Reversing Snake

guys, the hint still doesn’t help… like what does it even have anything to do with the loop ?

Even tried the unused variables and they don’t change to anything meaningful
Not good enough to fix the loop but I still can’t fathom how that matters as I know the what its getting compared against
Feel like I need to know some obscure quirk to python that is still years of practice away for me tbh

I’m in the same boat - got the username and password, got the Good Job message, but now I’m not sure where to go. I think I understand the program logic but then again…

@MistletoeH said:
I’m in the same boat - got the username and password, got the Good Job message, but now I’m not sure where to go. I think I understand the program logic but then again…

make sure you really understand the logic of the program. there’s something odd about a part in the end. And why is everyone talking about being trolled in here?

I managed to solve this! Even though I was being trolled, still this was confusing & misleading enough!

Very , Very stupid challenge
Ok let’s change source , change last ‘break’ to ‘continue’ and put pass uuuuuuuuuuuuuuuuuuuuuuuuu and we got 25 Good Job… Right ?
What the ■■■■ is going on
Fucking challenge, i solved ‘Crack This!’ and others but Snake is bullshit

Great challenge. Thanks to the creator.

I’ve been at this far longer than I should have, but is the actual “password” written/hidden in this program or does it require some kind of pun logic based on the comparison required to get Good Job to print? I’ve tried a lot of “clever” word play based on the username and “password”, but am at a loss now.

What do you guys think I am am going to make it that easy? No you have to do it manually and besides this was first challenge i had ever created.

@m0noc said:
There is a reason you can get “Good Job” and it not be correct. Try to understand the rest of the script and the programs logic; don’t overlook anything.

truth

Reading variables names and its meaning was very useful

The value of the flag on this one seems impossible to derive based on the instructions and the code.

So we discard the obvious bits - the variables “password” and “auth” aren’t referred to anywhere else in the code so we can toss those (and if you decode them you just get messages telling you to keep looking, so fair enough)

The loop at the end only checks the first character of your password and compares it to the first character of “chars”. If your password starts with that character then it says “Good Job”. I tried using that single character as the password part of my flag, no dice.

Okay, so let’s look at the entirety of what chars would contain if the loop wasn’t broken. Got that, big long string starts with u. Tried that in the flag, but it has {} in it so obviously that isn’t going to work, but it should be pretty easy to reverse back into something readable.

Reversed it into a human-readable string that talks about trolls. Great, that’s got to be it right? No, that doesn’t work as the password part of the flag either.

It’s not a decoded version of “keys”, nor a decoded version of “chains”. (note for the encoding/decoding - lock_pick is a red herring, the value of lock will always be the same if you do the math)

I eventually figured out what the flag had to be, but basically had to resort to hitting “submit” on the flag with bits and pieces of everything I could find in the code that could conceivably be the password. There’s no way I would have found it otherwise.

The premise of the challenge is interesting, but the instructions about the format of the flag are frustratingly misleading.

Hopefully I’ve made this post specific enough to complain but vague enough as to not be nuked by the mods. I don’t mention at all what the first part of the flag is, and I don’t specifically state what ends up being the second part of it… (but by process of elimination you might save yourself some frustration)

Thoroughly Trolled

@Cryovenom said:
The value of the flag on this one seems impossible to derive based on the instructions and the code.

So we discard the obvious bits - the variables “password” and “auth” aren’t referred to anywhere else in the code so we can toss those (and if you decode them you just get messages telling you to keep looking, so fair enough)

The loop at the end only checks the first character of your password and compares it to the first character of “chars”. If your password starts with that character then it says “Good Job”. I tried using that single character as the password part of my flag, no dice.

Okay, so let’s look at the entirety of what chars would contain if the loop wasn’t broken. Got that, big long string starts with u. Tried that in the flag, but it has {} in it so obviously that isn’t going to work, but it should be pretty easy to reverse back into something readable.

Reversed it into a human-readable string that talks about trolls. Great, that’s got to be it right? No, that doesn’t work as the password part of the flag either.

It’s not a decoded version of “keys”, nor a decoded version of “chains”. (note for the encoding/decoding - lock_pick is a red herring, the value of lock will always be the same if you do the math)

I eventually figured out what the flag had to be, but basically had to resort to hitting “submit” on the flag with bits and pieces of everything I could find in the code that could conceivably be the password. There’s no way I would have found it otherwise.

The premise of the challenge is interesting, but the instructions about the format of the flag are frustratingly misleading.

Hopefully I’ve made this post specific enough to complain but vague enough as to not be nuked by the mods. I don’t mention at all what the first part of the flag is, and I don’t specifically state what ends up being the second part of it… (but by process of elimination you might save yourself some frustration)

100%

After I took 4 hours of my life, and threw them into the bin I would like to say something for this challenge, now that I found the correct answer. In previous answers on this thread some people said that you may need to modify the script in order to find the answer. I may misunderstood what they said, but I though that I have to modify the logic … well you DO NOT need to do that. Secondly, I would like to give two tips (hopefully they will not get deleted):

  1. The loop at the end gives you a tip on what letter the real password starts with.
  2. Read again the first hint that I gave, and THINK about it. You have certainly seen the real password before, but you didn’t knew it; its disguising itself.

I am not going to rate this challenge, because yes, it is very easy and I think everyone solved a more difficult before. But the thing here is, that we don’t talk for a regular reversing challenge. Here you don’t have only to reverse the code, but also think what the creator wanted to do, so it goes a bit beyond “just reverse the code”, and is more like “reverse the intension”. Good luck to everyone, and try harder !

I have solved the challenge and I know the password is how long and how the loop is behaving. I have also noticed the use of if and break statements while comparing password. Still I am unable to submit the flag. What’s wrong with it…i tried to submit password in hex and number format as well. Still nothing worked. I need help.

Finally done it after wasting 45 minutes. I will like to give hint to others so as to prevent their waste of time.

“Password is actually not a password but you can get it after encrypting your keys”

Do yourself a favour and literally delete everything after and including the read input line and try to solve from there
This challenge is definitely better suited for misc challenges too

Got it with AdmiralGausts hint.
Its sooo counterintuitive tho its not really a great way to hide your password imo, id have never tried that out.

@Meatex said:
Do yourself a favour and literally delete everything after and including the read input line and try to solve from there

^ Bump…