Maxitweet's password-based encryption for their XX5 encoding appears to be a Caesar cipher. I haven't fought through all the obfuscated Javascript.
The Key Derivation Function, called "numerate", takes a password, and adds up the Unicode values character by character, extracts two two-digit numbers, adds them and divides by 3.3
res = Math.round((res.substr(2, 2) + res.substr(6, 2)) / 3.3); This value is added to each Unicode character encrypted.
The max is (99+99)/3.3 = 60, so a brute force attack of only 60 possibilities is needed.
No comments :
Post a Comment