECT password produces "vournt" on SOME day of march!!!
So it was all there. Since it's a self-reversing algorithm, just
calculate the page names for password "vournt" for all 31 days of march.
Take the page names now as passwords!
Clear: all of them produce "vournt" as page name on any given march day.
AND one of them is the correct password that lands you on the devious
page on march 20th!
So all you have to do is to set the date to march 20th in
your copy of "myown511.htm", try out all of the "passwords" and look for
the ones that produce a number as the page name (Fravia already said
it was a number).
Pretty quickly you'll find the "devious" page.
I would have succeeded with the "hard entrance" if I
a) had found a 'better' word list, or
b) had compiled my own word list from contents of Fravia's pages
(I had better followed Fravias tip about some stalking/searching and
Secondly, the easy entrance is really easy. The only thing is to
understand Fravias (quite loosely formulated :-) tip.
(c) 1998 MR All rights reversed
You are deep inside Fravia's page of reverse engineering,
choose your way out:
Is reverse engineering legal?