Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Wed Nov 13, 2024 9:05 pm
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Archive » Archive: General » ARG: VaporLofts
[UPDATE] Vaporlofts Login Page
View previous topicView next topic
Page 1 of 1 [9 Posts]  
Author Message
ThaJinx
Unfettered


Joined: 24 Oct 2004
Posts: 430

 		[UPDATE] Vaporlofts Login Page
Received a text message while I slept from VL, linking me to http://vaporlofts.com/login. Clicking "LOG IN" spawns a window prompting you to enter a username and a password. I have yet to further investigate as I've got a Japanese final to head to in twenty minutes, but I figured I'd pass the information on Smile

PostPosted: Thu Dec 08, 2005 10:50 am
 View user's profile Visit poster's website AIM Address Yahoo Messenger MSN Messenger
 Back to top 
ouroboros
Decorated


Joined: 20 Aug 2004
Posts: 170
Location: El Jardín de senderos que se bifurcan

 		I got a text message at around 00:43 (PST) this morning with the same info. The page, titled "Vapor Team LOGIN AREA", contains a button that says "LOG IN"; clicking it spawns a window with username and password fields.

PostPosted: Thu Dec 08, 2005 11:07 am
 View user's profile AIM Address
 Back to top 
Caspian
Decorated


Joined: 21 Oct 2005
Posts: 265
Location: Milwaukee

 		Ditto to above. The text message was from the VaporLofts number: +17708618401. I replied with a text message saying:
Quote:
Who are you? Can you help us?

It would seem our next task is to figure out this member name and password.

PostPosted: Thu Dec 08, 2005 11:42 am
 View user's profile Visit poster's website AIM Address
 Back to top 
follow your heart
Veteran

Joined: 22 Nov 2005
Posts: 118
Location: AL/GA

 		Something with Anne's name, perhaps?

Also, it may have something to do with the IDs in various places on the site, for example:

Spoiler (Rollover to View):
884p-86f-81 from http://vaporlofts.com/paris/300.html


Can't find a way to make any of this work yet, so your guesses are certainly as good as mine. Confused
_________________
back in business after a 5 year break

Playing: nothing, really.

PostPosted: Thu Dec 08, 2005 12:09 pm
 View user's profile
 Back to top 
mapmaker
Unfettered

Joined: 26 Sep 2005
Posts: 608
Location: Providence, RI, USA

 		Actually, after a brief look, I think the key is that the login is just insecure - it looks like they've hard-coded the username & password into the DHTML login. That's just a guess, though - I'm going to look at it right now some more.

PostPosted: Thu Dec 08, 2005 1:51 pm
 View user's profile
 Back to top 
Caspian
Decorated


Joined: 21 Oct 2005
Posts: 265
Location: Milwaukee

 		More text messaging!
Much to my surprise, at 1:02pm CST I received a response to my text messsage:
+17708618401 wrote:
I am an agent for Vapor research. They are getting closer to me. I don't have much time...

Replying with a request for more information. I will post any response I receive. Perhaps the rest of of you can try to contact our mysterious informant as well?

EDIT:

Responded with:
caspian_x wrote:
We need info: Your name? Login & pswd 4 VL? What do they want w/ Anne? How can we stop VL? Can we speak by phone, im, or email? What do we need to know?


Received response:
+17708618401 wrote:
I will give what information I can... Soon. I must go now

_________________
"I - I don't think I do, Sir," said Caspian. "I'm only a kid."
"Good," said Aslan. "If you had felt yourself sufficient, it would have been a proof that you were not ."

PostPosted: Thu Dec 08, 2005 3:05 pm
 View user's profile Visit poster's website AIM Address
 Back to top 
mapmaker
Unfettered

Joined: 26 Sep 2005
Posts: 608
Location: Providence, RI, USA

 		OK, so I have some insight into the format of the code here.

On IRC, Jinx pointed out this page. This is where the login script came from, although it doesn't really point us in a direction of solving it.

So here are the basics:
Spoiler (Rollover to View):
The username and password are thrown into a hash function and the results are compared to a file on the server.

The file has a number of possible logins. Each row in the file has a username hash (see below, the example in the first row is 28870376...), a password hash (2388606...), a destination code (Tlsvz), and a destination URL (oxsw://). Some rows have more than one destination code and destination URL.

Let me explain the hash function (buckle up for a little math).

Assume we have a "word" AbCd3f. Each character in the word can be given a number - this particular implementation does so starting with lowercase letters (a=1, b=2, ... z=26), then doing uppercase letters (A=27, B=28, ... Z=52), then doing number ('0'=53, ... '9'=62), with the space being equal to 0.

Thus, AbCd3f would translate to 27-2-29-4-56-6. Now what the function does is take this string of numbers and combine it into one number. In this case, it does the following: for the kth digit from the right, it multiplies it by n^(k-1), and sums everything up.
For the AbCd3f case, it would be: 6*n^0 + 56*n^1 + 4*n^2 + 29*n^3 + 2*n^4 + 27*n^5.

Why did I leave the n unspecified, you might ask. Well, for the username, n=7, but for the password, n=9. Now, surprisingly enough, you can make up a word that has the same hash as a different word - in this case it isn't hard to do. For example, the username "gddfdf c fe" works for the last entry in the log-in list (2167314147).

Great! So we can just do that and get something that works for the password too, and we'll be set. Well, not so fast.

What the web page does is it redirects to a URL specified in the login.js file. You can kind of see them - they're the things that say oxsw://..... . Obviously this is not a web page. What happens is that the word has been encrypted with the password using the hash with an n=8. So if you don't have the original password, you can't get both the original URL as well as have the web site clear you.

OK, so how does this help us. So far, I can't make it help us.

"Oh, great," you might say. I agree. But wait! There's a bright side! You don't need to know the username or password to figure out the URLs! That's right!
Spoiler (Rollover to View):
I was reading through the code and noticed that the URL encoding wasn't all that special. So I went back to the page that generated it, and tried something. If you do a password of 'ab', the URL http://vaporlofts.com/abcd/efghijklmno is encoded to itup://waqoslpfus.don/acce/eggiikkmmoo/.

That looks suspicious, doesn't it?

The letters in the URL are offset by 1, then 0, then 1 again, and so on. So I played around with it and found that this was the case repeatedly! The URL just got shifted around! In some cases it was 3,4,5,21,5,-3 or longer keys, but otherwise, it was just getting shifted. The Destination Code is also encrpyted like this.

This helps us big time. We know that all the URLs start with http://vaporlofts.com. So we can find the difference between the coded URL and what we know, see if there are patterns, and decode the rest!

So what follows is a list of the URLs in the file and their decrypted form - I will edit it as I or other people decode them.
Spoiler (Rollover to View):

Tisvz - oxzw://Cgsqwpqmxy.jvs/scwmu/tisvz.nwoq
Memos - http://vaporlofts.com/paris/memos.html
Shift: 7, 4, 6, 7, 7, 6, 3, 2, 5, 4, 2

RiE - oxzw://Cgsqwpqmxy.jvs/scwmu/riE.oAso
Key - http://vaporlofts.com/paris/key.html
Shift: 7, 4, 6, 7, 7, 6, 3, 2, 5, 4, 2

Hprvjgwktr - oxzw://Cgsqwpqmxy.jvs/scwmu/hprvjgwktr.jAqr
* Allocation - http://vaporlofts.com/paris/allocations.html
Shift: 7, 4, 6, 7, 7, 6, 3, 2, 5, 4, 2
The previous three were decoded by ThaJinx
*This page needed a 's' at the end, as discovered by delusional696 below

1rmfo - nCCq://vgspAlplCB.dos/dhnnuf9d36/Bleno.izvu
Video - http://vaporlofts.com/agent90426/video.html
Shift: 6, 9, 9, 1, 0, 6, 3, 1, 9, 0, 1

JjCb - nCCq://vgspAlplCB.dos/dhnnuf9d36/jduj.husu
Data - http://vaporlofts.com/agent90426/data.html
Shift: 6, 9, 9, 1, 0, 6, 3, 1, 9, 0, 1

I.J.2.T. - nCCq://vgspAlplCB.dos/dhnnuf9d36/iduB.husu
C.A.T.S. - http://vaporlofts.com/agent90426/cats.html
Shift: 6, 9, 9, 1, 0, 6, 3, 1, 9, 0, 1
The previous three were decoded by delusional696

Qjwsrngl DnrfdytrB - iyyp://yavorqogux.hop/sihrjbfs/ujrvotal/
Personal Directory - http://vaporlofts.com/schreber/personal/
Shift: -1, -5, -5, 0, -3, 0, -6, 0, 0, 5, 0, -1

Jrfgh Bgckzpt - iyyp://yavorqogux.hop/sihrjbfs/nrajehacpuqt
Image Backups - http://vaporlofts.com/schreber/imagebackups/
Shift: -1, -5, -5, 0, -3, 0, -6, 0, 0, 5, 0, -1

GiAk Sllpgru - itCv://Dhwotlqfxt.cxs/a775/hiteofeykzz/pnfez.hxnl
Fire Keepers - http://vaporlofts.com/2005/firekeepers/index.html
Shift: -1, 0, -8, -6, -8, -7, -7, 0, -2, 0, -2, 0, -4

Phew!

Map

Edit: Thanks to both ThaJinx and delusional696 for helping decode the rest. I love you guys! Very Happy
And that's a whole crapload of new pages.

Edit Redux: I have a better understanding of the system now as a whole.
Spoiler (Rollover to View):
The shift numbers are, in order, the hash for the password with n=8. So the last one's would be 1086877020204. Using the combination of knowledge, I've had more luck in reverse engineering things. If/when I come up with any usernames or passwords, I'll put them here. As of now, I only have one.

User 1 (Paris): Username = ???; Password = ???
User 2 (Agent): Username = ???; Password = ???
User 3 (Anne): Username = ???; Password = "point system"
User 4 (2005): Username = ???; Password = ???


PostPosted: Thu Dec 08, 2005 6:31 pm
Last edited by mapmaker on Fri Dec 09, 2005 12:41 am; edited 4 times in total
 View user's profile
 Back to top 
follow your heart
Veteran

Joined: 22 Nov 2005
Posts: 118
Location: AL/GA

 		Wow.



....wow.

*applauds*[/google]
_________________
back in business after a 5 year break

Playing: nothing, really.

PostPosted: Thu Dec 08, 2005 7:36 pm
 View user's profile
 Back to top 
Caspian
Decorated


Joined: 21 Oct 2005
Posts: 265
Location: Milwaukee

 		Holy Crap. I am literally standing at my computer giving you a standing ovation. That is problem solving at it's very finest.
_________________
"I - I don't think I do, Sir," said Caspian. "I'm only a kid."
"Good," said Aslan. "If you had felt yourself sufficient, it would have been a proof that you were not ."

PostPosted: Thu Dec 08, 2005 8:23 pm
 View user's profile Visit poster's website AIM Address
 Back to top 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
View previous topicView next topic
 Forum index » Archive » Archive: General » ARG: VaporLofts
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group