On 4/8/07, tedd <tedd@xxxxxxxxxxxx> wrote:
At 9:42 AM +0200 4/8/07, Tijnema ! wrote: >You can't stop me :) > >http://86.86.80.41/dev/debug/tedd.php > >It's cracked again :) > >and of course i show you the code: > >http://86.86.80.41/dev/debug/tedd.txt > >Waiting for your next try :P > Tijnema: I might not be able to stop you, but I am sure I can wear you out. Here's my latest: http://sperling.com/a/arrows/ But before you spend too much time tying to figure it out, which with a HEX editor you should be able to easily discover -- this is what I did. 1. All my arrow GIF files range in size from about 500 bytes to 1.1 KB (it's not important to the solution, just a matter of range); 2. Between DEC 64 (HEX 40) to DEC 109 (HEX 6C) in the header exist all zeros. They don't provide any information regarding this image; 3. I simply used this area to store a single HEX number ranging from 0 to 255 DEC (HEX 0-255); 4. This gave me 11,475 different combinations for each GIF by changing a single bye in the header. If I used two bytes in the header, then the combinations would square. If I used all available space, then the possible combinations would be 11,475 to the 255 power (if my math is right) for each GIF. True, you could: 1. Record every MD5 of every combination for every GIF (8 x 11,475^255 different combinations) and then use those to crack this; 2. OR, simply zero out the area from DEC 64 to DEC 109 and use that. Either case would break my code.
Since you're already telling how to break, i'm not gonna break it anymore :) Btw, also you should be able to convert it to JPEG/PNG/BMP/TIFF and then convert it back to GIF. That should clean up the header :)
However, I am positive if I generated the image "on the fly" OR merged the image with a single randomized placement pixel I could generate an image that would be easily recognized by a human but not resolved by a MD5 solution. Remember, I could also use a jpeg file and have millions of colors to chose from. Unless, there is something here that I don't understand (which very well could be), I can't see how anyone, without massive computer resources, could break that. Am I wrong?
Maybe... What about OCR programs? they can read letters from images, if you could transfrom that to an program that could read arrows instead of characters. then you probably could crack it, also if you store random pixels in it. And that doesn't use massive computer resources :) That's why i wanted to go for movies, because they are a lot harder to process, but still they are processable by a bot, and so it could be cracked.... I don't think any of us will ever find a code that's not crackable, but the amount of time needed to crack needs to be as high as possible, so that crackers will stay away because it takes way too much time, and maybe also too much computer resources. But while doing this, it should never disturb the normal user from using your site.
Cheers, tedd PS: I love these types of discussions
Me too :)
-- ------- http://sperling.com http://ancientstones.com http://earthstones.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
