Before coming here I decided to crack it. I got the passwords from the passwords.js file in about 2 minutes. I was slightly surprised they all worked until I found out that was state one and that the key codes were needed.
So I cracked open the swf file and ripped the hex codes. I was surprised they worked, until number 10 was missing.
Then I came in here and saw you'd done the same.
Now if I wanted to promote this movie, I'd have done the same thing.
First off you have a hard game for normal users. It'll be hard to find the pwd's without cheating. But they know full well
that it takes someone with an ounce of web knowledge 10 seconds to crack.
THen the serial codes are supposed to be harder. Their imbedded in the SWF File, so they are a bit harder to crack, but many skilled web-dev's and even script kiddies like to open things in resource editors/hex editors. They know
everything is going to be cracked.
So how would I
make it uncrackable? Easy
I'd cheat. I'd leave code 10 out
of the swf movie. Until the movie is released at least.
You can't crack the thing until the film is out. That's how it works. If anyone can get and
post the 10th code without the movie being out in the theaters I'll be surprised and disapointed in the warner people.
Shit the js file has this in it:
// look you cheaters!!! Here are all the passwords!!!!
They are expecting it, they are ready for it. It's the sacrificial lamb. If they really wanted it to be secure, they'd use directory authentication to only allow access to certain movies!