Reversing Snake

@Meatex said:
Do yourself a favour and literally delete everything after and including the read input line and try to solve from there

^ Bump…

I thought I had tried tried to submit the correct flag, but apparently I hadn’t so I ended up doing a bunch a non-sense not realizing I’d already solved it.

You can basically find the flag by 1) finding user, 2) finding the character set of the password, 3) reading all the messages related to the core logic, 4) take action based on one of those messages to obtain the password.

Think about what you know about the password? You know at least the first letter. Well, what don’t you know? You could honestly brute force it pretty quickly or just read the messages and take the action. It’s hard to give good hints for this one and I think a lot of hints cause people to overthink it.

There’s one or two things I wish the challenge had done differently, but I don’t think this was a bad challenge and hope the creator continues to make more. But that’s just my opinion.

@3XPL017 said:
What do you guys think I am am going to make it that easy? No you have to do it manually and besides this was first challenge i had ever created.

You have a hidden talent. You really know how to make someone want to end it all.

I tried my best to write the code to make it as hard as possible to really understand what is going on still not sure why its getting so much hate. I know people that took only 5 min to solve it so really not that hard.

@Cryovenom said:
The value of the flag on this one seems impossible to derive based on the instructions and the code.

So we discard the obvious bits - the variables “password” and “auth” aren’t referred to anywhere else in the code so we can toss those (and if you decode them you just get messages telling you to keep looking, so fair enough)

The loop at the end only checks the first character of your password and compares it to the first character of “chars”. If your password starts with that character then it says “Good Job”. I tried using that single character as the password part of my flag, no dice.

Okay, so let’s look at the entirety of what chars would contain if the loop wasn’t broken. Got that, big long string starts with u. Tried that in the flag, but it has {} in it so obviously that isn’t going to work, but it should be pretty easy to reverse back into something readable.

Reversed it into a human-readable string that talks about trolls. Great, that’s got to be it right? No, that doesn’t work as the password part of the flag either.

It’s not a decoded version of “keys”, nor a decoded version of “chains”. (note for the encoding/decoding - lock_pick is a red herring, the value of lock will always be the same if you do the math)

I eventually figured out what the flag had to be, but basically had to resort to hitting “submit” on the flag with bits and pieces of everything I could find in the code that could conceivably be the password. There’s no way I would have found it otherwise.

The premise of the challenge is interesting, but the instructions about the format of the flag are frustratingly misleading.

Hopefully I’ve made this post specific enough to complain but vague enough as to not be nuked by the mods. I don’t mention at all what the first part of the flag is, and I don’t specifically state what ends up being the second part of it… (but by process of elimination you might save yourself some frustration)

I really like how you went down this logic trail. I felt stuck and was thinking on the troll part you mentioned. I hope I’m not spoiling this, but phingage made a great point to go along how you reversed the trolling. A lot of this thread seems very misleading though. Sent me down the wrong rabbit hole.

Most of who, who are complaining, already got the correct result. Just read properly how the flag should be entered.

Nice challenge with nice dead ends :+1:
But also dunno if it should be flagged as “stego” or as “reversing”

@3XPL017 said:
I tried my best to write the code to make it as hard as possible to really understand what is going on still not sure why its getting so much hate. I know people that took only 5 min to solve it so really not that hard.

Nice challenge! Agree with your post, not sure why folks are complaining.

If you understand how to read code and debug, then this shouldn’t take much effort.

I got the flag but seriously this is the shitty Challenge and waste of time.

What is the point of this challenge? I can’t really understand why it’s created in the way it is.

Solved eventually after much trial and error…
PM for tips!

Got so far by logic then completed by trial and error… I don’t like trial and error, even more so when it works and I still can’t figure out the logic I was supposed to use!

I got frustrated at this challenge for about 30 seconds; I fell into my familiar trap of taking certain things for granted. This is a very straight forward challenge. Step through the logic, determine if there is extraneous information, focus on only the things that matter, and this challenge falls open.

This challenge was ok.
Take away the learning point that it is often helpful to convert all the variables and functions back into pseudo-code when understanding custom scripts.

:wink: thumbs up to @3XPL017

I know how salty some people can be because you bothered to try to give the community something to enjoy that they didn’t…

Maybe they should write some better challenges themselves and get them added.

one big hint, put an eye on the “breakdowns”
I hate this challenge, btw, no sense the last logic for me, everything else was good, cheers!

@3XPL017 said:
I tried my best to write the code to make it as hard as possible to really understand what is going on still not sure why its getting so much hate. I know people that took only 5 min to solve it so really not that hard.

I think the reason why this challenge gets so much hate is related to the frustration when you realize you ran into a dead end (again) - combined with the feeling of missing information.

It is really easy to get strings from all the variables and find “Good Job”-credentials (feeling of success!). However, these credentials are not accepted as a flag (feeling of confusion! Is there a bug? Did I miss something? It told me I did a goood job!).
In addition, I felt a bit haphazard as I realize how much (or less) information the password check actually has. With this information, I lacked a targeted approach. I could only exclude what did not qualify as a valid password and start guessing. I did not have the link between the actual solution and the information from the password check. In retrospect, this link is obvious.

My hints in hindsight would be:

  • don’t expect the password check to solve the whole challange
  • also read the names of the variables

I have actually got the username and password within 5 minutes, but without checking them as the flag didn’t believe that the thing I got as the password was the password indeed.
Then after 2 hours of overthinking I just decided to try them in desparate. And that was the flag.
The challenge is very easy but confusing because of a lot of redundant data.

@haggy said:

@MistletoeH said:
I’m in the same boat - got the username and password, got the Good Job message, but now I’m not sure where to go. I think I understand the program logic but then again…

make sure you really understand the logic of the program. there’s something odd about a part in the end. And why is everyone talking about being trolled in here?

Tru using an ascii table with this, you will get the feeling. :wink:

Ok, I have been trolled too :angry: :lol:
After wasting a few hours in overthinking, I finally picked a different approach and I started to read what the code was literally saying…

Congrats @3XPL017 you are an evil genius :+1:

@blubyte said:
Ok, I have been trolled too :angry: :lol:
After wasting a few hours in overthinking, I finally picked a different approach and I started to read what the code was literally saying…

Congrats @3XPL017 you are an evil genius :+1:

This thread. :anguished:

There is actually no troll. None at all.

If you read the code and take all of what it says at face value then this challenge is trivially simple.

If you think there is some troll or some logic that you have to really understand (really very basic code) or that maybe you can’t read and debug code or that you even have to read all the code or the variable names have meaning… then it is very, very hard and you are truly well trolled.

But I do not think for a second that that was @3XPL017’s intention.

@izzie said:
But I do not think for a second that that was @3XPL017’s intention.

I think @3XPL017 wanted to make a joke (there is nothing to reverse in this challenge), and he did it in a really funny way. I’ve really appreciated how @3XPL017 trolled me for about 2 hours. Yes, when you understand the logic, challenge is trivial.
This is why i put my thumb up for @3XPL017 and this challenge :smiley: