PicoCTF 2019 Writeups

27-oct-2019 by AJc0de5

Click here to start from the beginning of the series.

vault-door-4 - Points 250

This vault uses ASCII encoding for the password. The source code for this vault is here:

import java.util.*;

class VaultDoor4 {
    public static void main(String args[]) {
        VaultDoor4 vaultDoor = new VaultDoor4();
        Scanner scanner = new Scanner(System.in);
        System.out.print("Enter vault password: ");
        String userInput = scanner.next();
  String input = userInput.substring("picoCTF{".length(),userInput.length()-1);
  if (vaultDoor.checkPassword(input)) {
      System.out.println("Access granted.");
  } else {
      System.out.println("Access denied!");
        }
    }

    // I made myself dizzy converting all of these numbers into different bases,
    // so I just *know* that this vault will be impenetrable. This will make Dr.
    // Evil like me better than all of the other minions--especially Minion
    // #5620--I just know it!
    //
    //  .:::.   .:::.
    // :::::::.:::::::
    // :::::::::::::::
    // ':::::::::::::'
    //   ':::::::::'
    //     ':::::'
    //       ':'
    // -Minion #7781
    public boolean checkPassword(String password) {
        byte[] passBytes = password.getBytes();
        byte[] myBytes = {
            106 , 85  , 53  , 116 , 95  , 52  , 95  , 98  ,
            0x55, 0x6e, 0x43, 0x68, 0x5f, 0x30, 0x66, 0x5f,
            0142, 0131, 0164, 063 , 0163, 0137, 070 , 060 ,
            'f' , '8' , 'e' , '1' , 'e' , '0' , '4' , '7' ,
        };
    
        for (int i=0; i<32; i++) {
            if (passBytes[i] != myBytes[i]) {
                return false;
            }
        }
        return true;
    }
}

Solution

This is the fourth vault door and this one is pretty easier than the previous one, if you've seen the above code then you might know what I mean, but it's okay if you didn't understand. from the question itself you can see they've used ASCII encoding for storing the bytes, and the resultant byte values are stored in a byte[] array

From that bytes you can see,

  1. the first 8 bytes are Decimal (base 10),
  2. second 8 bytes are HexaDecimal (base 16),
  3. third 8 bytes are Octal (base 8),
  4. final 8 bytes are not encoded they are just Characters.

To find the Flag you can use a Explicit Conversion from byte to char to print the actual Flag, the code to that is

              byte[] myBytes = {
              106 , 85  , 53  , 116 , 95  , 52  , 95  , 98  ,
              0x55, 0x6e, 0x43, 0x68, 0x5f, 0x30, 0x66, 0x5f,
              0142, 0131, 0164, 063 , 0163, 0137, 070 , 060 ,
              'f' , '8' , 'e' , '1' , 'e' , '0' , '4' , '7' ,
            };
            for(int i=0;i<32;i++) {
                System.out.print((char)myBytes[i]);
            }

If you run the above code in a java program you can get the Flag as, 

picoCTF{jU5t_4_bUnCh_0f_bYt3s_80f8e1e047}

Reference Links,

  1. Decimal base
  2. Octal base
  3. HexaDecimal base