-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_t1_unlocker.js
153 lines (140 loc) · 11.7 KB
/
_t1_unlocker.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
// ________ _________
// \________\--------___ ___ ____----------/_________/
// \_______\----\\\\\\ //_ _ \\ //////-------/________/
// \______\----\\|| (( ~|~ ))) ||//------/________/
// \_____\---\\ ((\ = / ))) //----/_____/
// \____\--\_))) \ _)))---/____/
// \__/ ((( (((_/
// ヾღ彡 | -))) - ))
// =================================================================
// _t1_unlocker.js
// -----------------------------------------------------------------
// author: @archangel
// SEC LVL: 4
// Chars: 2287
// Descr: T1 Lock hacker.
// Syntax: _t1_unlocker {t:"username.loc"}
// Syntax: _t1_unlocker {t:#s.dtr.t1_lock_sim}
// =================================================================
function (context, args)
{ // t:#s.dtr.t1_lock_sim
var enter = new Date().getTime(); // We want to measure the excecution time of our script. So we record the time at the start and the end of the script.
var keys = { }; // We will save all the keys here. (Keys are the pairs like ez_21:"open", or ez_prime:31)
var t = args.t; // We parse the argument.
var response = t.call({}); // We call into our target for the first time to get the first response.
var debug = "DEBUG LOG\n=========\n" + response + "\n"; // Start writing the debug log.
// These are all the possible keys
var picks = ["open","unlock","release"]; // We need this for every kind of EZ_ lock.
var primes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97]; // These are all the prime numbers up to 100.
var colors = ["blue", "cyan", "green", "lime", "yellow", "orange", "red", "purple"]; // These are the colors for the c00x locks.
var i = 0; // Simple index we will need for our loops.
while(response.includes("+LOCK_ERROR+")) // We will execute this while there is still a LOCK_ERROR (at least one lock is still there).
{
////////////////////
// EZ_21 Unlocker //
////////////////////
if(response.includes("!EZ_21!") && !response.includes("!LOCK_UNLOCKED! EZ_21")) // Is the next lock an EZ_21?
{
i = 0; // Reset the index.
while(!response.includes("!LOCK_UNLOCKED! EZ_21") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked EZ_21 and there is still a LOCK_ERROR.
{
keys["EZ_21"] = picks[i++]; // Create an EZ_21:"$pick" pair.
response = t.call(keys); // Try the key.
debug += response + "\n"; // Append the result to the debug log.
}
}
///////////////////
//EZ_35 Unlocker //
///////////////////
else if (response.includes("!EZ_35!") && !response.includes("!LOCK_UNLOCKED! EZ_35")) // Is the next lock an EZ_35?
{
i = 0; // Reset the index.
while(!response.includes("digit")) // We will execute this until we are prompted for a "digit" input.
{
keys["EZ_35"] = picks[i++]; // Create an EZ_35:"$pick" pair.
response = t.call(keys); // Try the key.
debug += response + "\n"; // Append the result to the debug log.
}
i = 0; // Reset the index.
while(!response.includes("!LOCK_UNLOCKED! ez_35") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked EZ_35 and there is still a LOCK_ERROR.
{
keys["digit"] = i++; // Create an digit:"$digit" pair.
response = t.call(keys); // Try the key.
debug += response + "\n"; // Append the result to the debug log.
}
}
///////////////////
//EZ_40 Unlocker //
///////////////////
else if (response.includes("!EZ_40!") && !response.includes("!LOCK_UNLOCKED! EZ_40")) // Is the next lock an EZ_40?
{
i = 0; // Reset the index.
while(!response.includes("!ez_prime!")) // We will execute this until we are prompted for an "ez_prime" input.
{
keys["EZ_40"] = picks[i++]; // Create an EZ_40:"$pick" pair.
response = t.call(keys) // Try the key.
debug += response + "\n"; // Append the result to the debug log.
}
i = 0; // Reset the index.
while(!response.includes("!LOCK_UNLOCKED! EZ_40") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked EZ_40 and there is still a LOCK_ERROR.
{
keys["ez_prime"] = primes[i++] // Create an ez_prime:$prime pair.
response = t.call(keys) // Try the key.
debug += response + "\n"; // Append the result to the debug log.
}
}
//////////////////
//c001 Unlocker //
//////////////////
else if(response.includes("!c001!") && !response.includes("!LOCK_UNLOCKED! c001")) // Is the next lock a c001?
{
i = 0; // Reset the index.
while(!response.includes("!color_digit!") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked c001 and there is still a LOCK_ERROR.
{
keys["c001"] = colors[i]; // Create a c001:$color pair.
var l = "" + colors[i++]; //
keys["color_digit"] = l.length; // Create a color_digit:$length_of_corol_name pair.
response = t.call(keys); // Try the keys.
debug += response + "\n"; // Append the result to the debug log.
}
}
//////////////////
//c002 Unlocker //
//////////////////
else if(response.includes("!c002!") && !response.includes("!LOCK_UNLOCKED! c002")) // Is the next lock a c002?
{
i = 0; // Reset the index.
while(!response.includes("!LOCK_UNLOCKED! c002") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked c002 and there is still a LOCK_ERROR.
{
keys["c002"] = colors[i]; // Create a c002:$color pair.
keys["c002_complement"] = colors[(i+4)%8]; // Create a c002_complement:$color pair. (The colors table is set so that complements are 4 indexes apart).
response = t.call(keys); // Try the keys.
debug += response + "\n"; // Append the result to the debug log.
i++; // Increase the index.
}
}
//////////////////
//c003 Unlocker //
//////////////////
else if(response.includes("!c003!") && !response.includes("!LOCK_UNLOCKED! c003")) // Is the next lock a c002?
{
i = 0; // Reset the index.
while(!response.includes("!LOCK_UNLOCKED! c003") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked c003 and there is still a LOCK_ERROR.
{
keys["c003"] = colors[i]; // Create a c003:$color pair.
keys["c003_triad_1"] = colors[(i+3)%8]; // Create a c003_triad_1:$color pair. (Triads are the colors next to the compliments, so 3 and 5 indexes away from the color).
keys["c003_triad_2"] = colors[(i+5)%8]; // Create a c003_triad_2:$color pair. (Triads are the colors next to the compliments, so 3 and 5 indexes away from the color).
response = t.call(keys); // Try the keys.
debug += response + "\n"; // Append the result to the debug log.
i++; // Increase the index.
}
}
}
var exit = new Date().getTime() - enter; // We want to measure the excecution time of our script. So we record the time at the start and the end of the script.
debug += "\nEXECUTION TIME: " + exit + "ms"; // Append the execution time to the debug log.
return {
ok: true, // Return Successfuly.
msg: debug, // Print the debug log. Commnet out this line to hide the debug info.
//msg: response, // Print the last response. Uncoment this line to get the last response from the victim.
};
}