Page 1 of 4

Programming 3 luck

PostPosted: Sat Apr 26, 2008 6:05 pm
by Jimmy_xor
I just finished programming 3 an hour ago, but I don't like my brute force method.
My running time varies from 3s to 500s depending on the given values, so I was lucky when I completed it.
I want to know how other people have done..
Does someone want to describe their method or perhaps show me some code?

Re: Programming 3 luck

PostPosted: Sat Apr 26, 2008 6:35 pm
by sharpskater69
I'm too close to post what I'm trying, so I sent a pm. 36^45 (missing keyspace) is too much for brute-forcing. There's also a shortcut since the hash chars get reused.

Edit: Works fine, this took me a while to grasp the method, but it was fun.

Re: Programming 3 luck

PostPosted: Wed May 21, 2008 7:07 pm
by TheMindRapist
If anybody has done this in Java, I could a bit of help.

Re: Programming 3 luck

PostPosted: Wed Jun 04, 2008 11:30 pm
by supr_k9
i need help with this. i just aneed a simple question answered no spoilers or anything.

on the encryptstring function, there are two arguments, strString (which is what we are trying to figure out) and strPassword. to get strString though, dont we need to know what strPassword is? and to get strPassword, we would have to reverse Md5 encryption which is technically impossible. so am i missing something here? we know the output of the function, and we are trying to find out what strString is, but do we know what strPassword is?

sorry if the above is a "noob question"

Re: Programming 3 luck

PostPosted: Thu Jun 05, 2008 11:28 am
by BhaaL
Take a good look of what happens to strPassword.
Apart from that, brute-forcing is the only way to solve this - smart brute-forcing of course, you dont have much time.

FYI, my solution took rougly a second to complete.

Re: Programming 3 luck

PostPosted: Mon Jun 16, 2008 12:59 pm
by pescador
My solution also takes between a few and a few hundred seconds. It is in an interpreted language, so I should be able to speed it up a some. I don't think I'm going to though. For some reason this one took me the longest of all programming challenges.

Re: Programming 3 luck

PostPosted: Mon Jun 16, 2008 1:08 pm
by Nines
pescador wrote:For some reason this one took me the longest of all programming challenges.

Me too. I've still got #6 to do though.

Re: Programming 3 luck

PostPosted: Mon Jun 16, 2008 9:45 pm
by MrRubix
I don't like the name of this challenge because it isn't really something I think we "reverse" -- it deals with rolling totals and md5's which aren't really reversible (e.g. A total of "100" might be 50+50 or it could be 25+75, but we don't know which case we're dealing with, for instance) -- implying that brute forcing is really the only way we can go about it, but in a way that won't be inefficient and waste a lot of time and resources.

My issue though is still with the fact that you have both a serial string as well as a password string -- both are used as md5's. That is, it's not like we're ONLY using the total of the hex values derived from the password string -- we're actually using the password string itself as well as the serial string in our operations, for instance: ('0x0' . substr($strPasswordMD5, $i%32, 1)) is used in one operation, implying that in our calculations, we must find the full serial string and also know the full password string. This is puzzling me at the moment (would take eons to find all combinations of serials with all combinations of passwords, etc... there must be some shortcut but I'm not seeing it yet).

Will keep cracking at it though :P


EDIT: I think I just answered my own question, on a second look. We don't *technically* need to know the password, I think... we just need to be able to match the net output of that entire operation where the password just happens to be used.

Re: Programming 3 luck

PostPosted: Tue Jun 17, 2008 11:39 am
by BhaaL
MrRubix wrote:EDIT: I think I just answered my own question, on a second look. We don't *technically* need to know the password, I think... we just need to be able to match the net output of that entire operation where the password just happens to be used.


I guess you dont need any others hints now anymore, do you? ;)

Re: Programming 3 luck

PostPosted: Tue Jun 17, 2008 3:06 pm
by MrRubix
Still working on it, but I think it'll be okay if I give it some more thought.

My main issue is speed. How fast have people gotten this down to?

I'm running it on a server and it times out after 30 seconds of processing, which is a bit annoying.