Bypassing JavaScript Timers; or, How I Learned to Stop Waiting and Love the Variable

by K3ntucky

This tutorial is about bypassing the timers on a couple of the bigger downloading sites.  Mainly RapidShare, Megaupload, and DepositFiles.  There are, of course, others but I found the most luck on these sites.

Not too sure if I really need this but: This information is for educational purposes only.  Only you will be held responsible for the actions that occur from this information.  (Just wanted to cover my bases.)

In this article I will be using RapidShare as my example.

This is, however, by no means a strictly RapidShare bypass.  This is really a JavaScript bypass, if the site uses JavaScript for their timer, then you can use this information.  Don't worry about finding a JavaScript timer, as W3Schools.com will tell you "JavaScript is the scripting language of the web."

Quick Note:  I'm using the latest version of Opera for this.  Opera has a built-in function where you can view the source code in a tab and then reload the web page with new code inserted.  This comes in really handy when you want to mess around with web pages.

So, to set the scene: It's another night in front of the computer and I'm scouring the Internet to try and find a couple of good PDFs to put in my new e-book reader and just found a collection of programming books.

I clicked the link and was soon staring at a RapidShare page.  Not being a member of this web service, I had to click the free link.  In about 89 seconds the books would be mine.  However, after about 15 seconds I grew tired of having to wait.

My hacking sense started to tingle and I opened the source code page.  After a little poking around I found what will be referred to as "Interesting Bit of JavaScript":

Function fc() { if(c > 0) { document.getElementById("dl").innerHTML = 'You are not a Premium User and have to wait. Please notice that only Premium Users will get full download speed. <h3 style="font-size:24pt;" id="zeit"> ' + c + ' seconds remaining</h3>'; c = c - 1; setTimeout("fc()", 1000); } else {

    (Nothing to really see here, just code to be executed when certain conditions are met.)

var c = 50; if (window.location.hash == "#dlt") c = 0; window.onload = fc;

Hmm...  Simple little piece of code if you know JavaScript or have a good grasp of basic programming.  If not, I'll point out a few things.

Here we have a piece of code showing the seconds remaining:

<h3 style="font-size:24pt;" id="zeit"> ' + c + ' seconds remaining</h3>

That c right there is an important piece for us because it is displaying the "seconds remaining" on the actual web page.  This is known as "concatenation," taking a variable and placing it next to a predetermined string of characters.  Here it's used to place what c represents next to the words "seconds remaining."

Now we just need to find the part of the code that uses c as a variable.  A few lines down we find:

var c = 50; if (window.location.hash == "#dlt") c = 0; window.onload = fc;

The var c = 50 tells us that the variable c will be set for 50.

But what happens if we change c to zero to begin with?  The zero is sent as normal and the link appears as if you waited.  Great!

Now I can use that extra 50 seconds of my life to do something more productive.

Another way to mess with the timer is to tinker around with JavaScript timing events.  We look at the following line of the "Interesting Bit of JavaScript" we saw earlier and find:

c = c - 1; setTimeout("fc()", 1000);

This piece of code tells c to wait 1000 milliseconds, which is one second for those not in the know, before continuing.  This variable is run through a loop with some of the code above.

The line c = c - 1 makes c turn in to 49, then 48... 47... 46 until it finally hits zero and tells the code to execute the if statement.

The syntax for JavaScript timing events is:

setTimeout("JavaScript statement",milliseconds);

Basically when the milliseconds run out, it will execute the statement fc().

So what if we change 1000 to 1?  Well, the loop will still go, but at a fraction of the time it would have normally taken.

Most of the websites I've seen have some type of function that follows this.  The longest part of this process is finding the JavaScript for the timers the first couple of times.  Of course, there are some scripts and a Grease Monkey script to automate this process, but those really only work for certain websites.

Of course, some cheeky websites like to deposit files which use a little piece of code called Show_url().

This makes the whole process much easier as all you have to do is find this guy and replace whatever is in the brackets to whatever time you want to wait, be it 10 seconds or zero seconds.

So you may be thinking, "Well, O.K., bypassing little JavaScript timers is all well and good, but how does this make me a better hacker?"

Well, for the beginners out there, one of the first things most hackers learn is messing around in the HTML source code of web pages.  If you didn't know much about JavaScript, you now know about messing around with variables, and JavaScript timing events.

We've even touched upon concatenation.  Hopefully you will take this article and find other little tricks around other web pages.

It all starts with the little steps.  As long as you keep moving forward, you'll be a better hacker in no time!