[ATC#9] Harold's secrets

comp09

ATC#9: Harold's Secrets

Word has it that Harold is keeping secrets from us ATers. He refuses to hand over his emails (for he claims they have been deleted). All we have been able to recover is this image, which he says is just a picture of the Milky Way:

Please help us find out what he is hiding.

Specific Rules
- Anything is fair game, just don't do anything that would cause unnecessary burden on my resources.

Scoring
- The first person to find the "flag" and writes post(s) explaining how he/she got there wins.

The winner of ATC#9 gets to place this lovely medal in his/her signature, designed by PullJosh:

Good luck and have fun!

Last edited by comp09 (Nov. 16, 2016 22:31:47)

IcyCoder

FINALY!
FIRST!
UGH MORE HAROLD!

Saiid

Did you upload this image to cubeupload or just find it online? Nvm my theory is debunked

Saiid

Last edited by Saiid (Nov. 16, 2016 22:48:00)

jokebookservice1

I used FotoForensics – loads of metadata, but nothing suspicious: http://fotoforensics.com/analysis.php?id=d61f679d5f7ce75d054a65280eb24e88f367a44b.206077

Perhaps the stars are actually binary encoded messages!

IcyCoder

jokebookservice1 wrote:
I used FotoForensics – loads of metadata, but nothing suspicious: http://fotoforensics.com/analysis.php?id=d61f679d5f7ce75d054a65280eb24e88f367a44b.206077

Perhaps the stars are actually binary encoded messages!

Wait I see numbers

MegaApuTurkUltra

If you want a spoiler for what's in the image: http://i.imgur.com/TKDcgbg.png
(yes, everyone's first step should have been to open in a hex editor and look at the file)

Someone else needs to visit the link there, since I refuse to (plus I'm supposed to be studying lagrange multipliers and iterated integrals right now

)

Last edited by MegaApuTurkUltra (Nov. 16, 2016 23:38:08)

jokebookservice1

Ok, so the site it leads to an obfuscated javascript place. I have tried to bruteforce it using a script, not quite working yet.

Saiid

jokebookservice1 wrote:
Ok, so the site it leads to an obfuscated javascript place. I have tried to bruteforce it using a script, not quite working yet.

What?

Saiid

jokebookservice1

Saiid wrote:
jokebookservice1 wrote:
Ok, so the site it leads to an obfuscated javascript place. I have tried to bruteforce it using a script, not quite working yet.
What?

Saiid

MegaApuTurkUltra wrote:
If you want a spoiler for what's in the image: http://i.imgur.com/TKDcgbg.png
(yes, everyone's first step should have been to open in a hex editor and look at the file)

Someone else needs to visit the link there, since I refuse to (plus I'm supposed to be studying lagrange multipliers and iterated integrals right now )

http://i.imgur.com/TKDcgbg.png
https://asun.co/atc9/7bSiCiCnbvYXSrd9EvMD/challenge.html
everything is super obfuscated when you view source

However, type “go” into the cosole. It is still pretty obfuscated, but much better than before.

I am trying to write a script that goes through all the possible values of the four input boxes and runs “go()” each time. If there is an error, it ignores it, but if it runs correctly, then I output something.

Saiid

jokebookservice1 wrote:
Saiid wrote:
jokebookservice1 wrote:
Ok, so the site it leads to an obfuscated javascript place. I have tried to bruteforce it using a script, not quite working yet.
What?

Saiid
MegaApuTurkUltra wrote:
If you want a spoiler for what's in the image: http://i.imgur.com/TKDcgbg.png
(yes, everyone's first step should have been to open in a hex editor and look at the file)

Someone else needs to visit the link there, since I refuse to (plus I'm supposed to be studying lagrange multipliers and iterated integrals right now )
http://i.imgur.com/TKDcgbg.png
https://asun.co/atc9/7bSiCiCnbvYXSrd9EvMD/challenge.html
everything is super obfuscated when you view source

However, type “go” into the cosole. It is still pretty obfuscated, but much better than before.

I am trying to write a script that goes through all the possible values of the four input boxes and runs “go()” each time. If there is an error, it ignores it, but if it runs correctly, then I output something.

mind pasting the source? I can't view on the computer i'm using now

Saiid

jokebookservice1

Saiid wrote:
jokebookservice1 wrote:
Saiid wrote:
jokebookservice1 wrote:
Ok, so the site it leads to an obfuscated javascript place. I have tried to bruteforce it using a script, not quite working yet.
What?

Saiid
MegaApuTurkUltra wrote:
If you want a spoiler for what's in the image: http://i.imgur.com/TKDcgbg.png
(yes, everyone's first step should have been to open in a hex editor and look at the file)

Someone else needs to visit the link there, since I refuse to (plus I'm supposed to be studying lagrange multipliers and iterated integrals right now )
http://i.imgur.com/TKDcgbg.png
https://asun.co/atc9/7bSiCiCnbvYXSrd9EvMD/challenge.html
everything is super obfuscated when you view source

However, type “go” into the cosole. It is still pretty obfuscated, but much better than before.

I am trying to write a script that goes through all the possible values of the four input boxes and runs “go()” each time. If there is an error, it ignores it, but if it runs correctly, then I output something.
mind pasting the source? I can't view on the computer i'm using now

Saiid

It isn't really relevent. Just a bunch of JS that looks like BranFlakes. However, there are 4 number inputs with IDs a, b, c, and d. There is a button with an onClick=“go();”

Saiid

jokebookservice1 wrote:
Saiid wrote:
jokebookservice1 wrote:
Saiid wrote:
jokebookservice1 wrote:
Ok, so the site it leads to an obfuscated javascript place. I have tried to bruteforce it using a script, not quite working yet.
What?

Saiid
MegaApuTurkUltra wrote:
If you want a spoiler for what's in the image: http://i.imgur.com/TKDcgbg.png
(yes, everyone's first step should have been to open in a hex editor and look at the file)

Someone else needs to visit the link there, since I refuse to (plus I'm supposed to be studying lagrange multipliers and iterated integrals right now )
http://i.imgur.com/TKDcgbg.png
https://asun.co/atc9/7bSiCiCnbvYXSrd9EvMD/challenge.html
everything is super obfuscated when you view source

However, type “go” into the cosole. It is still pretty obfuscated, but much better than before.

I am trying to write a script that goes through all the possible values of the four input boxes and runs “go()” each time. If there is an error, it ignores it, but if it runs correctly, then I output something.
mind pasting the source? I can't view on the computer i'm using now

Saiid
It isn't really relevent. Just a bunch of JS that looks like BranFlakes. However, there are 4 number inputs with IDs a, b, c, and d. There is a button with an onClick=“go();”

I'd still like to see it

Saiid

jokebookservice1

YES! I cracked the PIN

Saiid wrote:
I'd still like to see it

Saiid

I tried- Scratch gave me an error, it was simply too long

Last edited by jokebookservice1 (Nov. 17, 2016 00:55:47)

Saiid

jokebookservice1 wrote:
YES! I cracked the PIN
Saiid wrote:
I'd still like to see it

Saiid
I tried- Scratch gave me an error, it was simply too long

Pastebin?

Saiid

jokebookservice1

I want to go to bed now.. shall I tell you the pin or not?

master_tolkien

Got this somehow after typing “go()” into the console and clicking on something on the right of the error message…
I'm not really sure what it is at all, it could be unrelated.

var _0xa752=[";","split",'use strict;length;invalid aes block size;invalid;exception;a;j;slice;q;toString;CORRUPT: ;message;INVALID: ;BUG: ;NOT READY: ;aes;cipher;invalid aes key size;prototype;bitArray;clamp;floor;concat;getPartial;ceil;partial;round;bitLength;push;pop;utf8String;codec;;fromCharCode;charCodeAt;base64;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;I;substr;-_;charAt;=;replace;indexOf;this isn\'t base64!;base64url;fromBits;toBits;sha256;hash;m;g;reset;finalize;update;M;string;splice;pow;ocb2;mode;ocb iv must be 128 bits;G;k;encrypt;pmac;decrypt;bitSlice;equal;ocb: tag doesn\'t match;corrupt;gcm;n;data;tag;gcm: tag doesn\'t match;f;hmac;misc;L;blockSize;o;mac;pbkdf2;invalid params to pbkdf2;json;ccm;randomWords;random;defaults;d;adata;salt;iv;iter;ts;ks;json encrypt: invalid parameters;cachedPbkdf2;key;ct;encode;decode;json decrypt: invalid parameters;{;hasOwnProperty;number;boolean;";object;json encode: unsupported type;bug;match;json encode: invalid property name;":;,;};json decode: this isn\'t json!;split;required parameter overridden;V;firstSalt;{"iv":"h2eIOSVu4E5S+aJPDBpc3A==","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ocb2","adata":"","cipher":"aes","salt":"fULpF8yNyLU=","ct":"+7I4onvzC/GuHD6OSrZFtLMK2lFxIGV/u8/gPBhiS3buVb2Vxzds/AXhd9JX7Ks7Un5L524D6cEzQA+RgFXy8FKuft8QeJmcl319HuzI61V+lUDxlLXuyJdBKg1N3Y/yinXdsnWp/H8ihxMHQCdq9blr2nfo0PbJ3EvO7lmZLFd2JIh4UFoxyfYGAK/U0jhLkw=="};go;value;getElementById;b;c;write'],_0xfc15=[_0xa752[0],_0xa752[1],_0xa752[2]];!function(){var t=_0xfc15[2][_0xfc15[1]](_0xfc15[0]);!function(){function n(t){throw t}function r(r,e,o){4!==e[t[1]]&&n(new i[t[4]][t[3]](t[2]));var a=r[t[5]][o],c=e[0]^a[0],u=e[o?3:1]^a[1],f=e[2]^a[2];e=e[o?1:3]^a[3];var s,h,d,p,v=a[t[1]]/4-2,l=4,m=[0,0,0,0];s=r[t[6]][o],r=s[0];var y=s[1],b=s[2],w=s[3],g=s[4];for(p=0;v>p;p++)s=r[c>>>24]^y[u>>16&255]^b[f>>8&255]^w[255&e]^a[l],h=r[u>>>24]^y[f>>16&255]^b[e>>8&255]^w[255&c]^a[l+1],d=r[f>>>24]^y[e>>16&255]^b[c>>8&255]^w[255&u]^a[l+2],e=r[e>>>24]^y[c>>16&255]^b[u>>8&255]^w[255&f]^a[l+3],l+=4,c=s,u=h,f=d;for(p=0;4>p;p++)m[o?3&-p:p]=g[c>>>24]<<24^g[u>>16&255]<<16^g[f>>8&255]<<8^g[255&e]^a[l++],s=c,c=u,u=f,f=e,e=s;return m}function e(n,r){var e,i,o,a=r[t[7]](0),c=n[t[8]],u=n[t[5]],f=c[0],s=c[1],h=c[2],d=c[3],p=c[4],v=c[5],l=c[6],m=c[7];for(e=0;64>e;e++)16>e?i=a[e]:(i=a[e+1&15],o=a[e+14&15],i=a[15&e]=(i>>>7^i>>>18^i>>>3^i<<25^i<<14)+(o>>>17^o>>>19^o>>>10^o<<15^o<<13)+a[15&e]+a[e+9&15]|0),i=i+m+(p>>>6^p>>>11^p>>>25^p<<26^p<<21^p<<7)+(l^p&(v^l))+u[e],m=l,l=v,v=p,p=d+i|0,d=h,h=s,s=f,f=i+(s&h^d&(s^h))+(s>>>2^s>>>13^s>>>22^s<<30^s<<19^s<<10)|0;c[0]=c[0]+f|0,c[1]=c[1]+s|0,c[2]=c[2]+h|0,c[3]=c[3]+d|0,c[4]=c[4]+p|0,c[5]=c[5]+v|0,c[6]=c[6]+l|0,c[7]=c[7]+m|0}var i={cipher:{},hash:{},keyexchange:{},mode:{},misc:{},codec:{},exception:{corrupt:function(n){this[t[9]]=function(){return t[10]+this[t[11]]},this[t[11]]=n},invalid:function(n){this[t[9]]=function(){return t[12]+this[t[11]]},this[t[11]]=n},bug:function(n){this[t[9]]=function(){return t[13]+this[t[11]]},this[t[11]]=n},notReady:function(n){this[t[9]]=function(){return t[14]+this[t[11]]},this[t[11]]=n}}};i[t[16]][t[15]]=function(r){this[t[6]][0][0][0]||this.D();var e,o,a,c,u=this[t[6]][0][4],f=this[t[6]][1];e=r[t[1]];var s=1;for(4!==e&&6!==e&&8!==e&&n(new i[t[4]][t[3]](t[17])),this[t[5]]=[a=r[t[7]](0),c=[]],r=e;4*e+28>r;r++)o=a[r-1],(0===r%e||8===e&&4===r%e)&&(o=u[o>>>24]<<24^u[o>>16&255]<<16^u[o>>8&255]<<8^u[255&o],0===r%e&&(o=o<<8^o>>>24^s<<24,s=s<<1^283*(s>>7))),a[r]=a[r-e]^o;for(e=0;r;e++,r--)o=a[3&e?r:r-4],c[e]=4>=r||4>e?o:f[0][u[o>>>24]]^f[1][u[o>>16&255]]^f[2][u[o>>8&255]]^f[3][u[255&o]]},i[t[16]][t[15]][t[18]]={encrypt:function(t){return r(this,t,0)},decrypt:function(t){return r(this,t,1)},j:[[[],[],[],[],[]],[[],[],[],[],[]]],D:function(){var n,r,e,i,o,a,c,u=this[t[6]][0],f=this[t[6]][1],s=u[4],h=f[4],d=[],p=[];for(n=0;256>n;n++)p[(d[n]=n<<1^283*(n>>7))^n]=n;for(r=e=0;!s[r];r^=i||1,e=p[e]||1)for(a=e^e<<1^e<<2^e<<3^e<<4,a=a>>8^255&a^99,s[r]=a,h[a]=r,o=d[n=d[i=d[r]]],c=16843009*o^65537*n^257*i^16843008*r,o=257*d[a]^16843008*a,n=0;4>n;n++)u[n][r]=o=o<<24^o>>>8,f[n][a]=c=c<<24^c>>>8;for(n=0;5>n;n++)u[n]=u[n][t[7]](0),f[n]=f[n][t[7]](0)}},i[t[19]]={bitSlice:function(n,r,e){return n=i[t[19]].O(n[t[7]](r/32),32-(31&r))[t[7]](1),void 0===e?n:i[t[19]][t[20]](n,e-r)},extract:function(n,r,e){var i=Math[t[21]](-r-e&31);return(-32&(r+e-1^r)?n[r/32|0]<<32-i^n[r/32+1|0]>>>i:n[r/32|0]>>>i)&(1<<e)-1},concat:function(n,r){if(0===n[t[1]]||0===r[t[1]])return n[t[22]](r);var e=n[n[t[1]]-1],o=i[t[19]][t[23]](e);return 32===o?n[t[22]](r):i[t[19]].O(r,o,0|e,n[t[7]](0,n[t[1]]-1))},bitLength:function(n){var r=n[t[1]];return 0===r?0:32*(r-1)+i[t[19]][t[23]](n[r-1])},clamp:function(n,r){if(r>32*n[t[1]])return n;n=n[t[7]](0,Math[t[24]](r/32));var e=n[t[1]];return r&=31,e>0&&r&&(n[e-1]=i[t[19]][t[25]](r,n[e-1]&2147483648>>r-1,1)),n},partial:function(t,n,r){return 32===t?n:(r?0|n:n<<32-t)+1099511627776*t},getPartial:function(n){return Math[t[26]](n/1099511627776)||32},equal:function(n,r){if(i[t[19]][t[27]](n)!==i[t[19]][t[27]](r))return!1;var e,o=0;for(e=0;n[t[1]]>e;e++)o|=n[e]^r[e];return 0===o},O:function(n,r,e,o){var a;for(void 0===o&&(o=[]);r>=32;r-=32)o[t[28]](e),e=0;if(0===r)return o[t[22]](n);for(a=0;n[t[1]]>a;a++)o[t[28]](e|n[a]>>>r),e=n[a]<<32-r;return a=n[t[1]]?n[n[t[1]]-1]:0,n=i[t[19]][t[23]](a),o[t[28]](i[t[19]][t[25]](r+n&31,r+n>32?e:o[t[29]](),1)),o},k:function(t,n){return[t[0]^n[0],t[1]^n[1],t[2]^n[2],t[3]^n[3]]}},i[t[31]][t[30]]={fromBits:function(n){var r,e,o=t[32],a=i[t[19]][t[27]](n);for(r=0;a/8>r;r++)0===(3&r)&&(e=n[r/4]),o+=String[t[33]](e>>>24),e<<=8;return decodeURIComponent(escape(o))},toBits:function(n){n=unescape(encodeURIComponent(n));var r,e=[],o=0;for(r=0;n[t[1]]>r;r++)o=o<<8|n[t[34]](r),3===(3&r)&&(e[t[28]](o),o=0);return 3&r&&e[t[28]](i[t[19]][t[25]](8*(3&r),o)),e}},i[t[31]][t[35]]={I:t[36],fromBits:function(n,r,e){var o=t[32],a=0,c=i[t[31]][t[35]][t[37]],u=0,f=i[t[19]][t[27]](n);for(e&&(c=c[t[38]](0,62)+t[39]),e=0;f>6*o[t[1]];)o+=c[t[40]]((u^n[e]>>>a)>>>26),6>a?(u=n[e]<<6-a,a+=26,e++):(u<<=6,a-=6);for(;3&o[t[1]]&&!r;)o+=t[41];return o},toBits:function(r,e){r=r[t[42]](/\s|=/g,t[32]);var o,a,c=[],u=0,f=i[t[31]][t[35]][t[37]],s=0;for(e&&(f=f[t[38]](0,62)+t[39]),o=0;r[t[1]]>o;o++)a=f[t[43]](r[t[40]](o)),0>a&&n(new i[t[4]][t[3]](t[44])),u>26?(u-=26,c[t[28]](s^a>>>u),s=a<<32-u):(u+=6,s^=a<<32-u);return 56&u&&c[t[28]](i[t[19]][t[25]](56&u,s,1)),c}},i[t[31]][t[45]]={fromBits:function(n){return i[t[31]][t[35]][t[46]](n,1,1)},toBits:function(n){return i[t[31]][t[35]][t[47]](n,1)}},i[t[49]][t[48]]=function(n){this[t[5]][0]||this.D(),n?(this[t[8]]=n[t[8]][t[7]](0),this[t[50]]=n[t[50]][t[7]](0),this[t[51]]=n[t[51]]):this[t[52]]()},i[t[49]][t[48]][t[49]]=function(n){return(new i[t[49]][t[48]])[t[54]](n)[t[53]]()},i[t[49]][t[48]][t[18]]={blockSize:512,reset:function(){return this[t[8]]=this[t[55]][t[7]](0),this[t[50]]=[],this[t[51]]=0,this},update:function(n){t[56]==typeof n&&(n=i[t[31]][t[30]][t[47]](n));var r,o=this[t[50]]=i[t[19]][t[22]](this[t[50]],n);for(r=this[t[51]],n=this[t[51]]=r+i[t[19]][t[27]](n),r=512+r&-512;n>=r;r+=512)e(this,o[t[57]](0,16));return this},finalize:function(){var n,r=this[t[50]],o=this[t[8]],r=i[t[19]][t[22]](r,[i[t[19]][t[25]](1,1)]);for(n=r[t[1]]+2;15&n;n++)r[t[28]](0);for(r[t[28]](Math[t[21]](this[t[51]]/4294967296)),r[t[28]](0|this[t[51]]);r[t[1]];)e(this,r[t[57]](0,16));return this[t[52]](),o},M:[],a:[],D:function(){function n(n){return 4294967296*(n-Math[t[21]](n))|0}var r,e=0,i=2;t:for(;64>e;i++){for(r=2;i>=r*r;r++)if(0===i%r)continue t;8>e&&(this[t[55]][e]=n(Math[t[58]](i,.5))),this[t[5]][e]=n(Math[t[58]](i,1/3)),e++}}},i[t[60]][t[59]]={name:t[59],encrypt:function(r,e,o,a,c,u){128!==i[t[19]][t[27]](o)&&n(new i[t[4]][t[3]](t[61]));var f,s=i[t[60]][t[59]][t[62]],h=i[t[19]],d=h[t[63]],p=[0,0,0,0];o=s(r[t[64]](o));var v,l=[];for(a=a||[],c=c||64,f=0;e[t[1]]>f+4;f+=4)v=e[t[7]](f,f+4),p=d(p,v),l=l[t[22]](d(o,r[t[64]](d(o,v)))),o=s(o);return v=e[t[7]](f),e=h[t[27]](v),f=r[t[64]](d(o,[0,0,0,e])),v=h[t[20]](d(v[t[22]]([0,0,0]),f),e),p=d(p,d(v[t[22]]([0,0,0]),f)),p=r[t[64]](d(p,d(o,s(o)))),a[t[1]]&&(p=d(p,u?a:i[t[60]][t[59]][t[65]](r,a))),l[t[22]](h[t[22]](v,h[t[20]](p,c)))},decrypt:function(r,e,o,a,c,u){128!==i[t[19]][t[27]](o)&&n(new i[t[4]][t[3]](t[61])),c=c||64;var f,s,h=i[t[60]][t[59]][t[62]],d=i[t[19]],p=d[t[63]],v=[0,0,0,0],l=h(r[t[64]](o)),m=i[t[19]][t[27]](e)-c,y=[];for(a=a||[],o=0;m/32>o+4;o+=4)f=p(l,r[t[66]](p(l,e[t[7]](o,o+4)))),v=p(v,f),y=y[t[22]](f),l=h(l);return s=m-32*o,f=r[t[64]](p(l,[0,0,0,s])),f=p(f,d[t[20]](e[t[7]](o),s)[t[22]]([0,0,0])),v=p(v,f),v=r[t[64]](p(v,p(l,h(l)))),a[t[1]]&&(v=p(v,u?a:i[t[60]][t[59]][t[65]](r,a))),d[t[68]](d[t[20]](v,c),d[t[67]](e,m))||n(new i[t[4]][t[70]](t[69])),y[t[22]](d[t[20]](f,s))},pmac:function(n,r){var e,o=i[t[60]][t[59]][t[62]],a=i[t[19]],c=a[t[63]],u=[0,0,0,0],f=n[t[64]]([0,0,0,0]),f=c(f,o(o(f)));for(e=0;r[t[1]]>e+4;e+=4)f=o(f),u=c(u,n[t[64]](c(f,r[t[7]](e,e+4))));return e=r[t[7]](e),128>a[t[27]](e)&&(f=c(f,o(f)),e=a[t[22]](e,[-2147483648,0,0,0])),u=c(u,e),n[t[64]](c(o(c(f,o(f))),u))},G:function(t){return[t[0]<<1^t[1]>>>31,t[1]<<1^t[2]>>>31,t[2]<<1^t[3]>>>31,t[3]<<1^135*(t[0]>>>31)]}},i[t[60]][t[71]]={name:t[71],encrypt:function(n,r,e,o,a){var c=r[t[7]](0);return r=i[t[19]],o=o||[],n=i[t[60]][t[71]][t[72]](!0,n,c,o,e,a||128),r[t[22]](n[t[73]],n[t[74]])},decrypt:function(r,e,o,a,c){var u=e[t[7]](0),f=i[t[19]],s=f[t[27]](u);return c=c||128,a=a||[],s>=c?(e=f[t[67]](u,s-c),u=f[t[67]](u,0,s-c)):(e=u,u=[]),r=i[t[60]][t[71]][t[72]](!1,r,u,a,o,c),f[t[68]](r[t[74]],e)||n(new i[t[4]][t[70]](t[75])),r[t[73]]},U:function(n,r){var e,o,a,c,u,f=i[t[19]][t[63]];for(a=[0,0,0,0],c=r[t[7]](0),e=0;128>e;e++){for(0!==(n[Math[t[21]](e/32)]&1<<31-e%32)&&(a=f(a,c)),u=0!==(1&c[3]),o=3;o>0;o--)c[o]=c[o]>>>1|(1&c[o-1])<<31;c[0]>>>=1,u&&(c[0]^=-520093696)}return a},f:function(n,r,e){var o,a=e[t[1]];for(r=r[t[7]](0),o=0;a>o;o+=4)r[0]^=4294967295&e[o],r[1]^=4294967295&e[o+1],r[2]^=4294967295&e[o+2],r[3]^=4294967295&e[o+3],r=i[t[60]][t[71]].U(r,n);return r},n:function(n,r,e,o,a,c){var u,f,s,h,d,p,v,l,m=i[t[19]];for(p=e[t[1]],v=m[t[27]](e),l=m[t[27]](o),f=m[t[27]](a),u=r[t[64]]([0,0,0,0]),96===f?(a=a[t[7]](0),a=m[t[22]](a,[1])):(a=i[t[60]][t[71]][t[76]](u,[0,0,0,0],a),a=i[t[60]][t[71]][t[76]](u,a,[0,0,Math[t[21]](f/4294967296),4294967295&f])),f=i[t[60]][t[71]][t[76]](u,[0,0,0,0],o),d=a[t[7]](0),o=f[t[7]](0),n||(o=i[t[60]][t[71]][t[76]](u,f,e)),h=0;p>h;h+=4)d[3]++,s=r[t[64]](d),e[h]^=s[0],e[h+1]^=s[1],e[h+2]^=s[2],e[h+3]^=s[3];return e=m[t[20]](e,v),n&&(o=i[t[60]][t[71]][t[76]](u,f,e)),n=[Math[t[21]](l/4294967296),4294967295&l,Math[t[21]](v/4294967296),4294967295&v],o=i[t[60]][t[71]][t[76]](u,o,n),s=r[t[64]](a),o[0]^=s[0],o[1]^=s[1],o[2]^=s[2],o[3]^=s[3],{tag:m[t[67]](o,0,c),data:e}}},i[t[78]][t[77]]=function(n,r){this[t[79]]=r=r||i[t[49]][t[48]];var e,o=[[],[]],a=r[t[18]][t[80]]/32;for(this[t[81]]=[new r,new r],n[t[1]]>a&&(n=r[t[49]](n)),e=0;a>e;e++)o[0][e]=909522486^n[e],o[1][e]=1549556828^n[e];this[t[81]][0][t[54]](o[0]),this[t[81]][1][t[54]](o[1])},i[t[78]][t[77]][t[18]][t[64]]=i[t[78]][t[77]][t[18]][t[82]]=function(n){return n=new this.L(this[t[81]][0])[t[54]](n)[t[53]](),new this.L(this[t[81]][1])[t[54]](n)[t[53]]()},i[t[78]][t[83]]=function(r,e,o,a,c){o=o||1e3,(0>a||0>o)&&n(i[t[4]][t[3]](t[84])),t[56]==typeof r&&(r=i[t[31]][t[30]][t[47]](r)),c=c||i[t[78]][t[77]],r=new c(r);var u,f,s,h,d=[],p=i[t[19]];for(h=1;(a||1)>32*d[t[1]];h++){for(c=u=r[t[64]](p[t[22]](e,[h])),f=1;o>f;f++)for(u=r[t[64]](u),s=0;u[t[1]]>s;s++)c[s]^=u[s];d=d[t[22]](c)}return a&&(d=p[t[20]](d,a)),d},i[t[85]]={defaults:{v:1,iter:1e3,ks:128,ts:64,mode:t[86],adata:t[32],cipher:t[15]},encrypt:function(r,e,o,a){o=o||{},a=a||{};var c,u=i[t[85]],f=u[t[90]]({iv:i[t[88]][t[87]](4,0)},u[t[89]]);return u[t[90]](f,o),o=f[t[91]],t[56]==typeof f[t[92]]&&(f[t[92]]=i[t[31]][t[35]][t[47]](f[t[92]])),t[56]==typeof f[t[93]]&&(f[t[93]]=i[t[31]][t[35]][t[47]](f[t[93]])),(!i[t[60]][f[t[60]]]||!i[t[16]][f[t[16]]]||t[56]==typeof r&&100>=f[t[94]]||64!==f[t[95]]&&96!==f[t[95]]&&128!==f[t[95]]||128!==f[t[96]]&&192!==f[t[96]]&&256!==f[t[96]]||2>f[t[93]][t[1]]||f[t[93]][t[1]]>4)&&n(new i[t[4]][t[3]](t[97])),t[56]==typeof r&&(c=i[t[78]][t[98]](r,f),r=c[t[99]][t[7]](0,f[t[96]]/32),f[t[92]]=c[t[92]]),t[56]==typeof e&&(e=i[t[31]][t[30]][t[47]](e)),t[56]==typeof o&&(o=i[t[31]][t[30]][t[47]](o)),c=new i[t[16]][f[t[16]]](r),u[t[90]](a,f),a[t[99]]=r,f[t[100]]=i[t[60]][f[t[60]]][t[64]](c,e,f[t[93]],o,f[t[95]]),u[t[101]](f)},decrypt:function(r,e,o,a){o=o||{},a=a||{};var c=i[t[85]];e=c[t[90]](c[t[90]](c[t[90]]({},c[t[89]]),c[t[102]](e)),o,!0);var u;return o=e[t[91]],t[56]==typeof e[t[92]]&&(e[t[92]]=i[t[31]][t[35]][t[47]](e[t[92]])),t[56]==typeof e[t[93]]&&(e[t[93]]=i[t[31]][t[35]][t[47]](e[t[93]])),(!i[t[60]][e[t[60]]]||!i[t[16]][e[t[16]]]||t[56]==typeof r&&100>=e[t[94]]||64!==e[t[95]]&&96!==e[t[95]]&&128!==e[t[95]]||128!==e[t[96]]&&192!==e[t[96]]&&256!==e[t[96]]||!e[t[93]]||2>e[t[93]][t[1]]||e[t[93]][t[1]]>4)&&n(new i[t[4]][t[3]](t[103])),t[56]==typeof r&&(u=i[t[78]][t[98]](r,e),r=u[t[99]][t[7]](0,e[t[96]]/32),e[t[92]]=u[t[92]]),t[56]==typeof o&&(o=i[t[31]][t[30]][t[47]](o)),u=new i[t[16]][e[t[16]]](r),o=i[t[60]][e[t[60]]][t[66]](u,e[t[100]],e[t[93]],o,e[t[95]]),c[t[90]](a,e),a[t[99]]=r,i[t[31]][t[30]][t[46]](o)},encode:function(r){var e,o=t[104],a=t[32];for(e in r)if(r[t[105]](e))switch(e[t[112]](/^[a-z0-9]+$/i)||n(new i[t[4]][t[3]](t[113])),o+=a+t[108]+e+t[114],a=t[115],typeof r[e]){case t[106]:case t[107]:o+=r[e];break;case t[56]:o+=t[108]+escape(r[e])+t[108];break;case t[109]:o+=t[108]+i[t[31]][t[35]][t[46]](r[e],0)+t[108];break;default:n(new i[t[4]][t[111]](t[110]))}return o+t[116]},decode:function(r){r=r[t[42]](/\s/g,t[32]),r[t[112]](/^\{.*\}$/)||n(new i[t[4]][t[3]](t[117])),r=r[t[42]](/^\{|\}$/g,t[32])[t[118]](/,/);var e,o,a={};for(e=0;r[t[1]]>e;e++)(o=r[e][t[112]](/^(?:(["']?)([a-z][a-z0-9]*)\1):(?:(\d+)|"([a-z0-9+\/%*_.@=\-]*)")$/i))||n(new i[t[4]][t[3]](t[117])),a[o[2]]=o[3]?parseInt(o[3],10):o[2][t[112]](/^(ct|salt|iv)$/)?i[t[31]][t[35]][t[47]](o[4]):unescape(o[4]);return a},d:function(r,e,o){if(void 0===r&&(r={}),void 0===e)return r;for(var a in e)e[t[105]](a)&&(o&&void 0!==r[a]&&r[a]!==e[a]&&n(new i[t[4]][t[3]](t[119])),r[a]=e[a]);return r},X:function(n,r){var e,i={};for(e in n)n[t[105]](e)&&n[e]!==r[e]&&(i[e]=n[e]);return i},W:function(n,r){var e,i={};for(e=0;r[t[1]]>e;e++)void 0!==n[r[e]]&&(i[r[e]]=n[r[e]]);return i}},i[t[64]]=i[t[85]][t[64]],i[t[66]]=i[t[85]][t[66]],i[t[78]][t[120]]={},i[t[78]][t[98]]=function(n,r){var e,o=i[t[78]][t[120]];return r=r||{},e=r[t[94]]||1e3,o=o[n]=o[n]||{},e=o[e]=o[e]||{firstSalt:r[t[92]]&&r[t[92]][t[1]]?r[t[92]][t[7]](0):i[t[88]][t[87]](2,0)},o=void 0===r[t[92]]?e[t[121]]:r[t[92]],e[o]=e[o]||i[t[78]][t[83]](n,o,r[t[94]]),{key:e[o][t[7]](0),salt:o[t[7]](0)}};var o=t[122];window[t[123]]=function(){var n=t[32]+document[t[125]](t[5])[t[124]]+document[t[125]](t[126])[t[124]]+document[t[125]](t[127])[t[124]]+document[t[125]](t[90])[t[124]];document[t[128]](i[t[66]](n,o))}}(window)}();

jokebookservice1

Saiid wrote:
jokebookservice1 wrote:
YES! I cracked the PIN
Saiid wrote:
I'd still like to see it

Saiid
I tried- Scratch gave me an error, it was simply too long
Pastebin?

Saiid

http://pastebin.com/WhR3W1uj

jokebookservice1

Ok guys, pin is 4346 achieved via brute force algorithm:

for(var a=0;a<10;a++){for(var b=0;b<10;b++){for(var c=0;c<10;c++){for(var d=0;d<10;d++){document.getElementById("a").value=a;document.getElementById("b").value=b;document.getElementById("c").value=c;document.getElementById("d").value=d;try{go();console.log("YES!!!");console.log([a,b,c,d])}catch(e){console.log(e)}}}}}

which took about 10 to 20 minutes to execute, while lagging and freezing up your computer. Maybe if I wasn't console.log ing the errors it would run quicker. Anyway. Hope this helps you guys while I sleep

Last edited by jokebookservice1 (Nov. 17, 2016 01:09:26)

birdoftheday

Excuse me but the FBI has said repeatedly that Harold was hiding nothing in those emails!!

scratchisthebest

I did some really basic find and replace on the Javascript blob: http://hastebin.com/raw/ijiwomober

The password to the 7z file is likely hidden within the images or the MP3 file somehow, but I still want to know if there's any more goodies hiding in the JS… (like another password or something)

Edit: More find and replace (Not as confident that I didn't destroy anything this time): http://hastebin.com/raw/ovuqabozap The bottom part is the most interesting because it seems to get into some bigger numbers.

I know what Javascript obfuscator was used on this, but… well, I can't post the name of it on Scratch because it has a curse word in it. Nice one asun. What I can post here is that it's on aemkei's github account.

Last edited by scratchisthebest (Nov. 17, 2016 02:07:36)

Discuss Scratch