返回列表 发帖
冰血封情 该用户已被删除
楼主 跳转到 » 正序看帖
打印
tT
冰血封情发表于 2004-2-7 18:20 | 只看该作者

[原创]对一个黑客解密游戏的通关分析

注意:谨以此文章献给我的父亲和母亲,感谢他们对我多年来的养育之恩。 原创声明: 中国暗域网络技术资讯站原创文章,作者 冰血封情,转载劳烦著名出处。 拙笔正文: 有一天,在鹰派论坛上看见了一个朋友发的黑客游戏帖。游戏地址http://www.my1314.com/testit/index.htm。自己玩了一下觉得很有趣,就想把攻略详细写下来给大家做个参考。其实这类破解游戏都是很落后的了,只是给大家一个启发。好了,切入正题。 (1)1-2 来到第一关的页面,地址:http://www.my1314.com/testit/index.htm,直接通过[B]查看(&V)[/B],[B]源文件(&C)[/B]。可以看见如下的源代码:
  1. <html>
  2. <head>
  3. <NOscript><IFRAME SRC=-.html></IFRAME></NOscript>
  4. <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
  5. <title>Mission 1</title>
  6. <script language="JavaScript">
  7. function CheckPassword()
  8. {
  9. [color=ff0000]if(document.all.password.value == www.xxiyy.net) [/color]
  10. window.open("test2.1207.htm","surveywin","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no,width=610,height=400,status=yes,resizable=yes");
  11. else
  12. window.alert("密码错误哦!");
  13. }
  14. </script>
  15. </head>
  16. <body OnContextMenu ="return false">
  17. <p>第一关,请输入密码进入第二关</p>
  18. <p>密码:</p>
  19. <input name="password" type="password" id="password">
  20. <input type="button" name="Submit" value="确定" onClick="javascript :CheckPassword();">
  21. </body>
  22. </html>
复制代码
看见红色部分了么?密码就是www.xxiyy.net,输入后点确定到第二关! (2)2-3 第二关是个跳出来的窗口,没地址怎么办?其实在上面的红色代码部分的下面我们很容易找到第二关的地址是test2.1207.htm,这样一来我们就可以用IE直接打开第二关的页面地址http://www.my1314.com/testit/test2.1207.htm,然后故伎重演使用[B]查看(&V)[/B],[B]源文件(&C)[/B]。可以看见如下的源代码:
  1. <html>
  2. <head>
  3. <NOscript><IFRAME SRC=-.html></IFRAME></NOscript>
  4. <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
  5. <title>Mission 2</title>
  6. <script language="JavaScript">
  7. function CheckPassword()
  8. {
  9. [color=ff0000]if(document.all.password.value == "www.hackerbase.net")[/color]
  10. top.location = "test3.1153.htm";
  11. else
  12. window.alert("密码错误哦!");
  13. }
  14. </script>
  15. </head>
  16. <body OnContextMenu ="return false">
  17. <p>第二关,请输入密码进入第三关</p>
  18. <p>密码:</p>
  19. <input name="password" type="password" id="password">
  20. <input type="button" name="Submit" value="确定" onClick="javascript :CheckPassword();">
  21. </body>
  22. </html>
复制代码
方法和一到二关一样,很容易可以看到密码是www.hackerbase.net,页面地址是http://www.my1314.com/testit/test3.1153.htm。这样我们就顺利进入第3关了。怎么样?相当简单了吧,地球人都会。呵呵…… (3)3-4 来到第三关了,老办法查看源文件,看到如下代码:
  1. <frameset rows='100%,*' frameborder='NO' border='0' framespacing='0'>
  2. <frame src='test3.1200.htm' name='mainFrame' frameborder='no' noresize>
  3. </frameset>
  4. <noframes>如果你看到这个的话……很可惜,你的浏览器不让你继续玩下去了。:(
  5. </noframes>
复制代码
是人都知道,连密码验证都没看见,叫什么页啊?一定是假的。不错!仔细看看代码,原来真正的web在这里test3.1200.htm,添入http://www.my1314.com/testit/test3.1200.htm回车,又回到http://www.my1314.com/testit/test3.1153.htm了,哈哈看来用了转向。 这样吧,请出老土命令。在地址栏写入view-source:http://www.my1314.com/testit/test3.1200.htm回车,跳出了http://www.my1314.com/testit/test3.1200.htm的源文件。内容如下:
  1. <html>
  2. <head>
  3. <script language="JavaScript">
  4. if(self==top)
  5. {
  6. top.location="test3.1153.htm";
  7. }
  8. </script>
  9. <NOscript><IFRAME SRC=-.html></IFRAME></NOscript>
  10. <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
  11. <title>Mission 3</title>
  12. <script language="JavaScript">
  13. function CheckPassword()
  14. {
  15. if(document.all.password.value == "20030927")
  16. top.location = "test4.1131.htm";
  17. else
  18. window.alert("密码错误哦!");
  19. }
  20. </script>
  21. </head>
  22. <body OnContextMenu ="return false">
  23. <p>第三关,请输入密码进入第四关</p>
  24. <p>密码:</p>
  25. <input name="password" type="password" id="password">
  26. <input type="button" name="Submit" value="确定" onClick="javascript :CheckPassword();">
  27. </body>
  28. </html>
复制代码
哈哈哈哈……果然是很土!方法同一二关一样,不详细说了。现在来看第四关http://www.my1314.com/testit/test4.1131.htm。 (4)4-5 输入地址后回车,竟然跳出要输入密码的窗口。呵……真是土。以为跳出窗口就不方便查看源文件了?老方法用view-source:http://www.my1314.com/testit/test4.1131.htm轻而易举的查看源代码。如下:
  1. <html>
  2. <head>
  3. <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
  4. <title>Mission 4</title>
  5. </head>
  6. <body OnContextMenu ="return false">
  7. <script language="JavaScript">
  8. if(window.prompt("请输入密码进入第五关:","") == "12272003")
  9. top.location = "test5.1226.htm";
  10. else
  11. {
  12. window.alert("密码错误哦!");
  13. top.location = "error.htm";
  14. }
  15. </script>
  16. <p>第四关,请输入密码进入第五关</p>
  17. </body>
  18. </html>
复制代码
同样方法,也不再赘述。 (5)5-6 我们直接输入密码12272003来到第五关地址http://www.my1314.com/testit/test5.1226.htm! 靠,竟然还是要输入密码,那么老办法用view-source:http://www.my1314.com/testit/test5.1226.htm有点象万能的感觉。嘿嘿…… 可是回车后出现的是:
  1. <script>document.write(unescape("[color=ff0000]%3c%68%74%6d%6c%3e%0d%3c%68%65%61%64%3e%0d%3c%6d%65%74%61%20%68%74%74%70%2d%65%71%75%69%76%3d%22%43%6f%6e%74%65%6e%74%2d%54%79%70%65%22%20%63%6f%6e%74%65%6e%74%3d%22%74%65%78%74%2f%68%74%6d%6c%3b%20%63%68%61%72%73%65%74%3d%67%62%32%33%31%32%22%3e%0d%3c%74%69%74%6c%65%3e%4d%69%73%73%69%6f%6e%20%35%3c%2f%74%69%74%6c%65%3e%0d%3c%2f%68%65%61%64%3e%0d%3c%62%6f%64%79%20%20%4f%6e%43%6f%6e%74%65%78%74%4d%65%6e%75%20%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%3e%0d%3c%70%3e%u7b2c%u4e94%u5173%uff0c%u8bf7%u8f93%u5165%u5bc6%u7801%u8fdb%u5165%u7b2c%u516d%u5173%3c%2f%70%3e%0d%3c%73%63%72%69%70%74%20%6c%61%6e%67%75%61%67%65%3d%22%4a%61%76%61%53%63%72%69%70%74%22%3e%0d%69%66%28%77%69%6e%64%6f%77%2e%70%72%6f%6d%70%74%28%22%u8bf7%u8f93%u5165%u5bc6%u7801%u8fdb%u5165%u7b2c%u516d%u5173%uff1a%22%2c%22%22%29%20%3d%3d%20%22%6d%69%6b%65%73%70%6f%6f%6b%22%29%0d%20%74%6f%70%2e%6c%6f%63%61%74%69%6f%6e%20%3d%20%22%74%65%73%74%36%2e%31%32%33%31%2e%68%74%6d%22%3b%0d%65%6c%73%65%0d%7b%0d%20%77%69%6e%64%6f%77%2e%61%6c%65%72%74%28%22%u5bc6%u7801%u9519%u8bef%u54e6%uff01%22%29%3b%0d%20%74%6f%70%2e%6c%6f%63%61%74%69%6f%6e%20%3d%20%22%65%72%72%6f%72%2e%68%74%6d%22%3b%0d%7d%0d%3c%2f%73%63%72%69%70%74%3e%0d%3c%2f%62%6f%64%79%3e%0d%3c%2f%68%74%6d%6c%3e%0d[/color]"));</script>
复制代码
诶呀妈呀?这可怎么办?其实大家不要担心,这只不过是一种加密的方式,具体是这样的,插入了什么东东呢?下来看看。 输入:http://www.my1314.com/testit/6.js下回来打开一看。内容如下:
  1. function MyDecode(str)
  2. {
  3. var c="";
  4. var arrCodes = new Array("g","f","w","v","h","z","t","i","y","s","u","x","a","r","j","b","k","q","n","c","o","l","d","p","m","e","]","?","#","%","*","\n");
  5. var arrChars = new Array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","<",">","/","\"","@","!");
  6. for(i=0;i<str.length;i++)
  7. {
  8. bCode = false;
  9. for(j=0;j<32;j++)
  10. if(str.substr(i, 1)==arrCodes[j])
  11. {
  12. c = c + arrChars[j];
  13. bCode = true;
  14. break;
  15. }
  16. if(bCode==false)
  17. c = c + str.substr(i, 1);
  18. }
  19. return c;
  20. }
复制代码
原来是一个小小的算法,还好没相信ndyxx这个伪劣商品。 ("g","f","w","v","h","z","t","i","y","s","u","x","a","r","j","b","k","q","n","c","o","l","d","p","m","e","]","?","#","%","*","\n"); var arrChars = new Array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","<",">","/","\"","@","!"); ndyxx 可以看出来:n相对应的是s d想对应的是w y想对应的是i x想对应的是l 那么最后以次类推得出来的是swill,把swill输入可以去下一关。把弹出来的窗口移开,可以看到第七关的地址是:http://www.my1314.com/testit/test7.2003.htm (7)7-8 老方法view-source:看第7关的代码。得到如下内容:
  1. <html>
  2. <head>
  3. <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
  4. <title>Mission 7</title>
  5. </head>
  6. <body OnContextMenu ="return false">
  7. <p>第七关,请输入密码进入第八关</p>
  8. <script language="JScript.Encode">#@~^rwAAAA==@#@&kWvhbxNKhc2DK:2YvJ请输入密码进入第八关:ESrJ#,x',JAbL$kTKDsNEb@#@&7YK2R^W^CDkWU~{PEYdD% 8 l&R4YsEi@#@&nVk+@#@&P@#@&iAk NWS CVDD`E密码错误哦!JbI@#@&7YK2R^W^CDkWU~{PE+M.KD 4YsJi@#@&)@#@&jikAAA==^#~@</script>
  9. </body>
  10. </html>
复制代码
哇,什么乱七八糟的啊?看来又是加密了,这是个和上面那个不同的新加密方法。这个加密的方法我在我的另外一篇叫[原创]对一个网页木马的剖析文章中提起过,以上的这种代码是明显被微软的脚本编码器( SCRENC.EXE )加密过。解密工具我也已经放在中国暗域网络技术联盟下载系统了,大家可以自己下。解密后的明文如下: [coed] Mission 7

第七关,请输入密码进入第八关

[/code] 好了,关键代码又都出来了,也不用我们说什么,直接来下面一关。 (8)8-通关 输入密码BigBigWorld来到http://www.my1314.com/testit/test8.1253.htm。 这次我们连网页都不用看直接使用view-source:http://www.my1314.com/testit/test8.1253.htm看第八关的源代码!
  1. <script language="JScript.Encode">#@~^kwsAAA==[Km;s+ YRSDbO+vEU+kmC2`Jufmuv%u{*]+Nuv^]fnu![]2^]+%Yl]vqY+cY&YZNY2muvNuvlYGW]Fu TY+%]F*]Fc]FTY 9]+*YGqYF*YvOYG+]f[u Y*2]0u]{W]+*]++u{cu []lcY{O]GZYvl] yY+!uv2]0Y]{cu*uvnYFc]f[u +]F*uvXuGR]GW]yW]+%YGW][uvmuf4u !uf]+%uvq]{+uGf]+X]FcYf9]v{Y+ Y&yY2&Y2Fu& u yY&]TNu&^YFc]+1]Fc]+^Yvl]2+Yc[Y+,YG2YG2]1uv0Y]+!ufR]f1]y0]Fcu,uG*]+mYl]&Y!9]&1Y+0uvR]*Y8]cuf+u![Y2m]+uvW]+*uG1u Z] Z]WW]++Yc2]Wuv+u{cuv*u{0]Fcuc[]Xuvn]FX]y!Yf9] +YF YvlYFcYF*uG uvY Z]vuvqY+m]Ff]+*]y+Y&]ZNY&^YF!Y&YEF4+^uE*q(];*8{2]f1]y0]F!uf+u![]2mY{2]v2YGy]vOY{!uGW]+!Y1]Fu+uv{YF*]quv{]+Xu&[u y]cm]+q]FvYv8]Xfuv&u{ uv,u{T]Fcu +]fnu![]+]F*Y]vfYFcYvOY+0Y++u !uc9YGO]*cuvXY+&]+W]+c]+XY R]F&YG*YF Y OY!9]{8u!NY+Z]{vu8]{y]y!]+&ufNu +]y Yf(]!9Y Z]G+YFuGy]+!Y8]{ u{ ucfY+0]*uvX]Ffu Tu&9] Z]+n]+*YGF]+TucFu{ uG uq]F,u 0]++uv{]y+]ymY+y]vYy Y 1Yy YFGu u 1Y y]{vu +Yym]y+]+%]y+Y 1]y YGCYy Y 1Y y]{*u Y+1]+ uO]+y]ym]y u{,u +]ymY+y]G2Y y] 1Y+ uGl]+ Y+1]+ u{%u +Yym]++uvq]y+u ^u y]Gy]y+]ymY y]Cu u+mu u+]y u ^]++uv8]y+]ymY+y]GqYy Y 1Yy Y++u u 1Y y]&u +Yym]y+]+0]y+Y 1]y Yv^Yy Y 1Y y]*u Y+1]+ u{Z]+y]ym]y uNu +]ymY+y]vlY y] 1Y+ u*9]+ Y+1]+ uf0u +Yym]++u f]y+u ^u y] l]y+]ymY y]+Cu u+mu uX^]++u +]+1u&8]Z[]y!Y{+]vqYF Y ZY+FYF uG uc2YvR]FuG+YF&]yT]2N]yTYv]+*YG{Yy!Yc8YGy]{+uvFY{O]+%u+y]8]y ]ymu+ uv+]y Y+1] yYv2] yY+mu y]cY+y]+mu+ uvXYy ]+^u +]+u +u 1] y]+{]y Y 1]++uv%u+ u mu++]+,u +]+^u +]+C]y Y+1] +Y+4Y yYymYy uvmu yY 1]+ uv[Yy ]y^]y ]+nY y]ymY +Y+0Y yY 1]++uG!Y+y]+mu+y]{8]y ]ymu+ uG+]y Y+1] yYG2] yY+mu y]{cY+y]+mu+ uGXYy ]+^u +]Fu +u 1] y]F{]y Y 1]++uG%u+ u mu++]F,u +]+^u +]FC]y Y+1] +Y2mY yYymYy u&+u yY 1]+ u WYy ]y^]y ]l^Y y]y Y ^Yy YcZY y]+^u Y+8]+ u+O]f(]ZN]y!uvuvW]F Y+R]vOY&9]&ZYf4uvO]fmY{2]{cu{ u nY+m]Xuvn]+{uG*uvR]&(]+1]y4Y (]+1u!Nu+!uG4uT[]y!uv+]*fuvW]+*]+*Y+Z]&[Yy!Yv+Y+FY+muG&uvlY&(]TNu TY+v]+W]F ]y0Yvm]2NY&TY24YvmY&1]ffu& Yf(]lu+(]+(]y,]ZNu+!uv1]+vY+R]G2YGW]GyY++uG2]{*Yy]{&u{cuG+Yy%]1u ^]yTu&qu O]&9]2[]+FYGy]{+uc&u0uvcuX]F&u*8]Cu*[]y1]ZNY+Z]G8YZNY ZY+&Yy!u&Nu ZYv2]+!u 8Yy!]+q]F ]F+Yc2]+%YvqYF YG2Y*(]Cu*NYf(]TNu+Z]y]W&]+0ucuvX]y!Yf9] ZYGW]GyY{*uvl]f4YT9]+!u uG+Y+*]quv8]28u![u Z]G9]Z[]y!YvO]u %u uc&uW]+cuvX]f[u&[]+]+FY1]GfY+*Y OYZNYy!uv&u ZY&9]+!uvfYy!]y8]y!]FfYGW]F Y nYF&YGlYvy]{fuGcY{y]+%uO]+1]y!]2Fu+,u&8]ZNY+Z]G9Y!9] ZY{ uvl]{cY{l]{ u+u TY+&]f8u![]F[u![uvO]v+]y0]FGYvO]nuvcu0uGGu+n]F!uG+]Wuv[]FT]FcY+R] +Y!%80FY!%WO&uE*8vlYEl4^vuE{0ZF]!X4Rm]!+FZ]!v+cTY!v{!OYElF{fuE*f8];06qm]+y]ym]y u+ u 1]y!Yf9]&9Y Z]c9Y{,ucW]*Y2]0ucuvXYy%]++u**]+0uvnuv2]GO]+n]+lYv1]0uGFu+ u ,u+1]ZNu T]*uvW]+f]F*Y9]vXY++YGWYy+YFGuG uvOYGW]*u 0Yy ]!!+N]!XX,1]!0W!^Y!cWvZYElNW+uEGn^6];*(01];+ 8!]!*8%uE1!%Y;lFG2YEl&v8Y;06!8]+ Y+O]f4uTNuvXY+m]{fuvX]Z[uG8u!9] Z]F{]+,Yv]*uv0u{Gu +uq]+muvX]{+uG*]y0]y Y;l4mY!G0!8Y!,X8,uE%(+6YElcnvuEWWZF]y+]y,]28Y!9]y!YG*Y+0YGZY ]^uv0Y2]Fu{W]O]+0]++u+!u&[]y!Y+y]vlYGy]GyY0uGy]++YR]{cuNu +Y24]T[uG[]Z[u&^u 6]G2]+f]F YvO]{TuGcuf+u!Nuf^]y0uv+]Wuv*]F1]2+YT9]&^Yy0YvRYFcY+Nuvmu&Y!9Jb#p924CAA==^#~@</script>
复制代码
怎么又来了?按照第七关的方法解密后得到:
  1. <script language="JScript.Encode">document.write(unescape("%3c%68%74%6d%6c%3e%0d%3c%68%65%61%64%3e%0d%3c%6d%65%74%61%20%68%74%74%70%2d%65%71%75%69%76%3d%22%43%6f%6e%74%65%6e%74%2d%54%79%70%65%22%20%63%6f%6e%74%65%6e%74%3d%22%74%65%78%74%2f%68%74%6d%6c%3b%20%63%68%61%72%73%65%74%3d%67%62%32%33%31%32%22%3e%0d%3c%74%69%74%6c%65%3e%4d%69%73%73%69%6f%6e%20%38%3c%2f%74%69%74%6c%65%3e%0d%3c%2f%68%65%61%64%3e%0d%3c%62%6f%64%79%20%20%4f%6e%43%6f%6e%74%65%78%74%4d%65%6e%75%20%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%3e%0d%3c%70%3e%u7b2c%u516b%u5173%3c%2f%70%3e%0d%3c%73%63%72%69%70%74%20%6c%61%6e%67%75%61%67%65%3d%22%4a%61%76%61%53%63%72%69%70%74%22%3e%0d%66%75%6e%63%74%69%6f%6e%20%4d%79%44%65%63%6f%64%65%28%73%74%72%29%0d%7b%0d%20%76%61%72%20%63%3d%22%22%3b%0d%20%76%61%72%20%61%72%72%43%6f%64%65%73%20%3d%20%6e%65%77%20%41%72%72%61%79%28%22%67%22%2c%22%66%22%2c%22%77%22%2c%22%76%22%2c%22%68%22%2c%22%7a%22%2c%22%74%22%2c%22%69%22%2c%22%79%22%2c%22%73%22%2c%22%75%22%2c%22%78%22%2c%22%61%22%2c%22%72%22%2c%22%6a%22%2c%22%62%22%2c%22%6b%22%2c%22%71%22%2c%22%6e%22%2c%22%63%22%2c%22%6f%22%2c%22%6c%22%2c%22%64%22%2c%22%70%22%2c%22%6d%22%2c%22%65%22%2c%22%5d%22%2c%22%3f%22%2c%22%23%22%2c%22%25%22%2c%22%2a%22%2c%22%5c%6e%22%29%3b%0d%20%76%61%72%20%61%72%72%43%68%61%72%73%20%3d%20%6e%65%77%20%41%72%72%61%79%28%22%61%22%2c%22%62%22%2c%22%63%22%2c%22%64%22%2c%22%65%22%2c%22%66%22%2c%22%67%22%2c%22%68%22%2c%22%69%22%2c%22%6a%22%2c%22%6b%22%2c%22%6c%22%2c%22%6d%22%2c%22%6e%22%2c%22%6f%22%2c%22%70%22%2c%22%71%22%2c%22%72%22%2c%22%73%22%2c%22%74%22%2c%22%75%22%2c%22%76%22%2c%22%77%22%2c%22%78%22%2c%22%79%22%2c%22%7a%22%2c%22%3c%22%2c%22%3e%22%2c%22%2f%22%2c%22%5c%22%22%2c%22%40%22%2c%22%21%22%29%3b%0d%20%66%6f%72%28%69%3d%30%3b%69%3c%73%74%72%2e%6c%65%6e%67%74%68%3b%69%2b%2b%29%0d%20%7b%0d%20%62%43%6f%64%65%20%3d%20%66%61%6c%73%65%3b%0d%20%66%6f%72%28%6a%3d%30%3b%6a%3c%33%32%3b%6a%2b%2b%29%0d%20%69%66%28%73%74%72%2e%73%75%62%73%74%72%28%69%2c%20%31%29%3d%3d%61%72%72%43%6f%64%65%73%5b%6a%5d%29%0d%20%7b%0d%20%63%20%3d%20%63%20%2b%20%61%72%72%43%68%61%72%73%5b%6a%5d%3b%0d%20%62%43%6f%64%65%20%3d%20%74%72%75%65%3b%0d%20%62%72%65%61%6b%3b%0d%20%7d%0d%20%69%66%28%62%43%6f%64%65%3d%3d%66%61%6c%73%65%29%0d%20%63%20%3d%20%63%20%2b%20%73%74%72%2e%73%75%62%73%74%72%28%69%2c%20%31%29%3b%0d%20%7d%0d%20%72%65%74%75%72%6e%20%63%3b%0d%7d%0d%69%66%28%77%69%6e%64%6f%77%2e%70%72%6f%6d%70%74%28%22%u8bf7%u8f93%u5165%u5bc6%u7801%u5b8c%u6210%u6240%u6709%u5173%u5361%uff1a%22%2c%22%22%29%20%3d%3d%20%4d%79%44%65%63%6f%64%65%28%22%54%68%6e%63%79%6e%6a%6c%68%71%22%29%29%0d%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%22%u606d%u559c%uff0c%u4f60%u5df2%u7ecf%u5b8c%u6210%u5168%u90e8%u5173%u5361%uff01%22%29%3b%0d%65%6c%73%65%0d%7b%0d%20%77%69%6e%64%6f%77%2e%61%6c%65%72%74%28%22%u5bc6%u7801%u9519%u8bef%u54e6%uff01%22%29%3b%0d%20%74%6f%70%2e%6c%6f%63%61%74%69%6f%6e%20%3d%20%22%65%72%72%6f%72%2e%68%74%6d%22%3b%0d%7d%0d%3c%2f%73%63%72%69%70%74%3e%0d%3c%2f%62%6f%64%79%3e%0d%3c%2f%68%74%6d%6c%3e%0d"));</script>
复制代码
还是密文?有点垂死挣扎的感觉,呵……再按照第六关的解密方法,得出:
  1. <html>
  2. <head>
  3. <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
  4. <title>Mission 8</title>
  5. </head>
  6. <body OnContextMenu ="return false">
  7. <p>第八关</p>
  8. <script language="JavaScript">
  9. function MyDecode(str)
  10. {
  11. var c="";Thncynjlhq:gestisover
  12. var arrCodes = new Array("g","f","w","v","h","z","t","i","y","s","u","x","a","r","j","b","k","q","n","c","o","l","d","p","m","e","]","?","#","%","*","\n");
  13. var arrChars = new Array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","<",">","/","\"","@","!");
  14. for(i=0;i<str.length;i++)
  15. {
  16. bCode = false;
  17. for(j=0;j<32;j++)
  18. if(str.substr(i, 1)==arrCodes[j])
  19. {
  20. c = c + arrChars[j];
  21. bCode = true;
  22. break;
  23. }
  24. if(bCode==false)
  25. c = c + str.substr(i, 1);
  26. }
  27. return c;
  28. }
  29. if(window.prompt("请输入密码完成所有关卡:","") == MyDecode("Thncynjlhq"))
  30. document.write("恭喜,你已经完成全部关卡!");
  31. else
  32. {
  33. window.alert("密码错误哦!");
  34. top.location = "error.htm";
  35. }
  36. </script>
  37. </body>
  38. </html>
复制代码
不新颖。看过这个加密的方法了?分析一下,不难得出密码是Testisover。这里要注意,大写的T是不用进入换算的,很多朋友算出Gestisover是不对的。 现在我们输入密码Testisover,终于出现:
第八关 恭喜,你已经完成全部关卡!
因此我们总结一下: 密码和页面就全部都出来了
1:http://www.my1314.com/testit/index.htm 1-2:www.xxiyy.net 2:http://www.my1314.com/testit/test2.1207.htm 2-3:www.hackerbase.net 3:http://www.my1314.com/testit/test3.1153.htm 3-4:20030927 4:http://www.my1314.com/testit/test4.1131.htm 4-5:12272003 5:http://www.my1314.com/testit/test5.1226.htm 5-6:mikespook 6:http://www.my1314.com/testit/test6.1231.htm 6-7:swill 7:http://www.my1314.com/testit/test7.2003.htm 7-8:BigBigWorld 8:http://www.my1314.com/testit/test8.1253.htm 8-9:Testisover 9:http://www.my1314.com/testit/test8.1253.htm
灌水广告: ——文章原创由 中国暗域网络 及 邪恶八进制 冰血封情 ——Be powered by Hackway Power of Cn & EvilOctal Security Group Evilin ——欢迎访问 www.HackWay.net & www.EvilOctal.com
收藏 分享

冰血封情 该用户已被删除
6
冰血封情发表于 2004-2-7 23:56 | 只看该作者

[原创]对一个黑客解密游戏的通关分析

bigblock
一直觉得你的技术不错,而且技术部的工作是很用心的。我相信我们一定会有共同语言的!你的QQ是??

TOP

bigblock 该用户已被删除
5
bigblock发表于 2004-2-7 21:10 | 只看该作者

[原创]对一个黑客解密游戏的通关分析

第7关...

TOP

Backstreet 该用户已被删除
地板
Backstreet发表于 2004-2-7 19:51 | 只看该作者

[原创]对一个黑客解密游戏的通关分析

没时间!有时间会去看看的~~~

TOP

默读忧伤 该用户已被删除
板凳
默读忧伤发表于 2004-2-7 19:50 | 只看该作者

[原创]对一个黑客解密游戏的通关分析

很好,先down了再看~

TOP

高风亮节 该用户已被删除
沙发
高风亮节发表于 2004-2-7 18:40 | 只看该作者

[原创]对一个黑客解密游戏的通关分析

VERY GOOD!!

TOP

返回列表 回复 发帖