What algorithm is being used to decrypt this content?

Vote count:

0

I noticed a university page protecting course content with only Javascript, where the entire page to be accessed is stored in a JS variable and decrypted character by character.

I know the password, but I'm worried the password can be deduced from the script. I removed some values that are defined in the script below if that is the case.

If the password can be deduced, I need to report this so the staff can use something different. I just need to know IF the password can be deduced.

What algorithm is being used to decrypt the string contained in page below? Is this a known approach, or just security by obfuscation?

ipwd = XXX; // removed
err = "Invalid password!";
add = YYY;  // removed
res = ZZZ;  // removed

function validate(pq1) {
    var LPArray = new Array("@\032S\041\076\047\073}\045Y\057\006YV\024\036\016\073[\001");
    pl = pq1.length;
    pl2 = Math.round(pl / 2 - 0.1);
    pq2 = pq1 + pq1;
    for (a = 0; a < LPArray.length; a++) {
        lipwd = ipwd;
        ladd = add;
        lres = res;
        s = "";
        pl3 = (LPArray[a]).length;
        for (i = 0; i < pl3; i++) s += String.fromCharCode((LPArray[a].charCodeAt(i)) ^ (pq2.charCodeAt((i % pl) + (i % pl2))));
        for (i = 0; i < s.length; i++) {
            if (i % 2 == 0) lres = lres ^ s.charCodeAt(i);
            else lres = lres ^ (s.charCodeAt(i) << 8);
            ladd += s.charCodeAt(i);
        }
        lres += ladd;
        lres += s.length;
        if (lres == lipwd) {
            return s;
        }
    }
    return "";
}

function ahpp_decr(AtLoad) {
    page = "\017\027yd} ... and on and on... \053QY";
    qgz = "0*";
    if (AtLoad == 0) {
        document.ahpp_pwd_f.login.focus();
        pq1 = document.cookie.substring(9, 50);
    } else {
        pq1 = document.ahpp_pwd_f.login.value + String.fromCharCode(9) + document.ahpp_pwd_f.pwd.value;
    }
    if (!pq1.length) {
        if (AtLoad) {
            alert(err);
        }
        return;
    }
    document.cookie = "AHPP_pwd=" + pq1;
    pq1 = validate(pq1);
    pl = pq1.length;
    if (!pl) {
        if (AtLoad) {
            alert(err);
        }
        return;
    }
    s = "";
    pl2 = Math.round(pl / 2 - 0.1);
    pq1 = pq1 + pq1;
    dl = page.length;
    for (i = 0; i < dl; i++) s += String.fromCharCode((page.charCodeAt(i)) ^ (pq1.charCodeAt((i % pl) + (i % pl2))));
    document.write(s);
    document.close();
    document.location.reload()
}

asked 40 secs ago

Sage Gerard

349

What algorithm is being used to decrypt this content?