[Challenge] Reverse Engineering
Posted: Fri Sep 17, 2010 5:52 pm
- Introduction
I'm hoping this will be a real brain teaser.
- The Challenge
Deconstruct this obscured code to determine what the input and output are. (A blank page does not qualify as output.)
- Hints
As you may guess, the input is passed via GET request. If your query string is correct, the following condition will be true. (The query string does not include a leading question mark.)
The output is a phrase that you have probably heard before. It includes two uppercase letters, a comma, and three periods at the end. You get partial credit for discovering the phrase.
- Proclamation Procedure
Please do not reveal the answers! To prove that you have found the input and/or output, use the following procedure.
I'm hoping this will be a real brain teaser.
- The Challenge
Deconstruct this obscured code to determine what the input and output are. (A blank page does not qualify as output.)
Code: Select all
<?php
$z = $_GET;
$a = array_shift($_GET);
if (md5($a) == '235cdd01b87af1e1de37f4746a88d82c') {
if (md5($a($z)) == '013b1d9abafae9f31d618d896d89f890') {
$z['b']($z);
$y = $e('%^[GRANT_USER]+$%', $d($$c));
$b(${$f($y)});
$i($h($g('u4iLkxmcvdFIs8GbsVGS')));
}
}As you may guess, the input is passed via GET request. If your query string is correct, the following condition will be true. (The query string does not include a leading question mark.)
Code: Select all
if (md5($_SERVER['QUERY_STRING']) == 'e4f42f9a1ba523f8e3282adf1371d211')- Proclamation Procedure
Please do not reveal the answers! To prove that you have found the input and/or output, use the following procedure.
- Make up a salt. Keep it short but unique. For example:
Code: Select all
$salt = 'g3hR'; - Concatenate your answer and your salt, then use md5() to create a checksum.
Code: Select all
echo md5($_SERVER['QUERY_STRING'].$salt); echo md5($outputPhrase.$salt); - Share your salt and checksums so those of us who know the answers can give you a pat on the back.
