You people have too much time. <!--emo&???--><img src='http://www.unknownworlds.com/forums/html/emoticons/confused.gif' border='0' style='vertical-align:middle' alt='confused.gif'><!--endemo-->
*cries cause he has yet to see revolutions and may not ever see it in theater*
<!--QuoteBegin--Marik_Steele+Nov 8 2003, 01:35 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Marik_Steele @ Nov 8 2003, 01:35 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Rather nice work Kastro. At some point you've got to tell us how you got that much. I don't know flash, but I know enough Java and C++ to take my guesses at the code. I'm most interested in these parts: <!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1--> var combination = this.current_combination.bank_a_display + this.current_combination.bank_b_display + this.current_combination.bank_c_display + this.current_combination.bank_d_display; if (this.securityManager.e8418d1d706cd73548f9f16f1d55ad6e(combination)) { this.combination_correct = true; signal.gotoAndStop("on"); }<!--c2--></td></tr></table><span class='postcolor'><!--ec2--> It takes all 4 "banks" and sticks them together end to end, making a variable called "combination". It is then sent to this thing's "securityManager.####" function. We don't have the source for that function here, but it seems to check a list of valid codes and return "true" if valid and "false" otherwise. If "true," "combination_correct" gets set to "true," and "signal" (my guess: the green indicator next to the enter button) gets set to "on."
So all this means that if we just find the code of securityManager, we're set. Thing is, I don't know why securityManager is followed by that garbled mess of characters, and I'm especially confused by the fact that it's followed by a <i>different</i> mess of garbled characters in this part of the code: <!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1--> if (this.combination_correct) { var combination = this.current_combination.bank_a_display + this.current_combination.bank_b_display + this.current_combination.bank_c_display + this.current_combination.bank_d_display; getURL("javascript:popup(\'" + this.securityManager.c7ff3e2691955bf4ae7405c0b(combination) + "\')", ""); }<!--c2--></td></tr></table><span class='postcolor'><!--ec2-->
[edit]Looking at it again, we do see where securityManager gets created. First couple lines, <!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->this.securityManager = new fae32629d4ef4fc6341f1751b405e45("../hex_lock/gateway.php", this, "hex_lock_128");<!--c2--></td></tr></table><span class='postcolor'><!--ec2--> <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd--> Argh.. it's been awhile.. let me try to look a little further...
That string of hex after the "security manager" designation seems to be some sort of flag to say what operation is being done to the entered combination... Perhaps it's being multiplied by it? Modulous division? Finding how many times the combo will go into that string? The remainder? Maybe try some mathematical functions with that string and the hex code entered.
The "this.XXX" means... ack it's been awhile, it's refereing to the current object in the class.. (we didn't do classes too long) I think.. I'm pretty sure "this" is a reserve word, so it can't be a struct named "this"
It also looks like it adds every combo entered together to make one big combo to test... So maybe multiple combos will work?
Also, are you sure it sticks them together end to end? It's not a string, is it? Would it actually do the hex addition?
<!--QuoteBegin--::esuna::+Nov 9 2003, 02:48 AM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (::esuna:: @ Nov 9 2003, 02:48 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> To be honest, i don't think that the site's creators initially intended that people decompile their flash movies. While Kastro, and myself, have been doing it, i have the feeling that it may be a bit simpler than that. Heh.
But then again, you never know. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd--> Oh, I don't know about that. It's supposed to be an imitation of hacking, right? Stuff binary; how about real programmers actually reading source code? <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif'><!--endemo-->
Marik_SteeleTo rule in hell...Join Date: 2002-11-20Member: 9466Members
<!--QuoteBegin--404NotFound+Nov 8 2003, 07:33 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (404NotFound @ Nov 8 2003, 07:33 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> [...] Argh.. it's been awhile.. let me try to look a little further...
That string of hex after the "security manager" designation seems to be some sort of flag to say what operation is being done to the entered combination... Perhaps it's being multiplied by it? Modulous division? Finding how many times the combo will go into that string? The remainder? Maybe try some mathematical functions with that string and the hex code entered.
The "this.XXX" means... ack it's been awhile, it's refereing to the current object in the class.. (we didn't do classes too long) I think.. I'm pretty sure "this" is a reserve word, so it can't be a struct named "this"
It also looks like it adds every combo entered together to make one big combo to test... So maybe multiple combos will work?
Also, are you sure it sticks them together end to end? It's not a string, is it? Would it actually do the hex addition? <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd--> <!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->this.current_combination.bank_a_display = "00000000"; this.current_combination.bank_b_display = "00000000"; this.current_combination.bank_c_display = "00000000"; this.current_combination.bank_d_display = "00000000";<!--c2--></td></tr></table><span class='postcolor'><!--ec2--> Note the way that it assigns those four variables. Using no quotations would mean that they are integers. The fact that quotations are used means that it's most likely a string. This is more or less confirmed by the while loops that can randomize it: <!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1--> var i = 1; while (i < 33) { var target = eval("bin_" + String(i)); target.randomise(); i++; } // end while<!--c2--></td></tr></table><span class='postcolor'><!--ec2-->Go through each index from 1 to 33 (the programming languages I use would call them indexes 0 to 31 for 32 indexes total), and randomize the value at each index.
The fact that they are strings means that they can be concatenated. There's a difference between "1234" + "567" == "1234567" (concatenation) and 1234 + 567 == 179B (hex addition; go ahead and try it in Windows' Calculator in the Accessories folder of the Programs menu, and be sure to set "view" to "scientific" for the option of using hex instead of dec for decimal)
All this aside, I still want to know the source code for securityManager.
What is the url that this .swf movie resides in? I might be able to create another Flash movie which spoofs a connect to their Coldfusion gateway if I know the correct url. Thats unless theyre blocking external gateway connections, which I am expecting, because theyve certainly spent time on this.
Edit: Cancel that. I havnt got the includes necessary to initiate the connection. I can tell you that youre looking for a 32 bit code that is passed to a gateway, which probably returns the name of the directory storing the page as index, which is off the directory containing the swf (hopefully, it depends if the gateway returns any directories with the page name).
What is the url that this .swf movie resides in? I might be able to create another Flash movie which spoofs a connect to their Coldfusion gateway if I know the correct url. Thats unless theyre blocking external gateway connections, which I am expecting, because theyve certainly spent time on this. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd--> If my theory is correct, temporary pages are made for each user who tries to view it, and the URLs are rendered invalid when they close IE. You ought to try visiting it yourself if you haven't yet, HTML source is something I'm not familiar with.
What is the url that this .swf movie resides in? I might be able to create another Flash movie which spoofs a connect to their Coldfusion gateway if I know the correct url. Thats unless theyre blocking external gateway connections, which I am expecting, because theyve certainly spent time on this. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd--> If my theory is correct, temporary pages are made for each user who tries to view it, and the URLs are rendered invalid when they close IE. You ought to try visiting it yourself if you haven't yet, HTML source is something I'm not familiar with. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd--> Im still unsure as to that Flash, they have either made some really funky gateway objects or includes somewhere else in the movie, theyre using Actionscript 2, or it has been corrupted.
And I am too lazy to actually go there and do any of it myself. I tortured myself with hackits the other week, im still resting my fakehaxor laurels from that. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
Marik_SteeleTo rule in hell...Join Date: 2002-11-20Member: 9466Members
edited November 2003
Seems to be at <a href='http://whatisthematrix.warnerbros.com/cmp/hex_lock/gateway.php' target='_blank'>http://whatisthematrix.warnerbros.com/cmp/...ock/gateway.php</a>? But they key= and node= after the ? vary each time I access the page over again.
[edit]I've noticed that the line <!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1--><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"<!--c2--></td></tr></table><span class='postcolor'><!--ec2--> in the HTML source of the page has not varied out of 3 different viewings. It's the only garbled mess number that's stayed constant.
Marik_SteeleTo rule in hell...Join Date: 2002-11-20Member: 9466Members
edited November 2003
Test: at <i>this very moment</i>, can anyone get to <span style='font-size:8pt;line-height:100%'>nevermind, didn't work.</span>
[edit]Nevermind, copying the shortcut and putting it into IE doesn't work for me either. [edit2]Once I did get to that page, as long as I keep the same window of IE open I can refresh it as much as I want. Odd. Esuna, how <i>did</i> you save the "movie" so you could decompile it?
[edit3]There's got to be clues somewhere. Using Windows' magnifier in the accessibility menu, I looked in the same place that they used to hide a hex code. Now instead it says "Jason Williford loves Erin Daney"
Marik_SteeleTo rule in hell...Join Date: 2002-11-20Member: 9466Members
Don't know what I did to deserve this, but I just got a page saying: "Your access has been revoked. All hexidecimal codes are now deactivated. Please start again."
Marik_SteeleTo rule in hell...Join Date: 2002-11-20Member: 9466Members
edited November 2003
Just got an answer from Esuna. He used whatever program he has to save and decompile the SWF. Apparently from there it was just looking at the source code.
I just went to Google to do the same, so yes, you can save the flash and try to work through the code. I can say one thing: there are a heck of a lot of intentionally confusing variable names. Trying them all by hand would take too long, I'm going to see if I can figure out which are dummy values and which codes work.
[edit]I'm currently using the demo for SourceTec's SWF compiler. Was the first thing I found on Google, and easy enough to use considering I never glanced at the help files.
Marik_SteeleTo rule in hell...Join Date: 2002-11-20Member: 9466Members
edited November 2003
Yeah, it was an off-topic in-post reply by editing, and we went on a short tangent about how admins can do that sort of thing. You weren't hallucinating, I just figured I'd get rid of the divergence in topic. Anyway...
Quaunaut: if you'd be so kind as to put it indirectly (even if all you do is put it in your own forum member profile somewhere and post a link to yourself), that's fine. But people like me would prefer to find it on our own, so don't have it waving out in the open here.
I.. don't... get it, what do I do after the binary thing with the switchs, I just enter different things till the light turns on and, it loads back to where i was before?? I just am lost.
Same here <!--emo&:(--><img src='http://www.unknownworlds.com/forums/html/emoticons/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif'><!--endemo-->
Comments
*cries cause he has yet to see revolutions and may not ever see it in theater*
I don't know flash, but I know enough Java and C++ to take my guesses at the code. I'm most interested in these parts:
<!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->
var combination = this.current_combination.bank_a_display + this.current_combination.bank_b_display + this.current_combination.bank_c_display + this.current_combination.bank_d_display;
if (this.securityManager.e8418d1d706cd73548f9f16f1d55ad6e(combination))
{
this.combination_correct = true;
signal.gotoAndStop("on");
}<!--c2--></td></tr></table><span class='postcolor'><!--ec2-->
It takes all 4 "banks" and sticks them together end to end, making a variable called "combination". It is then sent to this thing's "securityManager.####" function. We don't have the source for that function here, but it seems to check a list of valid codes and return "true" if valid and "false" otherwise. If "true," "combination_correct" gets set to "true," and "signal" (my guess: the green indicator next to the enter button) gets set to "on."
So all this means that if we just find the code of securityManager, we're set. Thing is, I don't know why securityManager is followed by that garbled mess of characters, and I'm especially confused by the fact that it's followed by a <i>different</i> mess of garbled characters in this part of the code:
<!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1--> if (this.combination_correct)
{
var combination = this.current_combination.bank_a_display + this.current_combination.bank_b_display + this.current_combination.bank_c_display + this.current_combination.bank_d_display;
getURL("javascript:popup(\'" + this.securityManager.c7ff3e2691955bf4ae7405c0b(combination) + "\')", "");
}<!--c2--></td></tr></table><span class='postcolor'><!--ec2-->
[edit]Looking at it again, we do see where securityManager gets created. First couple lines, <!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->this.securityManager = new fae32629d4ef4fc6341f1751b405e45("../hex_lock/gateway.php", this, "hex_lock_128");<!--c2--></td></tr></table><span class='postcolor'><!--ec2--> <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Argh.. it's been awhile.. let me try to look a little further...
That string of hex after the "security manager" designation seems to be some sort of flag to say what operation is being done to the entered combination... Perhaps it's being multiplied by it? Modulous division? Finding how many times the combo will go into that string? The remainder? Maybe try some mathematical functions with that string and the hex code entered.
The "this.XXX" means... ack it's been awhile, it's refereing to the current object in the class.. (we didn't do classes too long) I think.. I'm pretty sure "this" is a reserve word, so it can't be a struct named "this"
It also looks like it adds every combo entered together to make one big combo to test... So maybe multiple combos will work?
Also, are you sure it sticks them together end to end? It's not a string, is it? Would it actually do the hex addition?
It seems the easiest way to get at this would be to find someone that's bought the DVD.
Lets look this 0x(31)+0-F. Maybe it means 31 plus (zero minus sixteen)?
--Scythe--
But then again, you never know. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
Oh, I don't know about that. It's supposed to be an imitation of hacking, right? Stuff binary; how about real programmers actually reading source code? <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif'><!--endemo-->
Argh.. it's been awhile.. let me try to look a little further...
That string of hex after the "security manager" designation seems to be some sort of flag to say what operation is being done to the entered combination... Perhaps it's being multiplied by it? Modulous division? Finding how many times the combo will go into that string? The remainder? Maybe try some mathematical functions with that string and the hex code entered.
The "this.XXX" means... ack it's been awhile, it's refereing to the current object in the class.. (we didn't do classes too long) I think.. I'm pretty sure "this" is a reserve word, so it can't be a struct named "this"
It also looks like it adds every combo entered together to make one big combo to test... So maybe multiple combos will work?
Also, are you sure it sticks them together end to end? It's not a string, is it? Would it actually do the hex addition? <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
<!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->this.current_combination.bank_a_display = "00000000";
this.current_combination.bank_b_display = "00000000";
this.current_combination.bank_c_display = "00000000";
this.current_combination.bank_d_display = "00000000";<!--c2--></td></tr></table><span class='postcolor'><!--ec2-->
Note the way that it assigns those four variables. Using no quotations would mean that they are integers. The fact that quotations are used means that it's most likely a string. This is more or less confirmed by the while loops that can randomize it:
<!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->
var i = 1;
while (i < 33)
{
var target = eval("bin_" + String(i));
target.randomise();
i++;
} // end while<!--c2--></td></tr></table><span class='postcolor'><!--ec2-->Go through each index from 1 to 33 (the programming languages I use would call them indexes 0 to 31 for 32 indexes total), and randomize the value at each index.
The fact that they are strings means that they can be concatenated. There's a difference between
"1234" + "567" == "1234567" (concatenation)
and
1234 + 567 == 179B (hex addition; go ahead and try it in Windows' Calculator in the Accessories folder of the Programs menu, and be sure to set "view" to "scientific" for the option of using hex instead of dec for decimal)
All this aside, I still want to know the source code for securityManager.
You called? <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
What is the url that this .swf movie resides in? I might be able to create another Flash movie which spoofs a connect to their Coldfusion gateway if I know the correct url. Thats unless theyre blocking external gateway connections, which I am expecting, because theyve certainly spent time on this.
Edit: Cancel that. I havnt got the includes necessary to initiate the connection. I can tell you that youre looking for a 32 bit code that is passed to a gateway, which probably returns the name of the directory storing the page as index, which is off the directory containing the swf (hopefully, it depends if the gateway returns any directories with the page name).
You called? <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
What is the url that this .swf movie resides in? I might be able to create another Flash movie which spoofs a connect to their Coldfusion gateway if I know the correct url. Thats unless theyre blocking external gateway connections, which I am expecting, because theyve certainly spent time on this. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
If my theory is correct, temporary pages are made for each user who tries to view it, and the URLs are rendered invalid when they close IE. You ought to try visiting it yourself if you haven't yet, HTML source is something I'm not familiar with.
You called? <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
What is the url that this .swf movie resides in? I might be able to create another Flash movie which spoofs a connect to their Coldfusion gateway if I know the correct url. Thats unless theyre blocking external gateway connections, which I am expecting, because theyve certainly spent time on this. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
If my theory is correct, temporary pages are made for each user who tries to view it, and the URLs are rendered invalid when they close IE. You ought to try visiting it yourself if you haven't yet, HTML source is something I'm not familiar with. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Im still unsure as to that Flash, they have either made some really funky gateway objects or includes somewhere else in the movie, theyre using Actionscript 2, or it has been corrupted.
And I am too lazy to actually go there and do any of it myself. I tortured myself with hackits the other week, im still resting my fakehaxor laurels from that. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
But they key= and node= after the ? vary each time I access the page over again.
[edit]I've noticed that the line <!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1--><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"<!--c2--></td></tr></table><span class='postcolor'><!--ec2--> in the HTML source of the page has not varied out of 3 different viewings. It's the only garbled mess number that's stayed constant.
[edit]Nevermind, copying the shortcut and putting it into IE doesn't work for me either.
[edit2]Once I did get to that page, as long as I keep the same window of IE open I can refresh it as much as I want. Odd.
Esuna, how <i>did</i> you save the "movie" so you could decompile it?
[edit3]There's got to be clues somewhere. Using Windows' magnifier in the accessibility menu, I looked in the same place that they used to hide a hex code. Now instead it says "Jason Williford loves Erin Daney"
<img src='http://server2.uploadit.org/files/091103-matrix.JPG' border='0' alt='user posted image'>
[edit]Sorry, forgot to ask. HOWD YOU GET THERE???!
"Your access has been revoked. All hexidecimal codes are now deactivated. Please start again."
He used whatever program he has to save and decompile the SWF. Apparently from there it was just looking at the source code.
I just went to Google to do the same, so yes, you can save the flash and try to work through the code. I can say one thing: there are a heck of a lot of intentionally confusing variable names. Trying them all by hand would take too long, I'm going to see if I can figure out which are dummy values and which codes work.
[edit]I'm currently using the demo for SourceTec's SWF compiler. Was the first thing I found on Google, and easy enough to use considering I never glanced at the help files.
the answer's in there...
sheesh...woulda expected you to find out by now!
Coulda sworn marik edited two posts and there were three posts after mine...
Marik, may I be allowed to put down the combination?
Quaunaut: if you'd be so kind as to put it indirectly (even if all you do is put it in your own forum member profile somewhere and post a link to yourself), that's fine. But people like me would prefer to find it on our own, so don't have it waving out in the open here.
<a href='http://www.iwnation.com/Forums/index.php?showuser=183' target='_blank'>Its under interests</a>
then, when you get to the page with 4 rows, put it in there. Its fine there