I’m always late to the party but here’s my solutions to the PicoCTF2019 Vault Doors challenges from the reverse engineering section. I did it this mainly to improve my skills and hopefully to learn some new things.
vault-door-training – Points: 50
Your mission is to enter Dr. Evil’s laboratory and retrieve the blueprints for his Doomsday Project. The laboratory is protected by a series of locked vault doors. Each door is controlled by a computer and requires a password to open. Unfortunately, our undercover agents have not been able to obtain the secret passwords for the vault doors, but one of our junior agents obtained the source code for each vault’s computer! You will need to read the source code for each level to figure out what the password is for that vault door. As a warmup, we have created a replica vault in our training facility. The source code for the training vault is here: VaultDoorTraining.java
The password is in the source code. You can copy/paste it and put it in the picoCTF{flag} format.
|
|
vault-door-1 – Points: 100
The second challenge is the same as the first one but you’ll have to re-order the array. Associate each character comparison with the array index and you’ll get something like:
d35cr4mbl3_tH3_cH4r4cT3r5_03f841
vault-door-3 – Points: 200
The third challenge uses loops and array in order to construct the password, we can solve it by feeding it some dummy data and see how it modifies it:
|
|
vault-door-4 – Points: 250
The 4th vault door challenge is even easier, all you need to do is convert numbers from different bases back to ASCII characters. Use online number converters.
|
|
vault-door-5 – Points: 300
This challenge has the password URL Encoded then Base64 Encode, to solve it you just decode it. You can do it using CyberChef.
|
|
vault-door-6 – Points: 350
This challenge uses a XOR encryption scheme, we can defeat it using CyberChef or modify the code and run it to spit out the password:
|
|
vault-door-7 – Points: 400
To solve this challenge I’ve used this Binary to Decimal converter to grab the hex values then I used CyberChef to convert them back into ASCII.
vault-door-8 – Points: 450
The final challenge can be solved by reversing the steps of the scramble function, everything else remains unchanged. We then run it by feeding the expected bytes to the modified scramble function.
|
|
That’s all! Hope you liked it.