It's puzzle time and I had an opportunity to crack the puzzle that was posted on Didier Stevens site. Well at first when you open the puzzle PDF it errs out saying the provided code is wrong.
Decoding the PDF results in a series of "String.fromCharCode" statements.
Decoding them further reveals that the code is fetching the "CreationDate" tag and passes the value to javascript's "Math.Floor" function.
Later the output of the "Math.Floor" function goes into a series of iteration with a final output of it assigned to a variable "f" which later gets compared with a constant decimal value "130817". Inside the "for" loop we can witness a statement "f = f / b[c]". This is the sole statement that decides what the value of "f" will be. If this statement produces the desired output the value of "f" will evaluate to be TRUE when it gets compared with the constant decimal value. Ultimately this leads us to only one conclusion, that is, if the value that is passed to the "Math.Floor" can be determined then the whole iteration will evaluate to be true.
Finding that will require a simple MATH here. To get the value that is to be passed to the "Math.Floor" function we need to pass the same constant decimal value to "Math.Floor" and convert the statement "f = f / b[c]" to "f = f * b[c]". Because that will give us the inverse of the division operation thereby leading us to the answer. So after all the modifications that final script will look like the below.
When the script is compiled "f" will return the answer that is to be passed to the "Math.Floor" function. This value should be replaced with that of the one in the "/CreationDate" tag inside the PDF.
And the final answer that should replace "20110421111705" in the "/CreationDate" tag will be "20110301184500". When that's all done and saved, the PDF should greet us with.....
Decoding the PDF results in a series of "String.fromCharCode" statements.
Decoding them further reveals that the code is fetching the "CreationDate" tag and passes the value to javascript's "Math.Floor" function.
Later the output of the "Math.Floor" function goes into a series of iteration with a final output of it assigned to a variable "f" which later gets compared with a constant decimal value "130817". Inside the "for" loop we can witness a statement "f = f / b[c]". This is the sole statement that decides what the value of "f" will be. If this statement produces the desired output the value of "f" will evaluate to be TRUE when it gets compared with the constant decimal value. Ultimately this leads us to only one conclusion, that is, if the value that is passed to the "Math.Floor" can be determined then the whole iteration will evaluate to be true.
Finding that will require a simple MATH here. To get the value that is to be passed to the "Math.Floor" function we need to pass the same constant decimal value to "Math.Floor" and convert the statement "f = f / b[c]" to "f = f * b[c]". Because that will give us the inverse of the division operation thereby leading us to the answer. So after all the modifications that final script will look like the below.
When the script is compiled "f" will return the answer that is to be passed to the "Math.Floor" function. This value should be replaced with that of the one in the "/CreationDate" tag inside the PDF.
And the final answer that should replace "20110421111705" in the "/CreationDate" tag will be "20110301184500". When that's all done and saved, the PDF should greet us with.....
No comments:
Post a Comment