Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Browser detection game
Posted by: Gareth Heyes
Date: October 07, 2009 04:35AM

Ok I was thinking about my browser detection script and thought it would be a really cool game to play on slackers. Here is how it could work, you need to create the smallest possible detection script but that can't be modified by anyone else. For example take my original one:-

B=(function x(){})[-5]=='x'?'FF3':(function x(){})[-6]=='x'?'FF2':/a/[-1]=='a'?'FF':'\v'=='v'?'IE':/a/.__proto__=='//'?'Saf':/s/.test(/a/.toString)?'Chr':/^function \(/.test([].sort)?'Op':'Unknown'

So one of the ways I could beat this is to do Function.prototype['-5'] = 'x'; so therefore I lose :) The game is to make your detection script work even if something is executed first. Here are the rules:-

1. Smallest wins
2. Every major browser should be detected:- IE,FF,Safari,Opera,Chrome
3. It should survive any code before it and still display the correct browser
4. No HTML allowed
5. Supported browsers:ie8 sf4 chrome3 opera10 and ff3

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 2 time(s). Last edit at 10/08/2009 07:59AM by Gareth Heyes.

Options: ReplyQuote
Re: Browser detection game
Posted by: sirdarckcat
Date: October 07, 2009 11:28AM

--little offtopic--
oh I was going to tell you dude.. the safari detection script returns true on Konqueror.
--/little offtopic--

I'm in! :)

It has to be pure JS? HTML can do the trick.. for example:

<script>isIE=isFF=isSafari=isOpera=0;</script><!--[if true]><script foo="x:--><img src='javascript:void(isOpera=1);' x">isIE=1;/*<script>isSafari=isOpera?0:1;//*/</script><![endif]--><script>1==<x>{isSafari=0}{isFF=1}</x></script>

<script>alert(isIE?"ie":isFF?"ff":isSafari?"saf":isOpera?"op":"?");</script>

Anyway, someone can do:
window.__defineGetter__('isFF',function(){return 0;});

or declare them as constants before me.. (const isIE)

so.. how could that work anyway? are there any rules or something? the same will break all scripts!

Another trick could be:

<iframe src="data:text/html,<script>alert((function x(){})[-5]=='x'?'FF3':(function x(){})[-6]=='x'?'FF2':/a/[-1]=='a'?'FF':'\v'=='v'?'IE':/a/.__proto__=='//'?'Saf':/s/.test(/a/.toString)?'Chr':/^function \(/.test([].sort)?'Op':'Unknown')</script>">

You could break it if you do document.write("<plaintext>") xDD but again.. haha.. all scripts are breakable one way or another..

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: Browser detection game
Posted by: Gareth Heyes
Date: October 07, 2009 01:19PM

hehe yeah good points ok....

No HTML allowed

Oh and the attacks should be against the method of detection not the assignment.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 1 time(s). Last edit at 10/07/2009 01:25PM by Gareth Heyes.

Options: ReplyQuote
Re: Browser detection game
Posted by: Anonymous User
Date: October 08, 2009 07:50AM

Have fun optimizing :) Debugging in this contest is a pain in the a** - change one byte - refresh five browsers...

'\v'=='v'?i=!(f=o=s=c=![]):(top=[],top=![x=(top+'')[i=![],8],o=x=='W'],f=top==![c=x=='D']?!![o=![s=''[-1]!=0]]:![s=![]],s?f=![]:)
Tested on FF 3.0.14, Opera 10.00, Chrome 4.0.222, Safari 4.0.3 and IE8

EDIT:
!-'\v1'?i=!(f=o=s=c=0):top=[i=![x=(top+1)[8]]],top=![o=x=='W'],f=top==![c=x=='D']?!![o=![s=/1/[-1]!=1]]:s=i,s?f=c=i:0
Works on FF3.0.14, FF3.5, Opera 9.64 + the other mentioned browsers. And is shorter :)



Edited 9 time(s). Last edit at 10/09/2009 03:48PM by .mario.

Options: ReplyQuote
Re: Browser detection game
Posted by: sirdarckcat
Date: October 08, 2009 11:07PM

Can u explain some stuff about that one?

Why use !1 instead of 0?
Why do:
![s=i],s
Instead of
s=i,s

Why why why why xD what happens on other browsers?


Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: Browser detection game
Posted by: Anonymous User
Date: October 09, 2009 03:44PM

@sdc Haha you are right - possible optimizations. I am still stuck in the no-alnum thing so I use !'' instead of true etc :D

The rest should be quite self-explanatory.

Options: ReplyQuote
Re: Browser detection game
Posted by: sirdarckcat
Date: October 09, 2009 09:19PM

oh, I thought on some browsers you needed to do that stuff in order to avoid runtime optimisations or something.. :)

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: Browser detection game
Posted by: sirdarckcat
Date: October 10, 2009 12:55AM

does not work on chrome

javascript:!-'\v1'?i=!(f=o=s=c=0):top=[i=![x=(top+1)[8]]],top=![o=x=='W'],f=top==![c=x=='D']?!![o=![s=/1/[-1]!=1]]:s=i,s?f=c=i:0;alert([i,c,f,o,s]);

and thats because (top+1)[8] is g ([object global])

and.. can't I just make:

top.toString=function(){return "whateverchromereturns"};

on safari and break the script?

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: Browser detection game
Posted by: sirdarckcat
Date: October 10, 2009 01:07AM

also, on safari&chrome if I do:

RegExp.prototype[-1]="1"


!-'\v1'?i=!(f=o=s=c=0):top=[i=![x=(top+1)[8]]],top=![o=x=='W'],f=top==![c=x=='D']?!![o=![s=/1/[-1]!=1]]:s=i,s?f=c=i:0


it's detected as FF

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 10/10/2009 01:07AM by sirdarckcat.

Options: ReplyQuote
Re: Browser detection game
Posted by: sirdarckcat
Date: October 10, 2009 02:31AM

here's mine:

var isIE,isFirefox,isChrome,isKonqueror,isSafari,isOpera,isOther;
isIE=isFirefox=isChrome=isKonqueror=isSafari=isOpera=isOther=false;

if(!(isIE=!-'\v1') && !(isFirefox=1*({toString:0,valueOf:function(x){return !!x;}}))){
    try{/./('');isOther=true;}catch(e){isKonqueror/*orIE*/=true;}
    if(!isKonqueror/*orOtherThatDoesntSupport/./()*/ && !(isSafari=/^($)?$/("")[1]=='') && !(isOpera='object'==(typeof /./))){
        isChrome/*orFForOpera*/=(function(){var z=function(y){var x=/\d/g;return x(y);};z(0);return !z(1);})();
        isOther/*thatSupports/./()*/=!isChrome;
    }else{isOther=false;}
}
var isWebkit=isSafari||isChrome||isKonqueror;
var Browser=['ie','ff','ch','kq','sa','op','??'][isIE?0:isFirefox?1:isChrome?2:isKonqueror?3:isSafari?4:isOpera?5:6];

Browser;

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 16 time(s). Last edit at 10/13/2009 12:23AM by sirdarckcat.

Options: ReplyQuote
Re: Browser detection game
Posted by: LeverOne
Date: March 04, 2010 02:06AM

Based on null chars by me.

Safari // 6 chars

alert(+'1\0'?'Safari':'!Safari')

IE // 6 chars

alert(1-'\0'?'IE':'!IE')


LeverOne

----------------------
~Veritas~

Options: ReplyQuote
Re: Browser detection game
Posted by: Gareth Heyes
Date: March 04, 2010 02:52AM

The safari one is awesome nice find!

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Browser detection game
Posted by: sirdarckcat
Date: March 05, 2010 03:21AM

yeah, the safari one is neat :D

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: Browser detection game
Posted by: LeverOne
Date: March 06, 2010 05:05AM

Konqueror can generate an error, if it to leave out of account.
alert(+'1\0'&1-'\0'?'Konqueror':'!Konqueror')
alert('1\0'-'\0'?'Konqueror':'!Konqueror')

So we can make the full code:
without optimization (Konqueror 4.4, Safari 4.04, GChrome 4.0, IE 8, Opera 10.50, FF 3.6)
browser=+'\v1'?1-'\0'?'Konqueror':+'1\0'?'Safari':(typeof/./)[0]=='f'?'GChrome':+{valueOf:function(x){return!x}}?'Opera':'Firefox':'IE'

or
b=+'\v1'?1-'\0'?'K':+'1\0'?'S':(typeof/./)[0]=='f'?'C':+{valueOf:function(x){return!x}}?'O':'F':'I'  //99

or: 1->IE, 0->FF, 2->GCrome, 3->Safari, 4->Opera, 5->Konqueror
b=+'\v1'?1-'\0'?5:+'1\0'?3:(typeof/./)[0]=='f'?2:+{valueOf:function(x){return!x}}?4:0:1   // 87

equivalent:
b=(typeof/./)[0]=='f'?+'1\0'?3:2:+'1\0'?5:1-'\0'?1:+{valueOf:function(x){return!x}}?4:0

without Konqueror
b=1-'\0'?'I':+'1\0'?'S':(typeof/./)[0]=='f'?'C':+{valueOf:function(x){return!x}}?'O':'F'   // 88

or: 1->IE, 0->FF, 2->GCrome, 3->Safari, 4->Opera
b=1-'\0'?1:+'1\0'?3:(typeof/./)[0]=='f'?2:+{valueOf:function(x){return!x}}?4:0    // 78

Separation of FF from Opera still too long.

LeverOne

----------------------
~Veritas~



Edited 6 time(s). Last edit at 03/08/2010 03:02AM by LeverOne.

Options: ReplyQuote


Sorry, only registered users may post in this forum.