vault-door-1 - Points 100
The vault uses some complicated array! I hope you can make sense of it, special agent. The source code for this vault is here:
import java.util.*;
class VaultDoor1 {
public static void main(String args[]) {
VaultDoor1 vaultDoor = new VaultDoor1();
Scanner scanner = new Scanner(System.in);
System.out.print("Enter vault password: ");
String userInput = scanner.next();
String input = userInput.substring("picoCTF{".length(),userInput.length()-1);
if (vaultDoor.checkPassword(input)) {
System.out.println("Access granted.");
} else {
System.out.println("Access denied!");
}
}
// I came up with a more secure way to check the password without putting
// the password itself in the source code. I think this is going to be
// UNHACKABLE!! I hope Dr. Evil agrees...
//
// -Minion #8728
public boolean checkPassword(String password) {
return password.length() == 32 &&
password.charAt(0) == 'd' &&
password.charAt(29) == '8' &&
password.charAt(4) == 'r' &&
password.charAt(2) == '5' &&
password.charAt(23) == 'r' &&
password.charAt(3) == 'c' &&
password.charAt(17) == '4' &&
password.charAt(1) == '3' &&
password.charAt(7) == 'b' &&
password.charAt(10) == '_' &&
password.charAt(5) == '4' &&
password.charAt(9) == '3' &&
password.charAt(11) == 't' &&
password.charAt(15) == 'c' &&
password.charAt(8) == 'l' &&
password.charAt(12) == 'H' &&
password.charAt(20) == 'c' &&
password.charAt(14) == '_' &&
password.charAt(6) == 'm' &&
password.charAt(24) == '5' &&
password.charAt(18) == 'r' &&
password.charAt(13) == '3' &&
password.charAt(19) == '4' &&
password.charAt(21) == 'T' &&
password.charAt(16) == 'H' &&
password.charAt(27) == '3' &&
password.charAt(30) == '4' &&
password.charAt(25) == '_' &&
password.charAt(22) == '3' &&
password.charAt(28) == 'f' &&
password.charAt(26) == '0' &&
password.charAt(31) == '1';
}
}
Solution
This is vault-door-1 Flag Problem in this one, the Flag is compared using a charAt() String method which compares the user input String with the Flag, but the problem here is the Minons clearly changed the order of comparing the characters, to solve this you need to rearrange them in the numerical order from 0 to 31, when you're done you can clearly see the Flag, after rearranging the code
return password.length() == 32 &&
password.charAt(0) == 'd' &&
password.charAt(1) == '3' &&
password.charAt(2) == '5' &&
password.charAt(3) == 'c' &&
password.charAt(4) == 'r' &&
password.charAt(5) == '4' &&
password.charAt(6) == 'm' &&
password.charAt(7) == 'b' &&
password.charAt(8) == 'l' &&
password.charAt(9) == '3' &&
password.charAt(10) == '_' &&
password.charAt(11) == 't' &&
password.charAt(12) == 'H' &&
password.charAt(13) == '3' &&
password.charAt(14) == '_' &&
password.charAt(15) == 'c' &&
password.charAt(16) == 'H' &&
password.charAt(17) == '4' &&
password.charAt(18) == 'r' &&
password.charAt(19) == '4' &&
password.charAt(20) == 'c' &&
password.charAt(21) == 'T' &&
password.charAt(22) == '3' &&
password.charAt(23) == 'r' &&
password.charAt(24) == '5' &&
password.charAt(25) == '_' &&
password.charAt(26) == '0' &&
password.charAt(27) == '3' &&
password.charAt(28) == 'f' &&
password.charAt(29) == '8' &&
password.charAt(30) == '4' &&
password.charAt(31) == '1';
now you can see the code says "descramble_the_characters_03f841" and the Flag is
picoCTF{d35cr4mbl3_tH3_cH4r4cT3r5_03f841}
To know how to run a java program, please refer this link