| 1 | + | function error(text) { |
| 2 | + | const alert = document.querySelector(".alert"); |
| 3 | + | alert.innerText = text; |
| 4 | + | alert.style.opacity = 1; |
| 5 | + | } |
| 6 | + | |
| 7 | + | function onBruteForce() { |
| 8 | + | if (!("importKey" in window.crypto.subtle)) { |
| 9 | + | error("window.crypto not loaded. Please reload over https"); |
| 10 | + | return; |
| 11 | + | } |
| 12 | + | if (!("b64" in window && "apiVersions" in window)) { |
| 13 | + | error("Important libraries not loaded!"); |
| 14 | + | return; |
| 15 | + | } |
| 16 | + | |
| 17 | + | const urlText = document.querySelector("#encrypted-url").value; |
| 18 | + | let url; |
| 19 | + | try { |
| 20 | + | url = new URL(urlText); |
| 21 | + | } catch { |
| 22 | + | error("Entered text is not a valid URL. Make sure it includes \"https://\" too!"); |
| 23 | + | return; |
| 24 | + | } |
| 25 | + | |
| 26 | + | let params; |
| 27 | + | try { |
| 28 | + | params = JSON.parse(b64.decode(url.hash.slice(1))); |
| 29 | + | } catch { |
| 30 | + | error("The link appears corrupted."); |
| 31 | + | return; |
| 32 | + | } |
| 33 | + | |
| 34 | + | if (!("v" in params && "e" in params)) { |
| 35 | + | error("The link appears corrupted. The encoded URL is missing necessary parameters."); |
| 36 | + | return; |
| 37 | + | } |
| 38 | + | |
| 39 | + | if (!(params["v"] in apiVersions)) { |
| 40 | + | error("Unsupported API version. The link may be corrupted."); |
| 41 | + | return; |
| 42 | + | } |
| 43 | + | |
| 44 | + | const api = apiVersions[params["v"]]; |
| 45 | + | |
| 46 | + | const encrypted = b64.base64ToBinary(params["e"]); |
| 47 | + | const salt = "s" in params ? b64.base64ToBinary(params["s"]) : null; |
| 48 | + | const iv = "i" in params ? b64.base64ToBinary(params["i"]) : null; |
| 49 | + | |
| 50 | + | const cset = document.querySelector("#charset").value.split(""); |
| 51 | + | if (charset == "") { |
| 52 | + | error("Charset cannot be empty."); |
| 53 | + | return; |
| 54 | + | } |
| 55 | + | |
| 56 | + | var progress = { |
| 57 | + | tried: 0, |
| 58 | + | total: 0, |
| 59 | + | len: 0, |
| 60 | + | overallTotal: 0, |
| 61 | + | done: false, |
| 62 | + | startTime: performance.now() |
| 63 | + | }; |
| 64 | + | |
| 65 | + | async function tryAllLen(prefix, len, curLen) { |
| 66 | + | if (progress.done) return; |
| 67 | + | if (len == curLen) { |
| 68 | + | progress.tried++; |
| 69 | + | try { |
| 70 | + | await api.decrypt(encrypted, prefix, salt, iv); |
| 71 | + | document.querySelector("#output").value = prefix; |
| 72 | + | progress.done = true; |
| 73 | + | error("Completed!"); |
| 74 | + | } catch {} |
| 75 | + | return; |
| 76 | + | } |
| 77 | + | for (let i=0; i < cset.length; i++) { |
| 78 | + | let c = cset[i]; |
| 79 | + | await tryAllLen(prefix + c, len, curLen + 1); |
| 80 | + | } |
| 81 | + | } |
| 82 | + | |
| 83 | + | function progressUpdate() { |
| 84 | + | if (progress.done) { |
| 85 | + | clearInterval(); |
| 86 | + | return; |
| 87 | + | } |
| 88 | + | let delta = performance.now() - progress.startTime; |
| 89 | + | error(`Trying ${progress.total} passwords of length ${progress.len} – ${Math.round(100000 * progress.tried / progress.total)/1000}% complete. Testing ${Math.round(1000000 * (progress.overallTotal + progress.tried) / delta)/1000} passwords per second.`); |
| 90 | + | } |
| 91 | + | |
| 92 | + | (async () => { |
| 93 | + | for (let len=0; !progress.done; len++) { |
| 94 | + | progress.overallTotal += progress.tried; |
| 95 | + | progress.tried = 0; |
| 96 | + | progress.total = Math.pow(cset.length, len); |
| 97 | + | progress.len = len; |
| 98 | + | progressUpdate(); |
| 99 | + | await tryAllLen("", len, 0); |
| 100 | + | } |
| 101 | + | })(); |
| 102 | + | |
| 103 | + | setInterval(progressUpdate, 4000); |
| 104 | + | } |
| 105 | + | |