swordfish leads?

[compupc1]

Here I got the password ENIGMA.

Also, the password TEMPEST was posted to this bbs. I'm not sure how they got it.

Well, I didn't really know where to begin. So I started by registering.

There I got the password CIPHER.

I decided to closely examine the image. On the right hand side they list an ip address several times:
208.242.252.102

I thought maybe if I did a domain lookup on this, the password would be in the DNS name. No luck, it says there isn't one. Now, the first two octets of the ip, 208.242, are listed many times. So, I thought, maybe 208.242.252.102 is a machine on the 208.242.0.0 network. Logically, the first machine or router on the network would be 208.242.0.1. For this, a domain lookup worked, resulting in viptx-gw.fnbnet.net Subsequest lookups on incrementally greater ips resulted in names like bee1 and bee2.fnbnet.net.

So what is fnbnet.net? They are a bank. I couldn't find anything on their webpage, but maybe someone else will. Still, I doubt they are a source.

So what else is in the image?
There is a mixed up listing in the middle. It looks like whomever created the collage had Windows NT 4 or Win2k on their machine, as noted by the directory listing WINNT. They also have winzip, as noted by winzip.log. The file above that is UnrealEd, the build editor for Unreal Tournamet. Other files include, view3ds.???, xxx.evt, windows.?pd, SCi???ssRelie?.??. Those are the ones that I can at least partially make out. Perhaps you will have better luck.

Also, some people are reporting that NSA is a password but it doesn't seem to work for me. Good luck to all.

[XGN]

"nsa" is a password, perhaps you need to try it in lowercase. I found most of the passwords embedded in a passwords.js file about two minutes into looking for them (Denzil's my witness, he was on AIM with me when I found them

These passwords are only for the first level as far as I can tell however.

Lets keep these rumors flying kiddies, one of us will figure this shiznit out.

: : : -X- : : :
webmaster@xgeneration.net

[DuaneJeffers]

I'm working hard as well. The Passwords I have so far are:
cipher
enigma
tempest
nsa

The Key codes I have are:
1)
2)6405
3)
4)
5)
6)
7)
8)
9)
10)
These work when you put the keycodes in the expandable box called "Test keycodes". PUT THEM IN THE WAY THEY ARE. Like if it says (Keycode 6: XXXXX) Then you put that in the 6 box.

[NeoMoose]

SWORDFISH is one of the passwords (that was so damn obvious)

[XGN]

Did anyone happen to do a view source on the article I wrote? lol

-X-

[UserError]

here are the passwords that i got out of the passwords.js file, they are also in pass.dat

nsa
cipher
counter
elliptic
prime
swordfish
enigma
tempest
symmetric
yukondenali
venona

ok.. getting those was easy.
i also managed to find 9 out of the 10 keys. They were hidden in core.swf. i used a hex editor to find them and extract them. unfortunately, i couldn't find key #10.

1. 3492
2. 6405
3. 9D0E
4. 011A
5. BA1F
6. 5ED6
7. 9E2A
8. A32E
9. 4D2B

so if anybody finds #10, post it up.

good luck

[XGN]

UserError - Did you crack out any of those keycodes with a cue cat?

[s1138]

the last code hasnt been put out yet. its not suppose to be out until the movies comes out.

[UserError]

XGN..

No, i didn't use a cuecat for those codes. Find the core.swf file, and save it. Open it up in a hex editor. If you didn't notice, those key codes are hexidecimal numbers. the codes are written on the first page or two inside of core.swf. The process is rather simple

[THEMike]

My thoughts.

Before coming here I decided to crack it. I got the passwords from the passwords.js file in about 2 minutes. I was slightly surprised they all worked until I found out that was state one and that the key codes were needed.

So I cracked open the swf file and ripped the hex codes. I was surprised they worked, until number 10 was missing.

Then I came in here and saw you'd done the same.

Now if I wanted to promote this movie, I'd have done the same thing.

First off you have a hard game for normal users. It'll be hard to find the pwd's without cheating. But they know full well that it takes someone with an ounce of web knowledge 10 seconds to crack.

THen the serial codes are supposed to be harder. Their imbedded in the SWF File, so they are a bit harder to crack, but many skilled web-dev's and even script kiddies like to open things in resource editors/hex editors. They know everything is going to be cracked.

So how would I make it uncrackable? Easy I'd cheat. I'd leave code 10 out of the swf movie. Until the movie is released at least.

You can't crack the thing until the film is out. That's how it works. If anyone can get and post the 10th code without the movie being out in the theaters I'll be surprised and disapointed in the warner people.

Shit the js file has this in it:

code:


// look you cheaters!!! Here are all the passwords!!!!

They are expecting it, they are ready for it. It's the sacrificial lamb. If they really wanted it to be secure, they'd use directory authentication to only allow access to certain movies!

[XGN]

What do we have to scan with a CueCat in order to get the final key code? lol

Or was that simple a method of generating additional market income from the movie by "pushing" cuecat over AIM.

[NeoRenegade]

It has been weel established that the tenth keycode response has not even been coded into the flash application yet. Wait until the movie comes out to brute force it, because when it is out is when they will covertly update the app.

[s1138]

the passwords are at the bottom of the screen on the trailer.

and passcodes 1-9 are posted EVERYWHERE! so its probably not that hard to find it for the average user