我今天被给了一个小脚本,我被要求查看。因为我对Javascript看起来很新,我不确定它的功能,我正在寻找一些帮助解密它并弄清楚它实际上做了什么。请参阅下面的代码
<script>
function hsh(dat) {
/* basic hash */
resultA = 3141592654;
resultB = 1234567890;
for (i=0; i<2; i++) {
initA = resultA;
initB = resultB;
for (j=0; j<dat.length; j++) {
resultA += dat.toLowerCase().charCodeAt(j);
resultB = (resultA * 31) ^ resultB;
tmp = resultA & resultA;
resultA = resultB & resultB;
resultB = tmp;
}
resultA = resultA ^ initA;
resultB = resultB ^ initB;
}
return [resultA, resultB];
}
$("#answercheckform").submit(function(e) {
answer = $("#answer_a").val() + '\0' + $("#answer_b").val() + '\0' + $("#answer_c").val();
res = hsh(answer);
if ((res[0] == 1824745082) && (res[1] == 560037081)) {
$("#answercheckresult").html("All your answers are correct!<br/><br/>Please go to page <b>next.html</b> at IP address <b>"+$("#answer_a").val()+"."+$("#answer_b").val()+"."+$("#answer_c").val()+"</b> for Part 5.");
} else {
$("#answercheckresult").html("One or more of your answers is incorrect. Please try again.");
}
e.preventDefault();
});
</script>
我给出的HTML如下
<div id="ctl00_PlaceHolderMain_ctl01_label" style="display:none">Page Content</div>
<div id="ctl00_PlaceHolderMain_ctl01__ControlWrapper_RichHtmlField" class="ms-rtestate-field" style="display:inline" aria-labelledby="ctl00_PlaceHolderMain_ctl01_label">
<p class="gx-rteElement-H4"> </p>
<h4 class="gx-rteElement-H4">Congratulations on solving Part 3 of the Director's puzzle.</h4> <p> </p> <p>Part 4 consists of three questions, the answers to which can be combined to make an IP address. </p> <p> </p> <p>Find the missing number in the following sequences: </p> <p> </p> <ol type="A"><li>2, 4, 8, 1, 3, 6, 18, 26, <strong>?</strong>, 12, 24, 49, 89, 134, 378, 656, 117, 224, 548, 1456, 2912, 4934, 8868, 1771, 3543, ...<br/> <br/></li> <li>-101250000, -1728000, -4900, 360, 675, 200, <strong>?</strong>, ...<br/> <br/></li> <li>321, 444, 675, 680, 370, 268, 949, 206, 851, <strong>?</strong>, ...</li></ol> <p>  </p> <p>Part 5 can be accessed via IP address <strong>A</strong>.<strong>B</strong>.<strong>C</strong>. Please check your answers below first. </p> <p> </p>
<h4>Submit your answers</h4>
<p>To obtain instructions to the next part of the puzzle, please enter your answers here:</p>
<form class="form-horizontal" id="answercheckform">
<div class="form-group">
<label for="answer_a" class="control-label col-sm-3">Answer A</label>
<div class="col-sm-5">
<input type="text" class="form-control" id="answer_a" placeholder="A" value="">
</div>
</div>
<div class="form-group">
<label for="answer_b" class="control-label col-sm-3">Answer B</label>
<div class="col-sm-5">
<input type="text" class="form-control" id="answer_b" placeholder="B" value="">
</div>
</div>
<div class="form-group">
<label for="answer_c" class="control-label col-sm-3">Answer C</label>
<div class="col-sm-5">
<input type="text" class="form-control" id="answer_c" placeholder="C" value="">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-5">
<button type="submit" class="btn btn-primary">Check answer</button>
</div>
</div>
</form>
<div id="answercheckresult"> </div>
<br/>
答案 0 :(得分:2)
这不是一个小问题&#34;你得到了它,它是GCHQ挑战引发的第三个问题的代码片段。
http://s3-eu-west-1.amazonaws.com/puzzleinabucket/bb1f263f70e45b3d.html
答案 1 :(得分:0)
以下是此脚本试图解决的问题:如何在页面中放置正确的答案而不是简单地将它们放在纯文本中。显然他们不想使用服务器来检查它们,这是有效的。
所以,他们采取正确的答案和单向哈希。这些是您在if条件下底部看到的数字。
然后他们嵌入哈希算法并通过它运行用户提供的答案。如果哈希匹配,则答案匹配。这样做的好处是用户不可能从哈希中反转正确的答案。他们还将两个答案一起散列,这样用户就无法确定哪个答案是错误的,这可能是好的还是坏的,具体取决于用例。
至于散列中涉及的实际数学,你想要解释一下吗?