ntheory

Hacking Experts Exchange

14 posts in this topic

Today I needed some information about the Visual Studio .NET 2005 serial control. When I did a Google search it brought me to Experts Exchange and had an article that I thought would explain what I needed to do. However, for the first time, I couldn't read what EE had to say for two reasons:

1) The text was greyed out after the question

2) The text was definitely not in English

I decided to take a closer look to see if I could understand what was going on. I highlighted the text and pasted it into a text editor. You'll probably notice that if you try to do this they move the registration reminder over whatever box your mouse is inside of. You can avoid that by starting to highlight at the question and scrolling down to the bottom.

I quickly scrolled through the text and noticed an interesting string:

OnhqEngr 9600

I guessed that OnhqEngr == BaudRate and realized that the whole thing is a Caesar cypher. So, in a nutshell, if you're interested in learning about Caesar cyphers, or you just don't want to register or log in to Experts Exchange you can always write a quick app that converts the answers to regular text by figuring out the Caesar cypher offset. For this article it was 16, but for other articles it may be different.

Of course, you could always use BugMeNot... but then you wouldn't have the fun of writing a simple cypher application. :D

0

Share this post


Link to post
Share on other sites

Hah, that is priceless.

Hopefully they don't get smart and try some other sort of encryption. Excellent find man!

0

Share this post


Link to post
Share on other sites

You could even write a userscript to "fix" that.

It really pisses me off when sites do this. Why should I have to sign up to view content? To me this is completely counterproductive and a 180 from the entire philosophy of the web. Are they that desperate to sell your email address?

0

Share this post


Link to post
Share on other sites

Heh, funny thing is that they never use anything but a Ceaser Cypher with a shift of 13. It would be a bit harder if it was a variable shift because you would probably have to compare each shifted word with a dictionary list to see if the shift was correct. (but then you get into trouble when you get words like "dolls" which can shift to "wheel" etc.)

Not well enough versed in PHP to throw something up, but I am sure there is something you can find with google. It's a pretty simple program.

0

Share this post


Link to post
Share on other sites

The easiest way to find out is to look for one letter words ( "I" and "a" are really the only valid possibilities, "u" and "r" also) and go from there trying those shifts on other words, they would be smart (although CPU intensive) if they rot'd each word by a random number so this could not be applied

But if its always rot13, there are plenty of rot13 programs (FreeBSD even comes with one)

Edited by n3xg3n
0

Share this post


Link to post
Share on other sites

I've encountered Expert's Exchange before, in searching for answers to C++ questions in Windows. I noticed that the answers would show up as part of the Google search, in plaintext, while they were fogged when I navigated to them...figuring the Google-bot must've had access to the plaintext at one point, I clicked "Cached." It works:

Example

0

Share this post


Link to post
Share on other sites

HAH good find ! it would appear anything in "google search" it auto decrypted in googles cache ... now in "EE Search" I have not found any cached pages so you would still need to use the ROT-13 decrypt

google dork

http://www.google.com/search?hl=en&q=cache%3A[URL TO DECRYPT]

Edited by operat0r
0

Share this post


Link to post
Share on other sites

Also, perhaps setting the UserAgent to Googlebot's will allow access, many pay-for-access sites are configured this way...

0

Share this post


Link to post
Share on other sites
I decided to take a closer look to see if I could understand what was going on. I highlighted the text and pasted it into a text editor. You'll probably notice that if you try to do this they move the registration reminder over whatever box your mouse is inside of. You can avoid that by starting to highlight at the question and scrolling down to the bottom.

Or use the handy dandy view source button!

Good work, though. I remember being frustrated many a time when people were asking my exact questions on EE. =/

0

Share this post


Link to post
Share on other sites

haha... it's funny that I didn't think rot13 at first and that I didn't bother viewing the source. They're encrypting it on the fly in Javascript? That's just ridiculous.

Oh well, I hope someone had fun playing with this. Next time, if I have time, I'll be more thorough.

0

Share this post


Link to post
Share on other sites
Also, perhaps setting the UserAgent to Googlebot's will allow access, many pay-for-access sites are configured this way...

...also good for forums that require registration to view.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now