Reversing Snake

edited June 2018 in Challenges

I already reversed this and managed to find the username and decrypt the password. However, when I put that as a flag in the solution it says "Try harder" :(

I am not sure what is going on! Am I putting it in a wrong format? Or is there something else I have to find.

Would appreciate any hints. While I wont post my findings to not spoil the solution.

Hack The Box

Tagged:
«13

Comments

  • Having the same issue... please help. Works fine when I run it locally

  • I am being trolled by this!
    Hints please :tired_face:

    Hack The Box

  • Same here, I got the username and password, program says "Good Job" but I cannot submit the flag. I've tried various formats but none seems to work! Also it seems the program checks only the first character of the password??

  • There is a reason you can get "Good Job" and it not be correct. Try to understand the rest of the script and the programs logic; don't overlook anything.

    m0noc

  • Thanks guys, I solved it! The author was really trolling with us xD

  • this challenge is stupid

  • I had done with the code but stuck in flag incorrect

  • @stormbringer said:
    Thanks guys, I solved it! The author was really trolling with us xD

    how!!
    I'm stuck... with flag incorrect...
    I have already got the username and pass

  • @jowinchemban said:

    @stormbringer said:
    Thanks guys, I solved it! The author was really trolling with us xD

    how!!
    I'm stuck... with flag incorrect...
    I have already got the username and pass

    then you have been trolled, hard to help when m0noc's hint says it all.

  • @d4rk3r said:

    @jowinchemban said:

    @stormbringer said:
    Thanks guys, I solved it! The author was really trolling with us xD

    how!!
    I'm stuck... with flag incorrect...
    I have already got the username and pass

    then you have been trolled, hard to help when m0noc's hint says it all.

    I have been trolled with the password for sure xD, but still don't get it!

    Hack The Box

  • edited June 2018

    @m0noc said:
    There is a reason you can get "Good Job" and it not be correct. Try to understand the rest of the script and the programs logic; don't overlook anything.

    So I wrote a tiny python script to help reverse The Snake (after getting tired of retyping stuff in the REPL). It's output produces 'Good Job' from snake.py everytime, but wasn't being accepted as the correct flag.

    When I looked over the script again I found a way to input a simpler password, but this still isn't being accepted by the HTB site...

    Any suggestions?

    Trying not to say too much here... apologies if I did.

  • Feel like the challenge in this one is trying to figure out what the creator was thinking because I have deciphered the script and no idea what expected password is
  • @Meatex @bashM0nk3y @jareck @jowinchemban

    the program logic needs review and a little modification, notice that the "Good job" is printed only once...

  • I'm confused;
    I have already got the string but it is not accepted on HTB. I don't see how fixing the comparison loop is going to change the contents of the string/list

  • edited June 2018

    @danymogh said:
    @Meatex @bashM0nk3y @jareck @jowinchemban

    the program logic needs review and a little modification, notice that the "Good job" is printed only once...

    best hint so far that ive seen..

    thanks for the trail of bread crumbs!

    @Meatex
    pay attention to how the loop actually operates

  • I solved the challenge pretty quickly (with a little guessing and few assumptions) but I still have little idea about the intended logic of the flag:)

  • I really dont know what to do here. I think i understand the logic behind the "encryption" and the password checking, i still have no idea what the intended password parameter for the flag is. It doesnt seem to be the things that are working as a password entry, and i dont know what else could be meant with "password" in the flag if not the text you can put into the programm to get a "Good job" message.

  • guys, the hint still doesn't help... like what does it even have anything to do with the loop ?

  • Even tried the unused variables and they don't change to anything meaningful
    Not good enough to fix the loop but I still can't fathom how that matters as I know the what its getting compared against
    Feel like I need to know some obscure quirk to python that is still years of practice away for me tbh

  • I'm in the same boat - got the username and password, got the Good Job message, but now I'm not sure where to go. I think I understand the program logic but then again...

  • @MistletoeH said:
    I'm in the same boat - got the username and password, got the Good Job message, but now I'm not sure where to go. I think I understand the program logic but then again...

    make sure you really understand the logic of the program. there's something odd about a part in the end. And why is everyone talking about being trolled in here?

  • I managed to solve this! Even though I was being trolled, still this was confusing & misleading enough!

    Hack The Box

  • edited June 2018

    Very , Very stupid challenge
    Ok let's change source , change last 'break' to 'continue' and put pass uuuuuuuuuuuuuuuuuuuuuuuuu and we got 25 Good Job... Right ?
    What the fuck is going on
    Fucking challenge, i solved 'Crack This!' and others but Snake is bullshit

  • Great challenge. Thanks to the creator.

    delosucks

  • I've been at this far longer than I should have, but is the actual "password" written/hidden in this program or does it require some kind of pun logic based on the comparison required to get Good Job to print? I've tried a lot of "clever" word play based on the username and "password", but am at a loss now.

  • What do you guys think I am am going to make it that easy? No you have to do it manually and besides this was first challenge i had ever created.

  • @m0noc said:
    There is a reason you can get "Good Job" and it not be correct. Try to understand the rest of the script and the programs logic; don't overlook anything.

    truth

  • Reading variables names and its meaning was very useful

  • The value of the flag on this one seems impossible to derive based on the instructions and the code.

    So we discard the obvious bits - the variables "password" and "auth" aren't referred to anywhere else in the code so we can toss those (and if you decode them you just get messages telling you to keep looking, so fair enough)

    The loop at the end only checks the first character of your password and compares it to the first character of "chars". If your password starts with that character then it says "Good Job". I tried using that single character as the password part of my flag, no dice.

    Okay, so let's look at the entirety of what chars would contain if the loop wasn't broken. Got that, big long string starts with u. Tried that in the flag, but it has {} in it so obviously that isn't going to work, but it should be pretty easy to reverse back into something readable.

    Reversed it into a human-readable string that talks about trolls. Great, that's got to be it right? No, that doesn't work as the password part of the flag either.

    It's not a decoded version of "keys", nor a decoded version of "chains". (note for the encoding/decoding - lock_pick is a red herring, the value of lock will always be the same if you do the math)

    I eventually figured out what the flag had to be, but basically had to resort to hitting "submit" on the flag with bits and pieces of everything I could find in the code that could conceivably be the password. There's no way I would have found it otherwise.

    The premise of the challenge is interesting, but the instructions about the format of the flag are frustratingly misleading.

    Hopefully I've made this post specific enough to complain but vague enough as to not be nuked by the mods. I don't mention at all what the first part of the flag is, and I don't specifically state what ends up being the second part of it... (but by process of elimination you might save yourself some frustration)

  • Thoroughly Trolled

Sign In to comment.