GetScrambledPassword() and other fun stuff



  • Found on the login page of one of our internal systems. Presented without much comment:

    // Scrambles passwords using simple cipher algorithm
    function getScrambledPassword(pwd) {
        var cipher = ['k', 's', 'z', 'h', 'x', 'b', 'p', 'j', 'v', 'c', 'g', 'f', 'q', 'n', 't', 'm'];
        var result="";
        if (pwd == null)
            pwd = "";
        pwd = encodeURIComponent(pwd);
        //alert("encoded password: " + pwd);
        for(var i=0;i<pwd.length;i++) {
                var cc = pwd.charCodeAt(i);
            result += cipher[Math.floor(cc/16)] + cipher[cc%16];
        }
        //alert("scrambled password: " + result);
        return result;
    }
    
    
    
    /*
     * This function detects users key presses and sumbits the form
     * if the return key is hit.
     */
    function doSubmit(evt) {
        var keycode;
    
        // extract key code from event
        if (navigator.appName.indexOf("Netscape") != -1)
            keycode = evt.which;
        else if (navigator.appName.indexOf("Microsoft") != -1)
            keycode = window.event.keyCode;
    
        // detect the "Return" key
        if (keycode == 13) {
            doLogin();
    
            if (navigator.appName.indexOf("Microsoft") != -1)
                // stop System Default Beep Sound.
                window.event.keyCode = 0;
        }
    }
    
    
    var noDstTzs = [
    { tz:"ACT", offset:34200000 },
    { tz:"Africa/Abidjan", offset:0 },
    //snip...
    { tz:"Pacific/Norfolk", offset:41400000 }
    ];
    
    var dstTzs = [
    { tz:"AET", offset:36000000, start:1224950400, end:1206806400 },
    { tz:"AGT", offset:-10800000, start:0, end:0 },
    //snip...
    { tz:"WET", offset:0, start:1206838800, end:1224982800 },
    { tz:"Australia/Perth", offset:28800000, start:1224957600, end:1238263200}
    ];
    
    var USTzs = [
    { tz:"AST", offset:-32400000 },
    { tz:"America/Adak", offset:-36000000 },
    //snip...
    { tz:"Canada/Yukon", offset:-28800000 },
    { tz:"SystemV/AST4ADT", offset:-14400000 }
    ];
    
    function getTimezone() {
        var i, d1, d2, d3, d4, off1, off2, off3, off4;
    
        // first check for timezone with no daylight savings
        d1 = new Date(2004, 0, 1, 0, 0, 0, 0);
        off1 = d1.getTimezoneOffset() * 60000;
        d2 = new Date(2004, 3, 1, 0, 0, 0, 0);
        off2 = d2.getTimezoneOffset() * 60000;
        d3 = new Date(2004, 6, 1, 0, 0, 0, 0);
        off3 = d3.getTimezoneOffset() * 60000;
        d4 = new Date(2004, 9, 1, 0, 0, 0, 0);
        off4 = d4.getTimezoneOffset() * 60000;
    
        if (off1 == off2 && off2 == off3 && off3==off4 && off4==off1) {
            for (i=0; i<noDstTzs.length; i++) {
                if (noDstTzs[i].offset == -off1)
                    return noDstTzs[i].tz;
            }
        }
    
        // now check for timezone with daylight savings
        for (i=0; i<dstTzs.length; i++) {
            if (dstTzs[i].start==-1||dstTzs[i].end==-1)
                continue;
            d1=new Date((dstTzs[i].start-1)*1000); //1 second before DST start
            d2=new Date((dstTzs[i].start+1)*1000); //1 second after DST start
            d3=new Date((dstTzs[i].end-1)*1000); //1 second before DST end
            d4=new Date((dstTzs[i].end+1)*1000); //1 second after DST end
            off1 = d1.getTimezoneOffset() * 60000;
            off2 = d2.getTimezoneOffset() * 60000
            off3 = d3.getTimezoneOffset() * 60000
            off4 = d4.getTimezoneOffset() * 60000
            if ((off1!=off2) && (off3!=off4) && (-off4 == dstTzs[i].offset))
                return dstTzs[i].tz;
        }
        // Nothing matches to windows bug relating to the changes in 2007 US DST rules.
        for (i=0; i<USTzs.length; i++) {
            d1=new Date(2007,12,1,1,0,0,0);
            off1 = d1.getTimezoneOffset() * 60000;
            if (-off1 == USTzs[i].offset)
                return USTzs[i].tz;
        }
        return "use_server";
    }
    
    


  • Ew, that's bad. Are you allowed to fix it? How old is it?



  • Yeah! Why roll your own encryption algorithm instead of using standard ROT32? It could have some vulnerabilities.



  • @swayde said:

    Are you allowed to fix it?

    It's not even ours, it seems. Not giving out the names, but a Google of the first function's signature will tell you something.

    @swayde said:

    How old is it?

    Copyright 2009, but apparently running in quirks mode.


  • area_deu

    Oh god, I just realized ...
    That encryption thing has tons of potential collisions when using non-alphabetic characters.


  • :belt_onion:

    alert() debugging in 2009?

    Not sure if someone is stuck in the past or stuck using IE only... and even then I'm pretty sure IE's dev tools can do better!



  • @Maciejasjmj said:

    Not giving out the names, but a Google of the first function's signature will tell you something.

    Remedy :laughing: ... :facepalm:



  • It's basically hex-encoding the characters. Or rather, the LSB of them. (or rather, it just plain won't work if the charcode if >256, going beyond the cipher array)

    So if you go beyond 256, yeah, that's rather bad.

    @Onyx said:

    alert() debugging in 2009?

    In a full-fledged release for customers. To be fair, it also does alert() notifications...


  • area_deu

    @Maciejasjmj said:

    So if you go beyond 256, yeah, that's rather bad.

    Note to self: Always use at least one exotic unicode thingie - preferably an emoji - in each password.
    Just to detect such idiocy.


  • Discourse touched me in a no-no place

    @Maciejasjmj said:

    Not giving out the names, but a Google of the first function's signature will tell you something.

    82% of the Fortune 500 rely on $COMPANY for innovative and industrialized IT solutions.

    Emphasis mine. Found on their About page.



  • Why not name and shame?


  • Discourse touched me in a no-no place

    @swayde said:

    Why not name and shame?

    Sorry - thought it was a treasure hunt.... :tropical_fish:



  • @PJH said:

    treasure hunt..

    Shit, so I ruined it for everyone else? :crying_cat_face:


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.