- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Nooo!!! This is SUPER security!!! It's more secure than ROT-13 !!! It's SLIDE-15 !!!
Admin
That just looks like a bunch of gibberyjew
Admin
Admin
Everyone knows the most important protection anyone can implement is against your coworkers. Forget script kiddies playing with a black box hoping for some response that hints at the inner workings. You should be worried about the people around you that can see the inner workings clear as day. If you don't need a self made notebook (preferably also written with a rotating cipher) to decipher your own code, your job isn't secure enough.
Admin
first!!!!!!!!!!!! well almost
Admin
This method is highly secure. No self-respecting hacker is even going to waste his time trying bit-shifting algorithms.
I call it "Security through stupidity." Genius.
Admin
obtuse obfuscation . i once had a colleague who suggested disguising an mdb file as a dll and placing it in the system folder....
Admin
Can somebody who's had their morning coffee (or just has VB running) please post the decoded version of the string, for curiosity's sake? I tried re-implementing it in Javascript, but I'm still getting garbage. Does VB use some magic non-unicode character set or something, or am I just having a serious case of the mondays?
Admin
Secure? That's nothing. At my place of work, we go the added mile. First we offset by 37 characters, note that it's a prime offset. Then we do a reverse offset of 61 characters, again a prime offset. Finally, to mislead the potential hackers and confuse them even further, we do a third offset of 24 characters - a non-prime offset this time. This has them pounding their heads against their keyboards.
Admin
I'm also curious to see other people's results; I'm pretty confident that this is close, but not quite right. I think it's been encrypted doubly using an encoding like "not English".
Pv�o��idev�=SQLOLEDB.1;Pax�x���ov�d=WEB456;Pev�x�ix�z� Sec��v�iz��� Info=Tv���e;Ux�ev� ID=WEBREPORTS;Iniz�ial Caz�alog=FACTURATION_XEROX;Daz�a So��v�ce=lookx�u�lm;Ux�e Pv�oced��v�e fov� Pv�epav�e=1;A��z�o Tv�anx�laz�e=Tv���e;Packez� Si��e=4096;Wov�kx�z�az�ion ID=WDLK107
Code:
# encoding: utf8 myStr = 'F?@Z[SfLSX/}~xÉpÉÇzÅ~fJEH?CLtâxb/' \ + 'Étzrp_JtÑÅcLtÉp{Ç}pÅc/~ÉÑPJ@LtÅptÅ_/Å~u/tÅÑstr~Å_/tÇdJ|{ÄÇz~~{' \ + 'LtrÅÑ~b/pÉpSJg^aTgn]^XcPadcRPULv~{pÉpR/{pxÉx}XJbca^_TaQTfLSX/ÅtÇ' \ + 'dJtÑÅcL~u}X/àÉxÅÑrtb/ÉÇxÇÅt_JEDCQTfLsÅ~ÜÇÇp_J@=QST[^[`bLÅtsxÖ~Å_' def decode(s): newS = [] for c in s: newS.append(chr(ord(c)-15)) newS.reverse() return ''.join(newS) print decode(myStr)Admin
More like job security.
Admin
Admin
Ah, the dreaded ROT-0 encryption.
Admin
Bonus, you can use the same function to encode it. Only needing to run the same string through it 3840 times to do so.
Captcha: mara (jade?)
Admin
The original code is not VB, but I "decoded" it with VB and get part gibberish, part connection string. I think it was fux0red by a copy/paste operation.
P¶oÇide¶=SQLOLEDB.1;Pa¸¸Ío¶d=WEB456;Pe¶¸i¸º Sec¶iºÑ Info=T¶Âe;U¸e¶ ID=WEBREPORTS;Iniºial Caºalog=FACTURATION_XEROX;Daºa So¶ce=look¸µlm;U¸e P¶oced¶e fo¶ P¶epa¶e=1;Aºo T¶an¸laºe=T¶Âe;Packeº SiÓe=4096;Wo¶k¸ºaºion ID=WDLK107
Addendum (2009-04-13 09:42): Provider=SQLOLEDB.1;Password=WEB456;Persist Security Info=True;User ID=WEBREPORTS;Initial Catalog=FACTURATION_XEROX;Data Source=looksµlm;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=WDLK107
Couldn't figure out the data source.
Admin
Sixteenth! ;-)
Also, re it being Delphi, no wonder it reminded me of Pascal, from way back in kollij. Delphi is basically, er, I mean, essentially, Visual Pascal.
Admin
Oh my god, I had all but forgotten those books. I should re-read them, see if they're still as good as they were in high school.
Admin
Oh, I didn't realize it was also reversed. That's some good encryption. Strings like SQLOLEDB are a pretty good indicator that you got it right and the rest is some other language or messed up. BDELOLQS not so much.
Admin
Dear college kid, welcome to the real world.
Where stupid people get hired and promoted, where stupid code lives on forever, where stupid managers and customers pay mounds of shining gold for steaming piles of dung because they can't tell junk from jet engines, where 90% of lusers need anti-virus because they have to be logged in as administrator while they're reading their SPAM.
Admin
I'm just glad you're not bitter.
Admin
Ahhh!!! A great job for the programmer. The data it's safe!!
Admin
I can just imagine the main function of the app now....
Buyit(); useit(); breakit(); fixit(); Trashit(); changeit(); mail_upgradeit(); Chargeit(); pointit(); zoomit(); pressit(); Snapit(); workit(); quick_eraseit(); Writeit(); cutit(); pasteit(); saveit(); Loadit(); checkit(); quick_rewriteit(); Plugit(); playit(); burnit(); ripit(); Draganddropit(); zip_unzipit(); Lockit(); fillit(); callit(); findit(); Viewit(); codeit(); jam_unlockit(); Surfit(); scrollit(); pauseit(); clickit(); Crossit(); crackit(); switch_updateit(); Nameit(); rateit(); tuneit(); printit(); Scanit(); sendit(); fax_renameit(); Touchit(); bringit(); Payit(); watchit, Turnit(); leaveit(); start_formatit();
Admin
Admin
I'm starting to think that the code is not a WTF after all. The intent seems to have been to hide the connection string from casual view. And that seems to have worked.
Both the encrypted string and the decryption algorithm have been visible on the WTF site for about an hour now. A whole bunch of people have tried to decrypt it. A few have come close. None have completely succeeded.
Looks to me like the original author succeeded in his intent quite nicely. Hmmmmmm....
Admin
comment = first + 24
Admin
The data source is "looksqlm":
Provider=SQLOLEDB.1;Password=WEB456;Persist Security Info=True;User ID=WEBREPORTS;Initial Catalog=FACTURATION_XEROX;Data Source=looksqlm;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=WDLK107
Admin
whipit();
Admin
Have you tried running Windows XP as a non-administrator? It gets to be kind of a pain. Vista is noticeably better in that regard, but still has a ways to go before it's as nice in that regard as Linux.
Admin
I Lol'd
Admin
Or Alex changed the string to protect the identity of the actual company that originated this code.
P.S. Digging the Daft Punk reference.
Admin
I can only imagine the other functions:
WorkIt() MakeIt() DoIt() MakesUs() Harder() Better() Faster() Stronger()
Admin
Ah Crap, someone was faster making a Daft Punk reference :D
Admin
Reminds me of that Daft Punk Song
Buy it, use it, break it, fix it, Trash it, change it, mail, upgrade it, Charge it, point it, zoom it, press it, Snap it, work it, quick erase it, Write it, cut it, paste it, save it, Load it, check it, quick rewrite it
hahaha
Admin
Sigh, it seems I'm too slow too :P
Admin
We have a winner! Please collect your prize!
Admin
No, it is just some copy-and-paste problem with the extended ASCII codes. I have one character I am not sure of, in the "Data Source=" part. I used "q" for the weird character, but others might know the correct code reference.
Yes, I replaced the password with stars, although you can probably figure it out from the other posts here.
Admin
This comment generated as a result of the invocation of method postit()
Admin
In the spirit of the original developer, I think a more radical solution is to return to the very earliest days of ciphers:
(1) Write security string on wooden table in purple crayon. (2) Acquire slave (available on most downtown corners these days). (3) Shave head of slave. (4) Bang slave's head repeatedly on wooden table. (5) Wait for hair to grow back. (6) Send slave to remote server, which has its own wooden table. (7) Shave head of slave. (8) Bang slave's head repeatedly on wooden table. (9) Et voila! Security Through Alopecia!
Ideally, the slave should not be bald and not have some strange scalp disease that causes the Public Health Authorities to shave his head at some intermediate point.
Of course, I'll admit that performance may suffer somewhat. But that's the price you pay for real security.
Admin
Whipit(GOOD);
Admin
biteit() before it bites me!
Admin
Function call whipit() should only be invoked on an error condition (i.e., when a problem comes along )
Admin
Actually, after being encoded with SHIFT-15, the bytes were interpreted as MacRoman (instead of ISO-8859-1), then encoded with HTML-entities, then finally UTF-8 (as presented on TDWTF webpage).
So, decoding the encoded text as MacRoman yields
No need for guessing.
Admin
Also, I think the code (it's Delphi) would compile fine in Free Pascal (free/open-source)
Admin
Admin
I've been running as a Limited User since Windows 2000 days. No problems whatsoever. Of course, some piece of crap (like ICQ) would refuse to work, but that's just a reason not to use ICQ.
Admin
Teknologic
Teknologic
Admin
Hmmm.
Ok. So what precisely is the point of this? To keep someone from scanning for connection strings in a EXE file?
Admin
Only I posted the complete connection string an hour earlier.
Admin
Admin
Idhitit();