Page 3 of 4

Re: Programming 3 luck

PostPosted: Wed Nov 12, 2008 1:38 pm
by birinight
I don't know why is this mission suppose to be easier than programming 9. It must be me.

Re: Programming 3 luck

PostPosted: Mon Nov 17, 2008 5:41 pm
by UBAL
Hi all,

Might need a little help on this. As far as I can see the algorithm outputs the same amount of (-xxx) as there are characters in the $strString, right? And the $strString is built up from the serials file on the webpage (http://www.hackthissite.org/missions/prog/3/serials_example.txt), right?

Now there are 100 (-xxx) in the encrypted text on the webpage, but there are 345 characters in the serials file (327 characters if you don't include the unix style break lines).

Now, I've built up this encrypter in vb and it outputs 345 (-xxx) at the moment per my reasoning above. I hesitate to go on until I've brought down my output to 100 (-xxx).

I will be most thankful if anyone can help me understand where I went wrong.

UBAL

EDIT: Nvm, I don't think the file has anything to do with the task, except to show the format of the serials. Furthermore, I tried out the php on a server and my prog is not outputting the correct numbers.

Re: Programming 3 luck

PostPosted: Fri Jan 30, 2009 1:11 pm
by Xive
I got a really simple question on this one... first let me explain the problem.. well i know the idea is to bruteforce.. BUT my main issue is the endless possibilities in:
(The hex value of the (n)th char of the md5 pass) + (The hex value of the whole md5 pass)
its like MrRubix said.. i know the sum is (100) but i don't know if its (50+50) or (25+75)
so we actually got TWO unknowns:
1. The hex value of the whole md5 pass
2. The hex value of the (n)th char of the md5 pass
so thats double bruteforcing :O
and its not like i can consider those two variable as one and start bruteforcing.. because i need the (hex value of the whole md5 pass) separated to be used later in the decryption..

Now the question is: is it supposed to be solved by double bruteforcing and eliminating false results later ?.. or there a shorter way I'm not seeing!

Thanks.

Re: Programming 3 luck

PostPosted: Wed May 13, 2009 10:28 am
by zobier
Correct me if I'm wrong but
Code: Select all
evalCrossTotal(substr(md5(substr($strString,0,$i+1)), 0, 16) . substr(md5($intMD5Total), 0, 16));
appears to produce practically random numbers.

Re: Programming 3 luck

PostPosted: Mon May 17, 2010 5:08 pm
by h4ck3rz
wow, last post on this thread was ONE YEAR AGO.
Well, I've done this mission in PHP on Saturday night, I felt very happy..... :)

My method to get the hash was actually simple, it plays with the totals. First, I brute force the possible totals and get about 570 possible totals. Then, for each of those possibilities I do a brute-force of the serial and eliminate those "dead branches" (those who is impossible). I do that until I got the hash, because after the hash gotten, everything becomes much easier :p

So yeah, your goal is to get the hash. And one more thing, the possibilities is based on the information you can get from the example serials.

Re: Programming 3 luck

PostPosted: Tue Oct 11, 2011 7:15 pm
by bitsniper
Okay I struggled with this so I'm going to give some of you some hints on this one. My solution completes the decryption of the entire string, NOT just the last serial, in less than a few seconds each time. I'm using python, which is slower than compiled languages such as C++, and my solution is still fast regardless of the serial. My hints are...

#1: Determining the hash of the password is not necessary
I did not do this. I read that some other people tried this approach but I found it unnecessary. You can still find the solution without knowing the md5 hash of the password. Anyone that says determining the md5 hash of the password is necessary will be ignored (and possibly ridiculed)

#2: Build a structured array of input data
This was critical to my solution. Structure your data into a multidimensional array. I'm using python so I used lists to hold my data.

#3: Don't use iteration
I tried many different ways to solve this using iteration, they were all SLLLOWWWW and did not work. You have to be able to "walk" through the array and ignore the "dead branches" of data.

Please note that this is how I did it and I want everyone to know that the solution to this is actually quite simple. If there is a solution that guesses the password hash, uses no structured array of data, and uses iteration then I tip my hat to you because I was not able to do this.

Re: Programming 3 luck

PostPosted: Sat Dec 10, 2011 2:19 pm
by krashblood
About the given output:
As many os you complain the given output is of 100 numbers and the example is much bigger, thats obviously because the example is bigger than the given input.

I've spent a while looking into the encryption code
The Process is simple but if you dont want to be spoiled stop reading NOW.
The spoil is written in black select it to see it.

[Edited by Defience]

Re: Programming 3 luck

PostPosted: Tue Feb 21, 2012 3:59 am
by QtDevl
This took me probably the longest of all the programming missions so far.My error was the procedure i used.What i did was used a recursive function,building up to something like a binary tree,the end result was,if it started building up on a wrong branch,it went all up untill it couldn't compute anything else,before calculating another branch..Doing a thread for every branch would somehow solve it,but having initialy something like 200k threads is somehow of a problem right?
So after a long time i decided to throw that away,keeping the recursive function BUT calculating the values during each step,and then moving forward..Also build up a container for your data..if you go past 32 good values,then you already have your password md5 hash ,and can use it..
Hope this is usefull,if it's too spoilerish i can modify it.

Re: Programming 3 luck

PostPosted: Fri Mar 15, 2013 2:57 am
by RootCrisis
I'm in the same boat. I have a python decryptor that works, but it's generally too slow unless I get a lucky starting cross product. (grumble)

-- Fri Mar 15, 2013 2:07 am --

SORRY!
The answer is correct, but you needed too much time. You had 120 seconds time, and needed 134.4 seconds.

:evil:

Re: Programming 3 luck

PostPosted: Thu Oct 24, 2013 9:39 am
by weisk
OMG I'm so happy I finished this :)))))

This (precious) little bitch took me by far more time than any other programming challenges , and surely more sleepless nights :D

But finally I did it, with PHP. If you think well on the restrictions, it's not that countless possibilities ! My script takes < 5 seconds to get the answer ..

I'm very grateful for the responsible(s) of this challenge, guys this was a gorgeous one, million thanks :)

[If my Hint is too spoilered just remove it, just trying to give advice to hopeless people :) ]

HINT:
- Mainly there are 2 unknowns, the first would be the hash of $strPassword. But think that we only use one char of the hash per iteration, that being a Hex character leaves us few possibilities ... also take in account that every 32 iterations it goes back to the start...
- The second unknown would be THE FIRST evalCrossTotal($strPassword). I remark ONLY THE FIRST, because the algorithm calculates dynamically all the rest, so you don't have to guess every time ! If one didnt work .. well to the next one :D