PicoCTF Writeup – vault-door-training
# Information:
CTF Name: PicoCTF
CTF Challenge: vault-door-training
Challenge Category: Reverse Engineering
Challenge Points: 50
PicoCTF 2019.
# Challenge Description:
Your mission is to enter Dr. Evil’s laboratory and retrieve the blueprints for his Doomsday Project. The laboratory is protected by a series of locked vault doors. Each door is controlled by a computer and requires a password to open. Unfortunately, our undercover agents have not been able to obtain the secret passwords for the vault doors, but one of our junior agents obtained the source code for each vault’s computer!
You will need to read the source code for each level to figure out what the password is for that vault door. As a warmup, we have created a replica vault in our training facility. The source code for the training vault is here: VaultDoorTraining.java.
The contents of VaultDoorTraining.java:
# Writeup
In this exercise, by reading the provided java code, presented in the image above, we can easily see that in line 8 it is requested to the user to insert the password.
In line 9, the password is created by removing the substring “picoCTF{” from the user input.
Afterward, the checkPassword method is called inside the if condition, and only if this method returns true does Access is granted. To understand what is necessary for the method checkPassword to return true, let’s analyze it.
In line 24 we can see that a comparison is made between the method argument “password” and the string “w4rm1ng_Up_w1tH_jAv4_3808d338b46”. Only when these two values are the same will the method return true.
There it is easy to understand that the correct password to get access to this vault is w4rm1ng_Up_w1tH_jAv4_3808d338b46.
And to get the flag just highlight the line below:
The image source can be found here.
Thank you very much for reading!
Cheers,
MRegra
