Cyber Skyline Trove
Cyber Skyline Trove

Bytes

Prompt

Determine the secret password that will validate successfully against the verify function. We've been having trouble getting it to run, but we saw it running properly on a different system. The code seems to be a bit old, maybe you can find the right environment/configuration to get it to run.

Walk-Through

This challenge requires you to analyze a Python script to bypass the insecure verify function. There appears to be some type of password used in the verify function; however, it is not cryptographically secure and it is possible to reverse engineer the code to obtain the value that’s stored. The task for this challenge is to find a value for submission that will cause the verify function to return True.

Using a terminal, you can get a better understanding of the code by entering your own submissions. Create a file named bytes.py. Copy the code provided in the code window on the platform and paste into the new file using your mouse. Save the program. Then enter python bytes.py on the command line to run the program.

01234
01234 was submitted. Since the length submitted was not even, the program ended.
💡

Please note that this code is using Python 2.7. If you try to edit or run this program on your own terminal, you may need to change the syntax of the code to get it to work, or run Python 2.7 in it’s own virtual environment.

Guide

This guide will review the lines of the verify function in order to better understand how to get the correct password value.

In lines 7-8, if the length of submission is not an even number, then verify returns false. Therefore, the length of submission will need to be an even number. 

def verify(submission):
    processed = [ ]
    if len(submission) % 2 != 0:
        return False
len() is a built-in python function that returns the number of items in an object. In this case, len()is calculating the number of characters in the string that is submitted to the program.

Next, for lines 10-11, there is a loop that will run through submission. In each iteration, the loop will combine two characters together and convert them from hexadecimal into an integer that is added to the processed list, which was initialized in line 6.

    for i in range(0, len(submission) / 2):
        processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16)
This part of the function converts a Hex string into separate bytes (represented by 2 Hex characters). Then, in the (int(submission…)), Hex bytes are converted to decimal (ex: 0x4A=74)
‣
Open this drop down to learn about what is occurring in this ‘for’ loop:

As an example, lets say you submitted 012345 to the program.

  • In the line starting the ‘for’ loop, the number of characters submitted is divided by two—the length of the submission is 6 characters (012345), and 6/2=3. The loop will be performed 3 times.
    • The range for the loop starts at 0 . Therefore, 0 will be the first value for i. When i equals 3 the loop will not proceed because that will be considered the end of the range.
  • In the second line, two characters from submission are changed to integers and added to the processed list in a loop.
    • The first character is at position i*2 from submission (012345)
      • In the first loop, i=0, so i*2=0
      • The character at position 0 is 0.
    • The next character is at position i*2+1 from submission (012345)
      • In the first loop, i=0, so i*2+1=1
      • The character at position 1 is 1.
    • These two characters are then combined together to be 01
    • The 16 value at the end of the highlighted code, tells the int() function to process the two characters (0x01) as hexadecimal. The int() function will convert them to decimal.
      • For i=0, this means 0x01 will become 1 and will be the first entry in the processed list.
      • For i=1, 0x23 will become 35
      • For i=2, 0x45 will become 69

Through the use of a command line interface, you can see how the input is processed by adding a print statement to the Python file you created.

Add this line of code to right under processed.append... within the verify function:

print("This was processed", processed)
Python is very particular about using the correct tabbed spacing. Be sure when you add this that the start lines up with the code above it.
Each iteration of the loop shows which values are added to the
Each iteration of the loop shows which values are added to the processed list.

Through lines 13-15, the function then checks if the length of processed is equal to the length of ekc. If the lengths are not the same, then verify will return false. 

    ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
    if len(processed) != len(ekc):
        return False
This portion of the code verifies that the processed list is the same length of ekc. Notice the values contained in the ekc list are a mix of hexadecimal and decimal.
💡

Since processed must be equal to ekc, and processed is half of the length of submission, we know that submission must therefore be twice the length of ekc.

ekc is an list of 13 values, so submission must be 26 characters long.

The last check in the function is to iterate through the processed list and check to see if there are any values that do not match between processed and ekc. If there are any values that do not match, then verify returns ‘False’. 

    for i in range(len(processed)):
        if ekc[i] != processed[i]:
            return False
‣
Open this toggle to see a summary of what has been learned from reviewing the verify function:
  1. There must be an even number of characters submitted
  2. Characters entered are treated as Hex values
  3. The characters submitted are put into pairs and converted from Hex to decimal values and are listed in an list named processed
  4. The processed list is compared to another list, ekc, that contains a mix of Hex and decimal values.
  5. The processed list must match the length of ekc
  6. ekc contains 13 values so there must be 26 characters in the submission
  7. The processed list values must match those of ekc

Even if the correct characters were entered in the initial submission, the problem remains that the processed list (containing only integer values) is being compared to the ekc list, which contains a mix of integers and hexadecimal values. Thus, the verify function (as is) will never return ‘True’ unless we make changes so that the lists contain values of the same type.

However, doing this is not necessary. Fixing the program is not required. What is required is that we find a value that could pass the verify function.

The program interprets characters entered as hexadecimal and will compare whatever is entered with the contents of ekc. Therefore, a conversion of the ekc list to hexadecimal will provide a value that will pass the verify function.

Using a terminal, add the following line of code to the program after the line containing submission = raw_input… :

ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
print(''.join('%02x' % i for i in ekc))
This Python code will print ekc as hexadecimal

Running the program again will print ekc as a hexadecimal string— this value will pass the verify function.

The answer has been partially redacted. Recall from earlier that unless the code is corrected, the verify function will always return “That is incorrect”.
The answer has been partially redacted. Recall from earlier that unless the code is corrected, the verify function will always return “That is incorrect”.

This could also be solved by converting the three decimal values in ekc to Hex through the use of CyberChef or other conversion tools. Most of the list already contains Hex values, so the 0x in front can be removed to get the correct string of characters.

Questions

1. What language is this program written in?

The programming language is indicated in the first line of the code

2. What is the password that will successfully pass the verify function?

Convert the values of ekc into a hexadecimal string

©️ 2026 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.

#!/usr/bin/env python2.7

import sys

def verify(submission):
    processed = [ ]
    if len(submission) % 2 != 0:
        return False

    for i in range(0, len(submission) / 2):
        processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))

    ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
    if len(processed) != len(ekc):
        return False

    for i in range(len(processed)):
        if ekc[i] != processed[i]:
            return False

    return True

if len(sys.argv) != 1:
    print "Usage: python bytes.py"
    exit(1)

submission = raw_input("What is the password? ")

if verify(submission):
    print "That is correct"
    exit(0)
else:
    print "That is incorrect"
    exit(2)