Re: MD5 & bot Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 9:42 AM +0200 4/8/07, Tijnema ! wrote:

You can't stop me :)

http://86.86.80.41/dev/debug/tedd.php

It's cracked again :)

and of course i show you the code:

http://86.86.80.41/dev/debug/tedd.txt

Waiting for your next try :P



Tijnema:

I might not be able to stop you, but I am sure I can wear you out.

Here's my latest:

http://sperling.com/a/arrows/
But before you spend too much time tying to figure it out, which with a HEX editor you should be able to easily discover -- this is what I did.
1. All my arrow GIF files range in size from about 500 bytes to 1.1 KB (it's not important to the solution, just a matter of range);
2. Between DEC 64 (HEX 40) to DEC 109 (HEX 6C) in the header exist all zeros. They don't provide any information regarding this image;
3. I simply used this area to store a single HEX number ranging from 0 to 255 DEC (HEX 0-255);
4. This gave me 11,475 different combinations for each GIF by changing a single bye in the header. If I used two bytes in the header, then the combinations would square. If I used all available space, then the possible combinations would be 11,475 to the 255 power (if my math is right) for each GIF. 

True, you could:
1. Record every MD5 of every combination for every GIF (8 x 11,475^255 different combinations) and then use those to crack this; 

2. OR, simply zero out the area from DEC 64 to DEC 109 and use that.

Either case would break my code.
However, I am positive if I generated the image "on the fly" OR merged the image with a single randomized placement pixel I could generate an image that would be easily recognized by a human but not resolved by a MD5 solution.
Remember, I could also use a jpeg file and have millions of colors to chose from. Unless, there is something here that I don't understand (which very well could be), I can't see how anyone, without massive computer resources, could break that. 

Am I wrong?

Cheers,

tedd

PS: I love these types of discussions
--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux