Bytes

Prompt

Determine the secret password that will validate successfully against the verify function. We've been having trouble getting it to run, but we saw it running properly on a different system. The code seems to be a bit old, maybe you can find the right environment/configuration to get it to run.

#!/usr/bin/env python2.7

import sys

def verify(submission):
    processed = [ ]
    if len(submission) % 2 != 0:
        return False

    for i in range(0, len(submission) / 2):
        processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))

    ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
    if len(processed) != len(ekc):
        return False

    for i in range(len(processed)):
        if ekc[i] != processed[i]:
            return False

    return True

if len(sys.argv) != 1:
    print "Usage: python bytes.pyc"
    exit(1)

submission = raw_input("What is the password? ")

if verify(submission):
    print "That is correct"
    exit(0)
else:
    print "That is incorrect"
    exit(2)

Walk-Through

This challenge requires you to analyze a Python script to bypass the insecure verify function. There appears to be some type of password used in the verify function; however, it is not cryptographically secure and it is possible to reverse engineer the code to obtain the plaintext password. The task for this challenge is to find a value for submission that will cause the verify function to return true.

In the first check, if the length of submission is not an even number, then verify returns false. Therefore, the length of submission will need to be an even number. 

def verify(submission):
    processed = [ ]
    if len(submission) % 2 != 0:
        return False

    for i in range(0, len(submission) / 2):
        processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))

    ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
    if len(processed) != len(ekc):
        return False

    for i in range(len(processed)):
        if ekc[i] != processed[i]:
            return False

    return True

Next, there is a loop that will run through submission two characters at a time. In each iteration, the loop will combine the two characters together and convert them from hexdecimal into an integer that is added to the processed array. 

def verify(submission):
    processed = [ ]
    if len(submission) % 2 != 0:
        return False

    for i in range(0, len(submission) / 2):
        processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))

    ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
    if len(processed) != len(ekc):
        return False

    for i in range(len(processed)):
        if ekc[i] != processed[i]:
            return False

    return True
The int(…, 16) function converts a hex string into an integer

The function then checks if the length of processed is equal to the length of ekc. If the lengths are not the same, then verify will return false. Since processed is half of the length of submission, we know that submission must therefore be twice the length of ekc. ekc is an array of 13 values, so submission must be 26 characters long. 

def verify(submission):
    processed = [ ]
    if len(submission) % 2 != 0:
        return False

    for i in range(0, len(submission) / 2):
        processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))

    ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
    if len(processed) != len(ekc):
        return False

    for i in range(len(processed)):
        if ekc[i] != processed[i]:
            return False

    return True

The last check in the function is to iterate through the processed array and check to see if there are any values that do not match between processed and ekc. If there are any values that do not match, then verify returns false. 

def verify(submission):
    processed = [ ]
    if len(submission) % 2 != 0:
        return False

    for i in range(0, len(submission) / 2):
        processed.append(int(submission[i * 2] + submission[(i * 2) + 1], 16))

    ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
    if len(processed) != len(ekc):
        return False

    for i in range(len(processed)):
        if ekc[i] != processed[i]:
            return False

    return True

Putting all of this information together, it appears that processed is an integer array representing the ASCII hexadecimal values of ekc, so a conversion of ekc to hexadecimal will provide a value that will pass the verify function. 

ekc = [ 0x53, 75, 0x59, 0x2D, 0110, 0x45, 88, 72, 0x2D, 0x35, 0x36, 0x38, 0x30 ]
print ''.join('%02x' % i for i in ekc)
This Python code will print ekc as hexadecimal

Questions

What language is this program written in?

The programming language is indicated in the first line of the code

What is the password that will successfully pass the verify function?

Convert the values of ekc into a hexadecimal string

©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.