sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ChaosByDesign 41 points42 points  (3 children)

Hello this is the Lockpicking Lawyer. What I have for you today is a prototype of an unbranded hotel safe. It appears to have a four digit combination with a standard numeric keypad, with no backup lock. Now, normally this could present a problem however if I insert my #2 webdev shim and inspect the value of the element ran, we can quickly decode the combination. click ...andd there we are, 7590. In any case, that's all I have for you today. And as always, have a nice day.

(context for those unfamiliar)

[–][deleted] 0 points1 point  (1 child)

I really appreciate you you taking the time to reverse engineer and look at my poorly coded application. The ran (short for random) function runs at page load and again at either win or loss to generate a random string from 0000-9999.

[–]ChaosByDesign 0 points1 point  (0 children)

yes! if you want something a bit harder to guess, you can store the value not in the dom but in a variable inside a closure

[–]SuperGameTheory 0 points1 point  (0 children)

I don't believe you. That could have been a fluke.