• Post Reply Bookmark Topic Watch Topic
  • New Topic

Checksum help (I think)...  RSS feed

 
jehnidiah
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Heya,

I've got some code that I'm supposed to figure out what does. I've been working hard on it for the past while, but can't really figure out what a checksum is or how it's used, and how to figure out what the checksum means. Basically, there's a "lock" like a safe lock and I've got to work to find out how to figure out the combination to the lock. I have discovered that I can download the .jar file, and have done so, and have expanded it and gotten the .class files, only one of which I believe is important to the safe lock. On the sourcecode of the safelock page I get this:

<param name=background value="http://www.site.net/background.jpg">
<param name=checksum value="7f4591741305ac823d164732f40c75b93ab4c858">
<param name=digits value="http://www.site.net/digits.jpg">
<param name=url_base value="http://www.site.net/safe/">
<param name=click value="http://www.site.net/click.au">

I've looked in the .class files and gotten a lot of information out of it. I've found the sections that look like they correspond to this area, and have as such discovered what everything on there means and how it works except for the "checksum" area.

This is from the class that I decompiled:


and some more of it here:



So, can someone please help me out here? I really just want to know what on earth this .class file is doing, and how I can take the information and use it to figure out the combination to the online safe. I've done all that I know how to do as a non-developer/progger of Java (I've zero experience).

Thanks so much in advance.
 
jehnidiah
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nevermind, I've figured this out. Thanks anyway, folks.
 
John McKail
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
still lost on this one :'(

Do you basically have to reverse the sha1 checksum into a code?? Any help will be muchely appreciated

Cheers,

Ratbag
 
Henry Wong
author
Sheriff
Posts: 23295
125
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Rat Bag:
Do you basically have to reverse the sha1 checksum into a code?? Any help will be muchely appreciated

Cheers,

Ratbag


Generally, the way a hash works (for a checksum) is, on the target side, the data that is recieved is hashed, exactly the way it was hased on the sender side. If the new hash based on the recieved data matches the hash that was sent, then everything is fine -- otherwise, either the sent data or the sent hash has been corrupted in transit.

Henry
 
John McKail
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply Henry (have changed screen name!)

Once of the bits that gets me is the getChecksumWithPrefix. Since the code consists of 6 x 10 digit numbers, I've tried a reverse sha-1 brute force using the dataset 0-9 but it yielded no results.

My reading of java is sketchy at best, so not sure whats going on (a prefix being added to the 6 digit code and the result hashed??)

Still lost and confused :'(

J
 
John McKail
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
would it maybe be a good idea to post this in the advanced section??
 
Ernest Friedman-Hill
author and iconoclast
Sheriff
Posts: 24217
38
Chrome Eclipse IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm confused: are jehnidiah and John McKail the same person?

SHA-1 (or any hash algorithm) are not reversible. That's the whole point. It computes an output string from an input string in such a way that the output String is highly likely to be unique, but the input string can not be computed from it.

So what's going on here is that a call to getChecksumWithPrefix("LOCKED"), with some (unknown to us) numbers for the barrel_values, was used to compute that long string of gibberish that's in the HTML. If you put in the same barrel_values, then getChecksumWithPrefix("LOCKED") will produce that same value, and send you to a URL that is computed using a call to getChecksumWithPrefix("OPEN") with those same barrel_values.

The password -- right the combination settings -- are not inherent in the source code. What you need to find out are the values that were used to compute the hash that's in the HTML, and you don't know what those are.
 
J Ra
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did anyone every figure this issue out?
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!