Reversing Snake

I’ve been at this far longer than I should have, but is the actual “password” written/hidden in this program or does it require some kind of pun logic based on the comparison required to get Good Job to print? I’ve tried a lot of “clever” word play based on the username and “password”, but am at a loss now.

What do you guys think I am am going to make it that easy? No you have to do it manually and besides this was first challenge i had ever created.

@m0noc said:
There is a reason you can get “Good Job” and it not be correct. Try to understand the rest of the script and the programs logic; don’t overlook anything.

truth

Reading variables names and its meaning was very useful

The value of the flag on this one seems impossible to derive based on the instructions and the code.

So we discard the obvious bits - the variables “password” and “auth” aren’t referred to anywhere else in the code so we can toss those (and if you decode them you just get messages telling you to keep looking, so fair enough)

The loop at the end only checks the first character of your password and compares it to the first character of “chars”. If your password starts with that character then it says “Good Job”. I tried using that single character as the password part of my flag, no dice.

Okay, so let’s look at the entirety of what chars would contain if the loop wasn’t broken. Got that, big long string starts with u. Tried that in the flag, but it has {} in it so obviously that isn’t going to work, but it should be pretty easy to reverse back into something readable.

Reversed it into a human-readable string that talks about trolls. Great, that’s got to be it right? No, that doesn’t work as the password part of the flag either.

It’s not a decoded version of “keys”, nor a decoded version of “chains”. (note for the encoding/decoding - lock_pick is a red herring, the value of lock will always be the same if you do the math)

I eventually figured out what the flag had to be, but basically had to resort to hitting “submit” on the flag with bits and pieces of everything I could find in the code that could conceivably be the password. There’s no way I would have found it otherwise.

The premise of the challenge is interesting, but the instructions about the format of the flag are frustratingly misleading.

Hopefully I’ve made this post specific enough to complain but vague enough as to not be nuked by the mods. I don’t mention at all what the first part of the flag is, and I don’t specifically state what ends up being the second part of it… (but by process of elimination you might save yourself some frustration)

Thoroughly Trolled

@Cryovenom said:
The value of the flag on this one seems impossible to derive based on the instructions and the code.

So we discard the obvious bits - the variables “password” and “auth” aren’t referred to anywhere else in the code so we can toss those (and if you decode them you just get messages telling you to keep looking, so fair enough)

The loop at the end only checks the first character of your password and compares it to the first character of “chars”. If your password starts with that character then it says “Good Job”. I tried using that single character as the password part of my flag, no dice.

Okay, so let’s look at the entirety of what chars would contain if the loop wasn’t broken. Got that, big long string starts with u. Tried that in the flag, but it has {} in it so obviously that isn’t going to work, but it should be pretty easy to reverse back into something readable.

Reversed it into a human-readable string that talks about trolls. Great, that’s got to be it right? No, that doesn’t work as the password part of the flag either.

It’s not a decoded version of “keys”, nor a decoded version of “chains”. (note for the encoding/decoding - lock_pick is a red herring, the value of lock will always be the same if you do the math)

I eventually figured out what the flag had to be, but basically had to resort to hitting “submit” on the flag with bits and pieces of everything I could find in the code that could conceivably be the password. There’s no way I would have found it otherwise.

The premise of the challenge is interesting, but the instructions about the format of the flag are frustratingly misleading.

Hopefully I’ve made this post specific enough to complain but vague enough as to not be nuked by the mods. I don’t mention at all what the first part of the flag is, and I don’t specifically state what ends up being the second part of it… (but by process of elimination you might save yourself some frustration)

100%

After I took 4 hours of my life, and threw them into the bin I would like to say something for this challenge, now that I found the correct answer. In previous answers on this thread some people said that you may need to modify the script in order to find the answer. I may misunderstood what they said, but I though that I have to modify the logic … well you DO NOT need to do that. Secondly, I would like to give two tips (hopefully they will not get deleted):

  1. The loop at the end gives you a tip on what letter the real password starts with.
  2. Read again the first hint that I gave, and THINK about it. You have certainly seen the real password before, but you didn’t knew it; its disguising itself.

I am not going to rate this challenge, because yes, it is very easy and I think everyone solved a more difficult before. But the thing here is, that we don’t talk for a regular reversing challenge. Here you don’t have only to reverse the code, but also think what the creator wanted to do, so it goes a bit beyond “just reverse the code”, and is more like “reverse the intension”. Good luck to everyone, and try harder !

I have solved the challenge and I know the password is how long and how the loop is behaving. I have also noticed the use of if and break statements while comparing password. Still I am unable to submit the flag. What’s wrong with it…i tried to submit password in hex and number format as well. Still nothing worked. I need help.

Finally done it after wasting 45 minutes. I will like to give hint to others so as to prevent their waste of time.

“Password is actually not a password but you can get it after encrypting your keys”

Do yourself a favour and literally delete everything after and including the read input line and try to solve from there
This challenge is definitely better suited for misc challenges too

Got it with AdmiralGausts hint.
Its sooo counterintuitive tho its not really a great way to hide your password imo, id have never tried that out.

@Meatex said:
Do yourself a favour and literally delete everything after and including the read input line and try to solve from there

^ Bump…

I thought I had tried tried to submit the correct flag, but apparently I hadn’t so I ended up doing a bunch a non-sense not realizing I’d already solved it.

You can basically find the flag by 1) finding user, 2) finding the character set of the password, 3) reading all the messages related to the core logic, 4) take action based on one of those messages to obtain the password.

Think about what you know about the password? You know at least the first letter. Well, what don’t you know? You could honestly brute force it pretty quickly or just read the messages and take the action. It’s hard to give good hints for this one and I think a lot of hints cause people to overthink it.

There’s one or two things I wish the challenge had done differently, but I don’t think this was a bad challenge and hope the creator continues to make more. But that’s just my opinion.

@3XPL017 said:
What do you guys think I am am going to make it that easy? No you have to do it manually and besides this was first challenge i had ever created.

You have a hidden talent. You really know how to make someone want to end it all.

I tried my best to write the code to make it as hard as possible to really understand what is going on still not sure why its getting so much hate. I know people that took only 5 min to solve it so really not that hard.

@Cryovenom said:
The value of the flag on this one seems impossible to derive based on the instructions and the code.

So we discard the obvious bits - the variables “password” and “auth” aren’t referred to anywhere else in the code so we can toss those (and if you decode them you just get messages telling you to keep looking, so fair enough)

The loop at the end only checks the first character of your password and compares it to the first character of “chars”. If your password starts with that character then it says “Good Job”. I tried using that single character as the password part of my flag, no dice.

Okay, so let’s look at the entirety of what chars would contain if the loop wasn’t broken. Got that, big long string starts with u. Tried that in the flag, but it has {} in it so obviously that isn’t going to work, but it should be pretty easy to reverse back into something readable.

Reversed it into a human-readable string that talks about trolls. Great, that’s got to be it right? No, that doesn’t work as the password part of the flag either.

It’s not a decoded version of “keys”, nor a decoded version of “chains”. (note for the encoding/decoding - lock_pick is a red herring, the value of lock will always be the same if you do the math)

I eventually figured out what the flag had to be, but basically had to resort to hitting “submit” on the flag with bits and pieces of everything I could find in the code that could conceivably be the password. There’s no way I would have found it otherwise.

The premise of the challenge is interesting, but the instructions about the format of the flag are frustratingly misleading.

Hopefully I’ve made this post specific enough to complain but vague enough as to not be nuked by the mods. I don’t mention at all what the first part of the flag is, and I don’t specifically state what ends up being the second part of it… (but by process of elimination you might save yourself some frustration)

I really like how you went down this logic trail. I felt stuck and was thinking on the troll part you mentioned. I hope I’m not spoiling this, but phingage made a great point to go along how you reversed the trolling. A lot of this thread seems very misleading though. Sent me down the wrong rabbit hole.

Most of who, who are complaining, already got the correct result. Just read properly how the flag should be entered.

Nice challenge with nice dead ends :+1:
But also dunno if it should be flagged as “stego” or as “reversing”

@3XPL017 said:
I tried my best to write the code to make it as hard as possible to really understand what is going on still not sure why its getting so much hate. I know people that took only 5 min to solve it so really not that hard.

Nice challenge! Agree with your post, not sure why folks are complaining.

If you understand how to read code and debug, then this shouldn’t take much effort.

I got the flag but seriously this is the shitty Challenge and waste of time.