Prompt
Determine the secret password that will validate successfully against the verify function. We've been having trouble getting it to run, but we saw it running properly on a different system. The code seems to be a bit old, maybe you can find the right environment/configuration to get it to run.
#!/usr/bin/env python2.7
import sys
def verify(submission):
processed = [ ]
if len(submission) % 2 != 0:
return False
for i in range(0, len(submission) / 2):
processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))
ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
if len(processed) != len(ekc):
return False
for i in range(len(processed)):
if ekc[i] != processed[i]:
return False
return True
if len(sys.argv) != 1:
print "Usage: python bytes.pyc"
exit(1)
submission = raw_input("What is the password? ")
if verify(submission):
print "That is correct"
exit(0)
else:
print "That is incorrect"
exit(2)
Walk-Through
This challenge requires you to analyze a Python script to bypass the insecure verify
function. There appears to be some type of password used in the verify
function; however, it is not cryptographically secure and it is possible to reverse engineer the code to obtain the plaintext password. The task for this challenge is to find a value for submission
that will cause the verify
function to return true.
In the first check, if the length of submission
is not an even number, then verify
returns false. Therefore, the length of submission will need to be an even number.
def verify(submission):
processed = [ ]
if len(submission) % 2 != 0:
return False
for i in range(0, len(submission) / 2):
processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))
ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
if len(processed) != len(ekc):
return False
for i in range(len(processed)):
if ekc[i] != processed[i]:
return False
return True
Next, there is a loop that will run through submission
two characters at a time. In each iteration, the loop will combine the two characters together and convert them from hexdecimal into an integer that is added to the processed
array.
def verify(submission):
processed = [ ]
if len(submission) % 2 != 0:
return False
for i in range(0, len(submission) / 2):
processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))
ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
if len(processed) != len(ekc):
return False
for i in range(len(processed)):
if ekc[i] != processed[i]:
return False
return True
int(…, 16)
function converts a hex string into an integer The function then checks if the length of processed
is equal to the length of ekc
. If the lengths are not the same, then verify
will return false. Since processed
is half of the length of submission
, we know that submission
must therefore be twice the length of ekc
. ekc
is an array of 13 values, so submission
must be 26 characters long.
def verify(submission):
processed = [ ]
if len(submission) % 2 != 0:
return False
for i in range(0, len(submission) / 2):
processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))
ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
if len(processed) != len(ekc):
return False
for i in range(len(processed)):
if ekc[i] != processed[i]:
return False
return True
The last check in the function is to iterate through the processed
array and check to see if there are any values that do not match between processed
and ekc
. If there are any values that do not match, then verify
returns false.
def verify(submission):
processed = [ ]
if len(submission) % 2 != 0:
return False
for i in range(0, len(submission) / 2):
processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))
ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
if len(processed) != len(ekc):
return False
for i in range(len(processed)):
if ekc[i] != processed[i]:
return False
return True
Putting all of this information together, it appears that processed
is an integer array representing the ASCII hexadecimal values of ekc
, so a conversion of ekc
to hexadecimal will provide a value that will pass the verify
function.
ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
print ''.join('%02x' % i for i in ekc)
ekc
as hexadecimalQuestions
What language is this program written in?
The programming language is indicated in the first line of the code
What is the password that will successfully pass the verify function?
Convert the values of ekc
into a hexadecimal string
©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.