Checksum help (I think)...

Heya,

I've got some code that I'm supposed to figure out what does. I've been working hard on it for the past while, but can't really figure out what a checksum is or how it's used, and how to figure out what the checksum means. Basically, there's a "lock" like a safe lock and I've got to work to find out how to figure out the combination to the lock. I have discovered that I can download the .jar file, and have done so, and have expanded it and gotten the .class files, only one of which I believe is important to the safe lock. On the sourcecode of the safelock page I get this:

<param name=background value="http://www.site.net/background.jpg">
<param name=checksum value="7f4591741305ac823d164732f40c75b93ab4c858">
<param name=digits value="http://www.site.net/digits.jpg">
<param name=url_base value="http://www.site.net/safe/">
<param name=click value="http://www.site.net/click.au">

I've looked in the .class files and gotten a lot of information out of it. I've found the sections that look like they correspond to this area, and have as such discovered what everything on there means and how it works except for the "checksum" area.

This is from the class that I decompiled:

and some more of it here:

public void handleClick(int x, int y)
{
int barrel = -1;
if(y >= 12 && y <= 22)
{
if(x >= 33 && x <= 52)
barrel = 0;
else
if(x >= 67 && x <= 86)
barrel = 1;
else
if(x >= 101 && x <= 121)
barrel = 2;
else
if(x >= 136 && x <= 154)
barrel = 3;
else
if(x >= 170 && x <= 190)
barrel = 4;
else
if(x >= 204 && x <= 222)
barrel = 5;
if(barrel != -1)
barrel_values[barrel] = (barrel_values[barrel] + 1) % 10;
} else
if(y >= 75 && y <= 83)
{
if(x >= 33 && x <= 52)
barrel = 0;
else
if(x >= 67 && x <= 86)
barrel = 1;
else
if(x >= 101 && x <= 121)
barrel = 2;
else
if(x >= 136 && x <= 154)
barrel = 3;
else
if(x >= 170 && x <= 190)
barrel = 4;
else
if(x >= 204 && x <= 222)
barrel = 5;
if(barrel != -1)
barrel_values[barrel] = (barrel_values[barrel] + 9) % 10;
}
if(barrel != -1)
{
ac.play();
offsets[barrel] = (int)(Math.random() * 5D - 2D);
repaint();
if(getChecksumWithPrefix("LOCKED").equals(checksum))
try
{
getAppletContext().showDocument(new URL(url_base + getChecksumWithPrefix("OPEN")));
}
catch(MalformedURLException e)
{
throw new RuntimeException("could not access " + url_base + getChecksumWithPrefix("OPEN"));
}
}
}
 
private String getChecksumWithPrefix(String prefix)
{
MessageDigest md;
try
{
md = MessageDigest.getInstance("SHA-1");
}
catch(NoSuchAlgorithmException e)
{
throw new RuntimeException("Could not find SHA-1 algorithm");
}
md.update(prefix.getBytes());
for(int i = 0; i < 6; i++)
md.update((byte)(barrel_values + 48));
 
byte b[] = md.digest();
StringBuffer hexString = new StringBuffer();
for(int i = 0; i < b.length; i++)
{
String o = Integer.toHexString(0xff & b);
if(o.length() < 2)
o = "0" + o;
hexString.append(o);
}
 
String h = hexString.toString();
return hexString.toString();
}

So, can someone please help me out here? I really just want to know what on earth this .class file is doing, and how I can take the information and use it to figure out the combination to the online safe. I've done all that I know how to do as a non-developer/progger of Java (I've zero experience).

Thanks so much in advance.

Nevermind, I've figured this out. Thanks anyway, folks.

still lost on this one :'(

Do you basically have to reverse the sha1 checksum into a code?? Any help will be muchely appreciated

Cheers,

Ratbag

Originally posted by Rat Bag:
Do you basically have to reverse the sha1 checksum into a code?? Any help will be muchely appreciated

Cheers,

Ratbag

Generally, the way a hash works (for a checksum) is, on the target side, the data that is recieved is hashed, exactly the way it was hased on the sender side. If the new hash based on the recieved data matches the hash that was sent, then everything is fine -- otherwise, either the sent data or the sent hash has been corrupted in transit.

Henry

Thanks for the reply Henry (have changed screen name!)

Once of the bits that gets me is the getChecksumWithPrefix. Since the code consists of 6 x 10 digit numbers, I've tried a reverse sha-1 brute force using the dataset 0-9 but it yielded no results.

My reading of java is sketchy at best, so not sure whats going on (a prefix being added to the 6 digit code and the result hashed??)

Still lost and confused :'(

J

would it maybe be a good idea to post this in the advanced section??

I'm confused: are jehnidiah and John McKail the same person?

SHA-1 (or any hash algorithm) are not reversible. That's the whole point. It computes an output string from an input string in such a way that the output String is highly likely to be unique, but the input string can not be computed from it.

So what's going on here is that a call to getChecksumWithPrefix("LOCKED"), with some (unknown to us) numbers for the barrel_values, was used to compute that long string of gibberish that's in the HTML. If you put in the same barrel_values, then getChecksumWithPrefix("LOCKED") will produce that same value, and send you to a URL that is computed using a call to getChecksumWithPrefix("OPEN") with those same barrel_values.

The password -- right the combination settings -- are not inherent in the source code. What you need to find out are the values that were used to compute the hash that's in the HTML, and you don't know what those are.

Did anyone every figure this issue out?