Reversing Snake

@d4rk3r said:

@jowinchemban said:

@stormbringer said:
Thanks guys, I solved it! The author was really trolling with us xD

how!!
I’m stuck… with flag incorrect…
I have already got the username and pass

then you have been trolled, hard to help when m0noc’s hint says it all.

I have been trolled with the password for sure xD, but still don’t get it!

@m0noc said:
There is a reason you can get “Good Job” and it not be correct. Try to understand the rest of the script and the programs logic; don’t overlook anything.

So I wrote a tiny python script to help reverse The Snake (after getting tired of retyping stuff in the REPL). It’s output produces ‘Good Job’ from snake.py everytime, but wasn’t being accepted as the correct flag.

When I looked over the script again I found a way to input a simpler password, but this still isn’t being accepted by the HTB site…

Any suggestions?

Trying not to say too much here… apologies if I did.

Feel like the challenge in this one is trying to figure out what the creator was thinking because I have deciphered the script and no idea what expected password is

@Meatex @bashM0nk3y @jareck @jowinchemban

the program logic needs review and a little modification, notice that the “Good job” is printed only once…

I’m confused;
I have already got the string but it is not accepted on HTB. I don’t see how fixing the comparison loop is going to change the contents of the string/list

@danymogh said:
@Meatex @bashM0nk3y @jareck @jowinchemban

the program logic needs review and a little modification, notice that the “Good job” is printed only once…

best hint so far that ive seen…

thanks for the trail of bread crumbs!

@Meatex
pay attention to how the loop actually operates

I solved the challenge pretty quickly (with a little guessing and few assumptions) but I still have little idea about the intended logic of the flag:)

I really dont know what to do here. I think i understand the logic behind the “encryption” and the password checking, i still have no idea what the intended password parameter for the flag is. It doesnt seem to be the things that are working as a password entry, and i dont know what else could be meant with “password” in the flag if not the text you can put into the programm to get a “Good job” message.

guys, the hint still doesn’t help… like what does it even have anything to do with the loop ?

Even tried the unused variables and they don’t change to anything meaningful
Not good enough to fix the loop but I still can’t fathom how that matters as I know the what its getting compared against
Feel like I need to know some obscure quirk to python that is still years of practice away for me tbh

I’m in the same boat - got the username and password, got the Good Job message, but now I’m not sure where to go. I think I understand the program logic but then again…

@MistletoeH said:
I’m in the same boat - got the username and password, got the Good Job message, but now I’m not sure where to go. I think I understand the program logic but then again…

make sure you really understand the logic of the program. there’s something odd about a part in the end. And why is everyone talking about being trolled in here?

I managed to solve this! Even though I was being trolled, still this was confusing & misleading enough!

Very , Very stupid challenge
Ok let’s change source , change last ‘break’ to ‘continue’ and put pass uuuuuuuuuuuuuuuuuuuuuuuuu and we got 25 Good Job… Right ?
What the ■■■■ is going on
Fucking challenge, i solved ‘Crack This!’ and others but Snake is bullshit

Great challenge. Thanks to the creator.

I’ve been at this far longer than I should have, but is the actual “password” written/hidden in this program or does it require some kind of pun logic based on the comparison required to get Good Job to print? I’ve tried a lot of “clever” word play based on the username and “password”, but am at a loss now.

What do you guys think I am am going to make it that easy? No you have to do it manually and besides this was first challenge i had ever created.

@m0noc said:
There is a reason you can get “Good Job” and it not be correct. Try to understand the rest of the script and the programs logic; don’t overlook anything.

truth

Reading variables names and its meaning was very useful

The value of the flag on this one seems impossible to derive based on the instructions and the code.

So we discard the obvious bits - the variables “password” and “auth” aren’t referred to anywhere else in the code so we can toss those (and if you decode them you just get messages telling you to keep looking, so fair enough)

The loop at the end only checks the first character of your password and compares it to the first character of “chars”. If your password starts with that character then it says “Good Job”. I tried using that single character as the password part of my flag, no dice.

Okay, so let’s look at the entirety of what chars would contain if the loop wasn’t broken. Got that, big long string starts with u. Tried that in the flag, but it has {} in it so obviously that isn’t going to work, but it should be pretty easy to reverse back into something readable.

Reversed it into a human-readable string that talks about trolls. Great, that’s got to be it right? No, that doesn’t work as the password part of the flag either.

It’s not a decoded version of “keys”, nor a decoded version of “chains”. (note for the encoding/decoding - lock_pick is a red herring, the value of lock will always be the same if you do the math)

I eventually figured out what the flag had to be, but basically had to resort to hitting “submit” on the flag with bits and pieces of everything I could find in the code that could conceivably be the password. There’s no way I would have found it otherwise.

The premise of the challenge is interesting, but the instructions about the format of the flag are frustratingly misleading.

Hopefully I’ve made this post specific enough to complain but vague enough as to not be nuked by the mods. I don’t mention at all what the first part of the flag is, and I don’t specifically state what ends up being the second part of it… (but by process of elimination you might save yourself some frustration)