Archive

Posts Tagged ‘JavaScript’

Another Application of One-way Hash Functions

January 9th, 2009 No comments

We’ve all heard of one-way Hash Functions sometime or the other.
Most of us have heard about them from books.
An Algorithm’s explanation is usually followed by its applications and most books mention only one major application (in security) ie. implementing password checks and storing them in a database.

I used to wonder:”That’s it? One Application in Security?”, and searching on the internet (and some more books) didn’t help either.

Luckily, I’ve finally found my answers. Now, I’m able to appreciate one-way Hash functions a lot more because I’ve seen it in action. If I had read this application in a book I’m sure that I wouldn’t have realized its importance.

A few days ago, Nokia Corporation issued a notice to all customers that some of its BL-5C Model Batteries had some manufacturing defects which could cause it to explode. It asked customers to check if their batteries were manufactured between December 2005 and November 2006 and if so, get the battery replaced for free.

Nokia also allowed its customers to type in their 26 Character Battery Code on their website (www.nokia.com/batteryreplacement) to see if their battery was faulty or not.

I decided to check the script which finds out when the battery was manufactured. I thought that by looking at the source code, I could figure out exactly which batteries were faulty.

This is what the script looks like:

function rcrcheck_serial()
{
   var isgood=false;
   var serial=document.enterserial.serial.value;
   var a=”;
   var b=”;
   var c=”;
   if(serial.length<26)
   {
      alert(”The identification number is incorrect. Please check that you have entered the full 26 characters of the battery identification number.”);
      return false;
   }
   if(serial.length>26)
   {
      alert(”The identification number is incorrect. Please check that you have entered the full 26 characters of the battery identification number.”);
      return false;
   }
   a=md5(serial.substr(7,6));
   b=md5(serial.substr(13,1));
   c=md5(serial.substr(14,3));

   if(a!=”ea4a302b5cbd017871ec94fd6ae189b5?
&&amp;amp;amp;amp; a!=”1f098214896cc40cfabc3b2403a65b75? //###
&& a!=”fd06cd296b4bf634d85e26884565aa6c”) { //###
window.location=”rcrb2.html”;
return false;
}if(b==”8d9c307cb7f3c4a32822a51922d1ceaa” b==”7b8b965ad4bca0e41ab51de7b31363a1?) { //###
if(c==”84eb13cfed01764d9c401219faa56d53?){return true;} //###
if(c==”d2490f048dc3b77a457e3e450ab4eb38?){return true;} //###
if(c==”441954d29ad2a375cef8ea524a2c7e73?){return true;} //###
if(c==”0e51011a4c4891e5c01c12d85c4dcaa7?){return true;} //###
if(c==”af032fbcb07ffc7bd2569d86ae4ce1f5?){return true;} //###
if(c==”73f7634ab3f381fb40995f93740b3f8a”){return true;} //###
if(c==”738cccd4fda172441f216712a488dca6?){return true;} //###
if(c==”f803dfeb3583d5099a58a7478f28bd75?){return true;} //###
if(c==”7f5144f962efde75e0f7661e032166db”){return true;} //###
if(c==”8fc4c7ab4453d247e011738197b6136c”){return true;} //###

/* Some more Comparisons */

if(c==”defd40204344c9659a0a3eb4ebc125f6?){return true;} //###
if(c==”c4de9fe96832a877668d0dced80657b8?){return true;} //###
if(c==”2c62105ee18ecd5f0ee37bc8c35718eb”){return true;} //###
if(c==”3994f23bfb2b89994bd6e828977b42ae”){return true;} //###
if(c==”28fd0fbd334515deb8a8291b71941c9e”){return true;} //###
if(c==”9ac05befca7d6499e3abec9bdfef2b68?){return true;} //###
if(c==”1732cb437260c60a0744aea8aedfa331?){return true;} //###
if(c==”e1eee5e2b42d45443cdc82db1a3bc465?){return true;} //###
if(c==”7d06a9cf10f2e9e47e77d6c6cfaa7f54?){return true;} //###
if(c==”2618045a3a5fc883e65b6bec2fcac3c8?){return true;} //###
if(c==”2421fcb1263b9530df88f7f002e78ea5?){return true;} //###
if(c==”fccb60fb512d13df5083790d64c4d5dd”){return true;} //###
if(c==”15d4e891d784977cacbfcbb00c48f133?){return true;} //###
if(c==”c203d8a151612acf12457e4d67635a95?){return true;} //###
if(c==”13f3cf8c531952d72e5847c4183e6910?){return true;} //###
if(c==”550a141f12de6341fba65b0ad0433500?){return true;} //###
if(c==”67f7fb873eaf29526a11a9b7ac33bfac”){return true;} //###
if(c==”1a5b1e4daae265b790965a275b53ae50?){return true;} //###
if(c==”9a96876e2f8f3dc4f3cf45f02c61c0c1?){return true;} //###
if(c==”941e1aaaba585b952b62c14a3a175a61?){return true;} //###
if(c==”9431c87f273e507e6040fcb07dcb4509?){return true;} //###
if(c==”49ae49a23f67c759bf4fc791ba842aa2?){return true;} //###
if(c==”e44fea3bec53bcea3b7513ccef5857ac”){return true;} //###
if(c==”821fa74b50ba3f7cba1e6c53e8fa6845?){return true;} //###
if(c==”250cf8b51c773f3f8dc8b4be867a9a02?){return true;} //###
if(c==”42998cf32d552343bc8e460416382dca”){return true;} //###
if(c==”0353ab4cbed5beae847a7ff6e220b5cf”){return true;} //###
if(c==”51d92be1c60d1db1d2e5e7a07da55b26?){return true;} //###
if(c==”428fca9bc1921c25c5121f9da7815cde”){return true;} //###
if(c==”f1b6f2857fb6d44dd73c7041e0aa0f19?){return true;} //###
if(c==”68ce199ec2c5517597ce0a4d89620f55?){return true;} //###
if(c==”e836d813fd184325132fca8edcdfb40e”){return true;} //###
if(c==”ab817c9349cf9c4f6877e1894a1faa00?){return true;} //###
if(c==”8e6b42f1644ecb1327dc03ab345e618b”){return true;} //###
if(c==”ef575e8837d065a1683c022d2077d342?){return true;} //###
if(c==”2050e03ca119580f74cca14cc6e97462?){return true;} //###
if(c==”25ddc0f8c9d3e22e03d3076f98d83cb2?){return true;} //###
if(c==”5ef0b4eba35ab2d6180b0bca7e46b6f9?){return true;} //###
if(c==”598b3e71ec378bd83e0a727608b5db01?){return true;} //###
if(c==”74071a673307ca7459bcf75fbd024e09?){return true;} //###
}
if(b==”69691c7bdcc3ce6d5d8a1361f22d04ac” b==”6f8f57715090da2632453988d9a1501b”)
{ //###
   if(c==”2bb232c0b13c774965ef8558f0fbd615?) {return true;} //###
   if(c==”ba2fd310dcaa8781a9a652a31baf3c68?) {return true;} //###
   if(c==”69421f032498c97020180038fddb8e24?) {return true;} //###
   if(c==”85422afb467e9456013a2a51d4dff702?) {return true;} //###
   if(c==”13f320e7b5ead1024ac95c3b208610db”) {return true;} //###
}
window.location=”rcrb2.html”;
return false;
}

This code is awesome because, even after reading the source code, nobody can figure out which models are faulty. At the most what we can understand is that Battery Information (Date of Manufacture, Location of Manufacture) is present between the 8th and 17th characters. The characters between 18 and 26th positions could hold the amount of batteries manufactured by the factory before the current unit. We also know that the battery is faulty for some 334 combinations of characters between the 14th and 17th positions. But having this knowledge is futile.

Hence by using a one-way Hash Algorithm (MD5 in this case), we can hide such information (factory codes of factories which manufactured the faulty batteries) even in the source code. This way we can protect such vital information from being stolen by anyone even if he has access to the complete source code, and this according to me is one of the most brilliant applications of One-way Hash functions.

Categories: Programming Tags: ,