Still no time to work on this, but I'm curious enough to poke at it every once in a while.
Between different requests to the login page, here's what changes:
[11:23am] eero:~/tmp/guardian: diff 0,12930,-1,00.html o
236c236
< <input type="hidden" name="AU_CHALLENGE" value="1117293798"><input t
+ype="hidden" name="AU_CHALLENGE2" value="af7fb54d3a917e272e2b7abe1353
+bd51"></form></table></td></tr></table>
---
> <input type="hidden" name="AU_CHALLENGE" value="1117293788"><input t
+ype="hidden" name="AU_CHALLENGE2" value="59e3978f05fde8396395a576645c
+d04b"></form></table></td></tr></table>
[11:23am] eero:~/tmp/guardian:
...and here's where in the page source the work is done:
function preparePassword() {
var form = document.regpss1;
var dummy = '----------------------------------------';
form.AU_PASSWORD_HASH.value = binl2hex(core_hmac_md5(form.
+AU_CHALLENGE2.value,form.AU_PASSWORD.value));
form.AU_PASSWORD.value = dummy.substr(0,form.AU_PASSWORD.v
+alue.length);
regpss_submitted = true;
form.submit();
}
I'm guessing that you'll need to take your password, run it through that hashing sequence and then return that as the actual password in the post. Or something like that.
I'm surprised nobody's done this yet.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
