master
1// ________ _________
2// \________\--------___ ___ ____----------/_________/
3// \_______\----\\\\\\ //_ _ \\ //////-------/________/
4// \______\----\\|| (( ~|~ ))) ||//------/________/
5// \_____\---\\ ((\ = / ))) //----/_____/
6// \____\--\_))) \ _)))---/____/
7// \__/ ((( (((_/
8// ヾღ彡 | -))) - ))
9// =================================================================
10// _t1_unlocker.js
11// -----------------------------------------------------------------
12// author: @archangel
13// SEC LVL: 4
14// Chars: 2287
15// Descr: T1 Lock hacker.
16// Syntax: _t1_unlocker {t:"username.loc"}
17// Syntax: _t1_unlocker {t:#s.dtr.t1_lock_sim}
18// =================================================================
19
20function (context, args)
21{ // t:#s.dtr.t1_lock_sim
22
23 var enter = new Date().getTime(); // We want to measure the excecution time of our script. So we record the time at the start and the end of the script.
24 var keys = { }; // We will save all the keys here. (Keys are the pairs like ez_21:"open", or ez_prime:31)
25 var t = args.t; // We parse the argument.
26 var response = t.call({}); // We call into our target for the first time to get the first response.
27
28 var debug = "DEBUG LOG\n=========\n" + response + "\n"; // Start writing the debug log.
29
30 // These are all the possible keys
31 var picks = ["open","unlock","release"]; // We need this for every kind of EZ_ lock.
32 var primes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97]; // These are all the prime numbers up to 100.
33 var colors = ["blue", "cyan", "green", "lime", "yellow", "orange", "red", "purple"]; // These are the colors for the c00x locks.
34
35 var i = 0; // Simple index we will need for our loops.
36
37 while(response.includes("+LOCK_ERROR+")) // We will execute this while there is still a LOCK_ERROR (at least one lock is still there).
38 {
39 ////////////////////
40 // EZ_21 Unlocker //
41 ////////////////////
42 if(response.includes("!EZ_21!") && !response.includes("!LOCK_UNLOCKED! EZ_21")) // Is the next lock an EZ_21?
43 {
44 i = 0; // Reset the index.
45 while(!response.includes("!LOCK_UNLOCKED! EZ_21") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked EZ_21 and there is still a LOCK_ERROR.
46 {
47 keys["EZ_21"] = picks[i++]; // Create an EZ_21:"$pick" pair.
48 response = t.call(keys); // Try the key.
49 debug += response + "\n"; // Append the result to the debug log.
50 }
51 }
52 ///////////////////
53 //EZ_35 Unlocker //
54 ///////////////////
55 else if (response.includes("!EZ_35!") && !response.includes("!LOCK_UNLOCKED! EZ_35")) // Is the next lock an EZ_35?
56 {
57 i = 0; // Reset the index.
58 while(!response.includes("digit")) // We will execute this until we are prompted for a "digit" input.
59 {
60 keys["EZ_35"] = picks[i++]; // Create an EZ_35:"$pick" pair.
61 response = t.call(keys); // Try the key.
62 debug += response + "\n"; // Append the result to the debug log.
63 }
64
65 i = 0; // Reset the index.
66 while(!response.includes("!LOCK_UNLOCKED! ez_35") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked EZ_35 and there is still a LOCK_ERROR.
67 {
68 keys["digit"] = i++; // Create an digit:"$digit" pair.
69 response = t.call(keys); // Try the key.
70 debug += response + "\n"; // Append the result to the debug log.
71 }
72 }
73 ///////////////////
74 //EZ_40 Unlocker //
75 ///////////////////
76 else if (response.includes("!EZ_40!") && !response.includes("!LOCK_UNLOCKED! EZ_40")) // Is the next lock an EZ_40?
77 {
78 i = 0; // Reset the index.
79 while(!response.includes("!ez_prime!")) // We will execute this until we are prompted for an "ez_prime" input.
80 {
81 keys["EZ_40"] = picks[i++]; // Create an EZ_40:"$pick" pair.
82 response = t.call(keys) // Try the key.
83 debug += response + "\n"; // Append the result to the debug log.
84 }
85
86 i = 0; // Reset the index.
87 while(!response.includes("!LOCK_UNLOCKED! EZ_40") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked EZ_40 and there is still a LOCK_ERROR.
88 {
89 keys["ez_prime"] = primes[i++] // Create an ez_prime:$prime pair.
90 response = t.call(keys) // Try the key.
91 debug += response + "\n"; // Append the result to the debug log.
92 }
93 }
94 //////////////////
95 //c001 Unlocker //
96 //////////////////
97 else if(response.includes("!c001!") && !response.includes("!LOCK_UNLOCKED! c001")) // Is the next lock a c001?
98 {
99 i = 0; // Reset the index.
100 while(!response.includes("!color_digit!") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked c001 and there is still a LOCK_ERROR.
101 {
102 keys["c001"] = colors[i]; // Create a c001:$color pair.
103 var l = "" + colors[i++]; //
104 keys["color_digit"] = l.length; // Create a color_digit:$length_of_corol_name pair.
105 response = t.call(keys); // Try the keys.
106 debug += response + "\n"; // Append the result to the debug log.
107 }
108 }
109 //////////////////
110 //c002 Unlocker //
111 //////////////////
112 else if(response.includes("!c002!") && !response.includes("!LOCK_UNLOCKED! c002")) // Is the next lock a c002?
113 {
114 i = 0; // Reset the index.
115 while(!response.includes("!LOCK_UNLOCKED! c002") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked c002 and there is still a LOCK_ERROR.
116 {
117 keys["c002"] = colors[i]; // Create a c002:$color pair.
118 keys["c002_complement"] = colors[(i+4)%8]; // Create a c002_complement:$color pair. (The colors table is set so that complements are 4 indexes apart).
119 response = t.call(keys); // Try the keys.
120 debug += response + "\n"; // Append the result to the debug log.
121
122 i++; // Increase the index.
123 }
124 }
125 //////////////////
126 //c003 Unlocker //
127 //////////////////
128 else if(response.includes("!c003!") && !response.includes("!LOCK_UNLOCKED! c003")) // Is the next lock a c002?
129 {
130 i = 0; // Reset the index.
131 while(!response.includes("!LOCK_UNLOCKED! c003") && response.includes("+LOCK_ERROR+")) // We will execute this while there is not an unlocked c003 and there is still a LOCK_ERROR.
132 {
133 keys["c003"] = colors[i]; // Create a c003:$color pair.
134 keys["c003_triad_1"] = colors[(i+3)%8]; // Create a c003_triad_1:$color pair. (Triads are the colors next to the compliments, so 3 and 5 indexes away from the color).
135 keys["c003_triad_2"] = colors[(i+5)%8]; // Create a c003_triad_2:$color pair. (Triads are the colors next to the compliments, so 3 and 5 indexes away from the color).
136 response = t.call(keys); // Try the keys.
137 debug += response + "\n"; // Append the result to the debug log.
138
139 i++; // Increase the index.
140 }
141 }
142 }
143
144 var exit = new Date().getTime() - enter; // We want to measure the excecution time of our script. So we record the time at the start and the end of the script.
145 debug += "\nEXECUTION TIME: " + exit + "ms"; // Append the execution time to the debug log.
146
147 return {
148 ok: true, // Return Successfuly.
149 msg: debug, // Print the debug log. Commnet out this line to hide the debug info.
150 //msg: response, // Print the last response. Uncoment this line to get the last response from the victim.
151 };
152
153}