By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,624 Members | 1,712 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,624 IT Pros & Developers. It's quick & easy.

Dumb if ('1' == '0') question

P: n/a
Hi there,

Please be gentle - I'm never used Javascript, but I need to
reverse-engineer my router, which my ISP (whom I bought it from) have
helpfully locked to their service.

I managed to find a hidden webpage on the router which allows one to
enter an unlock code, and if I enter (say) 999 in this box it takes me
to a webpage with the address <http://192.168.1.200/brdg.cgi?brdg=999>.
That page helpfully shows a message announcing "Your router is still
locked."

It was my intention to brute-force the unlock code, by writing a
bash-script to download every URL from
<http://192.168.1.200/brdg.cgi?brdg=0> to
<http://192.168.1.200/brdg.cgi?brdg=999999> (or whatever), until
parsing it reveals the word "unlocked" but it's probably obvious to
more experienced haX0rz that my script just gets the source of the
page, including both "locked" and "unlocked" display strings.

This is where it gets (for me) interesting. The code on the page is:

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<link rel=stylesheet href='stylemain.css' type='text/css'>
<link rel=stylesheet href='colors.css' type='text/css'>
<title>ISP Lock status</title>
<script language="javascript" src="util.js"></script>
<script language="javascript">
<!-- hide
function frmLoad()
{
with ( document.forms[0] )
{
if ('1' == '0')
{
writit("Your router is successfully unlocked.","brdg");
}
else
{
writit("Your router is still locked.","brdg");
}
}
}
// done hiding -->
</script>
</head>
<body onLoad='frmLoad()'>
<form>
<b>ISP Lock status of your router.<br>
<div id='brdg'></div>
<br>
</form>
</body>
</html>

Am I right in thinking that the "if ('1' == '0')" above equates to "if
true is false"? And that consequently the router will never display the
unlocked message? Or am I misreading this code completely? I obviously
have access to the util.js script, so I'm going to take a look at that
now, but I'd be very grateful if anyone could indicate whether I'm
working along the right lines.

Thanks in advance for any comments,

Stroller.

Jul 23 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Stroller wrote:
Hi there,

Please be gentle - I'm never used Javascript, but I need to
reverse-engineer my router, which my ISP (whom I bought it from) have
helpfully locked to their service.

I managed to find a hidden webpage on the router which allows one to
enter an unlock code, and if I enter (say) 999 in this box it takes me
to a webpage with the address
<http://192.168.1.200/brdg.cgi?brdg=999>. That page helpfully shows a
message announcing "Your router is still locked."

It was my intention to brute-force the unlock code, by writing a
bash-script to download every URL from
<http://192.168.1.200/brdg.cgi?brdg=0> to
<http://192.168.1.200/brdg.cgi?brdg=999999> (or whatever), until
parsing it reveals the word "unlocked" but it's probably obvious to
more experienced haX0rz that my script just gets the source of the
page, including both "locked" and "unlocked" display strings.

This is where it gets (for me) interesting. The code on the page is:

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<link rel=stylesheet href='stylemain.css' type='text/css'>
<link rel=stylesheet href='colors.css' type='text/css'>
<title>ISP Lock status</title>
<script language="javascript" src="util.js"></script>
<script language="javascript">
<!-- hide
function frmLoad()
{
with ( document.forms[0] )
{
if ('1' == '0')
{
writit("Your router is successfully unlocked.","brdg");
}
else
{
writit("Your router is still locked.","brdg");
}
}
}
// done hiding -->
</script>
</head>
<body onLoad='frmLoad()'>
<form>
<b>ISP Lock status of your router.<br>
<div id='brdg'></div>
<br>
</form>
</body>
</html>

Am I right in thinking that the "if ('1' == '0')" above equates to "if
true is false"? And that consequently the router will never display
the unlocked message? Or am I misreading this code completely? I
obviously have access to the util.js script, so I'm going to take a
look at that now, but I'd be very grateful if anyone could indicate
whether I'm working along the right lines.


The code above is probably generated by the CGI script, which basically
writes the second operator in the '1' == '0' evaluation -- '0' if the number
is incorrect and '1' if it's correct. In other words, you need to parse not
for "unlocked", but for '1' == '1'.

Berislav
Jul 23 '05 #2

P: n/a

Berislav Lopac wrote:
Stroller wrote:
Am I right in thinking that the "if ('1' == '0')" above equates to "if true is false"? And that consequently the router will never display
the unlocked message? Or am I misreading this code completely? I
obviously have access to the util.js script, so I'm going to take a
look at that now, but I'd be very grateful if anyone could indicate
whether I'm working along the right lines.
The code above is probably generated by the CGI script, which

basically writes the second operator in the '1' == '0' evaluation -- '0' if the number is incorrect and '1' if it's correct. In other words, you need to parse not for "unlocked", but for '1' == '1'.


Ah! Many thanks! I very much appreciate your advice - I'll try that.

Stroller.

Jul 23 '05 #3

P: n/a
"Stroller" <st******@bigfoot.com> wrote:

Am I right in thinking that the "if ('1' == '0')" above equates to "if
true is false"? And that consequently the router will never display the
unlocked message?


Yup, that's what it says.

It looks to me like the programmer intended that the only way to get
the unlock message was to actually modify the code on this page.
Presumably he (the programmer) might do this for testing, but no end
user ever would.

--
Tim Slattery
Sl********@bls.gov
Jul 23 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.