Link to challenge: http://hackvent.hacking-lab.com
Date Completed: 09 December 2015
Challenge
1 2 3 4 5 6 7 8 |
sadly we didnt receive todays code transmission properly and it seems that a part of the information got lost. are you able to recover the missing parts? all we know is that the lowercase sha1 of the code gives: B39ECFBC2C64ADBB7C7A9292EEE31794D28FE224 and the sha1 of the case sensitive code should be: 0D353038908AD0FC8C51A5312BB3E2FEE1CDDF83 |
The following sound file was also provided: Download MP3
Solution
This was a very simple challenge.
First we listen to the transmission and discover it spells out the nugget but some characters are turned into noise.
We get:
1 |
HV?5 g?uj 1yq7 ?dyc 2wlr e6?j |
The
? character represents a character in the set
[A-Za-z0-9] (because those are the only characters that can appear in the nugget).
We notice that dashes are omitted. We also know the nugget starts with HV15 so the first unknown character is determined to be 1.
Now, we bruteforce the remaining 3 characters using our hint. We want to first find a full lowercase solution that has a sha1sum which equals
B39ECFBC2C64ADBB7C7A9292EEE31794D28FE224 .
After a solution is found for that, we can then try to find the sha1sum of all permutations of the case of each character after HV15 (we know HV15 must be uppercase).
So we construct our template to be:
1 |
HV15-g?uj-1yq7-?dyc-2wlr-e6?j |
Then we write a python script to carry out the Bruteforce attack:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
#!/usr/bin/env python # Day 9 import hashlib, itertools message = 'HV15-G?UJ-1YQ7-?DYC-2WLR-E6?J' # Source: http://stackoverflow.com/a/6792898/1800854 def all_casings(input_string): if not input_string: yield "" else: first = input_string[:1] if first.lower() == first.upper(): for sub_casing in all_casings(input_string[1:]): yield first + sub_casing else: for sub_casing in all_casings(input_string[1:]): yield first.lower() + sub_casing yield first.upper() + sub_casing # Bruteforce for res in list(itertools.permutations('abcdefghijklmnopqrstuvwxyz0123456789', 3)): template = list(message) template[6] = res[0] template[15] = res[1] template[27] = res[2] # Check sha1 input = ''.join(template).lower() hash_object = hashlib.sha1(input) hex_dig = hash_object.hexdigest().upper() if hex_dig == 'B39ECFBC2C64ADBB7C7A9292EEE31794D28FE224': print "Found match:", ''.join(template).lower() input2 = list(''.join(template).lower()) input2_str = ''.join(input2) # Bruteforce character cases for perm in all_casings(input2_str[4:]): final_test = "HV15" + perm hash_object = hashlib.sha1(final_test) hex_dig = hash_object.hexdigest().upper() # Check final solution if hex_dig == '0D353038908AD0FC8C51A5312BB3E2FEE1CDDF83': print "Found solution:", final_test |
We run this and get our flag in 1 second:
Flag: HV15-GnUj-1YQ7-vdYC-2wlr-E6xj