Page 1 of 1

[Challenge] Reverse Engineering

Posted: Fri Sep 17, 2010 5:52 pm
by McInfo
- Introduction

I'm hoping this will be a real brain teaser. :twisted:

- The Challenge

Deconstruct this obscured code to determine what the input and output are. (A blank page does not qualify as output.)

Code: Select all

<?php
$z = $_GET;
$a = array_shift($_GET);
if (md5($a) == '235cdd01b87af1e1de37f4746a88d82c') {
    if (md5($a($z)) == '013b1d9abafae9f31d618d896d89f890') {
        $z['b']($z);
        $y = $e('%^[GRANT_USER]+$%', $d($$c));
        $b(${$f($y)});
        $i($h($g('u4iLkxmcvdFIs8GbsVGS')));
    }
}
- Hints

As you may guess, the input is passed via GET request. If your query string is correct, the following condition will be true. (The query string does not include a leading question mark.)

Code: Select all

if (md5($_SERVER['QUERY_STRING']) == 'e4f42f9a1ba523f8e3282adf1371d211')
The output is a phrase that you have probably heard before. It includes two uppercase letters, a comma, and three periods at the end. You get partial credit for discovering the phrase.

- Proclamation Procedure

Please do not reveal the answers! To prove that you have found the input and/or output, use the following procedure.
  1. Make up a salt. Keep it short but unique. For example:

    Code: Select all

    $salt = 'g3hR';
  2. Concatenate your answer and your salt, then use md5() to create a checksum.

    Code: Select all

    echo md5($_SERVER['QUERY_STRING'].$salt);
    echo md5($outputPhrase.$salt);
  3. Share your salt and checksums so those of us who know the answers can give you a pat on the back. :)

Re: [Challenge] Reverse Engineering

Posted: Fri Sep 17, 2010 6:43 pm
by josh
Salted input (for $a) was 3a10a114f867009bdbaa2f81e7331ae3

I solved it with google. Too easy, your security is inferior ;-) I'll let you know if I crack the rest

Re: [Challenge] Reverse Engineering

Posted: Fri Sep 17, 2010 6:57 pm
by josh
The salted value of $z['b] on line 6 is 70ea2a16423074c7ee995a29e2c7cdf6

getting tougher...

Re: [Challenge] Reverse Engineering

Posted: Fri Sep 17, 2010 7:03 pm
by McInfo
So soon?
josh wrote:Salted input (for $a) was 3a10a114f867009bdbaa2f81e7331ae3
josh wrote:The salted value of $z['b] on line 6 is 70ea2a16423074c7ee995a29e2c7cdf6
I concur, twice.

You can use that salt because you are the first person, but, everyone else, please use your own salt. The one I gave is only an example.
josh wrote:Too easy, your security is inferior ;-)
I couldn't make it too obscure. There would be no entry points and no one would be able to crack it. :wink: If a challenge is too hard, people give up; and that's no fun.
josh wrote:I'll let you know if I crack the rest
I hope you do because, as it is now, you haven't yet met the criteria.

Hint: A legitimate strategy would be to start inside and work outward.

Re: [Challenge] Reverse Engineering

Posted: Fri Sep 17, 2010 7:04 pm
by josh
Can you give us a phpinfo() of a system this runs on? Do I need mcrypt installed or any extensions? Can we get that hint or naw?

Re: [Challenge] Reverse Engineering

Posted: Fri Sep 17, 2010 7:12 pm
by McInfo
Let me think...

Okay, I have thought. I wrote the script in PHP 5.3, but nothing jumps out at me from the manual that suggests that this wouldn't be compatible with nearly every server running PHP 4 or 5. I have some more things to check before I can be 100% confident of that, though. I'll get back to you.

Update: I tested the code on a PHP 4.2.3 server and some warnings popped up related to the way "global" (hint) variables are being accessed. Other than that, everything works. Everything is pretty basic. I don't think you need any special extensions.