A little project you might wanna check out...

[Quad_mybb_import9988]

Originally posted by me on HF

I was bored today so I decided to do this little project in PHP.
This script is insecure from start, and even more now when it's shared.

So, what is it?

It's text field where you put a code in the format 0000-0000-0000.

The code isn't checked through a database, it's checked with an algorithm.

Spoiler: Here are some codes if you want to figure the algorithm out ;)

5514-1391-0190
5514-1131-0120
5514-9399-9383
5514-7397-1121
5514-4004-6223
5514-1261-2122

Spoiler: How the algorithm works

ABCD-EFGH-IJKL

ABCD is always 5514.
E is rand(0, 9).
F is rand(0, 3).
G is F*3.
H is E.
I is F*H.
J is rand(0, 3).
K is either 2, 4, 8 or 9.
L is rand(0, 3);

Spoiler: Here are the files

redeem.php (Enter code here)

<?php
	if (isset($_POST['code'])) {
		$code = explode("-", $_POST['code']);
		$valid = true;
		
		if ($code[0] !== "5514") $valid = false;							// XXXX-0000-0000
		if ($code[1][0] !== $code[1][3]) $valid = false;					// 0000-X00X-0000
		if ((int)$code[1][2] !== ($code[1][1]*3)) $valid = false;			// 0000-0XX0-0000
		if ((int)$code[2][0] !== ($code[2][1]*$code[2][3])) $valid = false; // 0000-0000-XX0X
		if (!in_array((int)$code[2][2], array(2, 4, 8, 9))) $valid = false; // 0000-0000-00X0
		if (strlen($_POST['code']) !== 14) $valid = false;					// XXXX-XXXX-XXXX
		
		if ($valid) {
			echo "<span style=\"color:green\">Valid code.</span>";
		} else {
			echo "<span style=\"color:red\">Invalid code.</span>";
		}
	}
?>

<br />
<form action="redeem.php" method="post">
	<input type="text" name="code" value="<?php echo $_POST['code']; ?>"><input type="submit" value="Validate">
</form>

generate.php

<?php
	function genCode() {
		// 1st section
		$code = "5514-";
		
		// 2nd section
		$i = rand(0, 9);
		$ii = rand(0, 3);
		$iii = $ii*3;
		$code .= $i.$ii.$iii.$i."-";
		
		// 3rd section
		$ii = rand(0, 3);
		$iiii = rand(0, 3);
		$i = $ii*$iiii;
		$iii = substr(str_shuffle("2489"), 0, 1);
		$code .= $i.$ii.$iii.$iiii;
		
		return $code;
	}
	
	echo genCode();
?>

Again, this is just an insecure experiment script, please don't use it for serious stuff.

What do you think?

 

[Nightmare_mybb_import10372]

Pretty neat but what would this script make good use for?

 

[µNex]

Pretty neat but what would this script make good use for?

I think its a security check I guess. I don't really know how this stuff works on programs or anything, but I can figure out that first four digits the same then the 'E' is a 0-9 number range, and that goes on. Quad please correct me if I'm wrong

 

[Quad_mybb_import9988]

Pretty neat but what would this script make good use for?

I think its a security check I guess. I don't really know how this stuff works on programs or anything, but I can figure out that first four digits the same then the 'E' is a 0-9 number range, and that goes on. Quad please correct me if I'm wrong

Yep, you're correct.
This is how the Adobe serial keys works, just their codes are way (WAY) more advanced xD

 

[µNex]

Pretty neat but what would this script make good use for?

I think its a security check I guess. I don't really know how this stuff works on programs or anything, but I can figure out that first four digits the same then the 'E' is a 0-9 number range, and that goes on. Quad please correct me if I'm wrong

Yep, you're correct.
This is how the Adobe serial keys works, just their codes are way (WAY) more advanced xD

They've got a system that creates codes, and its just that all their things range on something else. If 'E' is set at 4 then 'G' Will be something like E*4-F*3 or something along those lines I think xP idk

 

[Sockatobi]

Yeah. This is actually used in some companies, but a lot more advanced.

You could develop on this code and make it a lot better.

 

[Quad_mybb_import9988]

Yeah. This is actually used in some companies, but a lot more advanced.

You could develop on this code and make it a lot better.

Apple used this method for iTunes gift cards, guess what happend?
Some Chinese hackers figured out the algorithm for the $15 cards and sold them for $1 each on eBay xD

 

[0fftime]

Yeah. This is actually used in some companies, but a lot more advanced.

You could develop on this code and make it a lot better.

Apple used this method for iTunes gift cards, guess what happend?
Some Chinese hackers figured out the algorithm for the $15 cards and sold them for $1 each on eBay xD

Thats just awesome;d.

Ontopic: Nice one! This might be very usefull!

 

[ThunderStorm_mybb_import10022]

I guess it might be useful, but make sure it's in the Professional section. If we could use this as a method, it would get saturated WAY too fast if it was in public. Not to count that a lot of 0 posters would just join up to see the method and leave.

 

[Nycro]

It may not be the best serial type code yet but the base is here and could definatly be improved upon. You could always even use it as a secondary check.
I'm sure me or someone else could think of other uses for this.

Thanks for the share!

Nycro