Tags: java
Rating:
It is possible to bruteforce 4 characters at a time from the beginning. With some trials and errors you'll get the flag.
Below is the code (I solved it before hint 2 was released which narrowed down the charset)
```
package hsctf;
public class APStatisticsSolver {
private static int[] toNumbers(final String guess, int rnd) {
final int[] arr = new int[guess.length()];
arr[0] = 97 + rnd;
for (int i = 1; i < guess.length(); ++i) {
if (arr[i - 1] % 2 == 0) {
arr[i] = guess.charAt(i) + (arr[i - 1] - 97);
}
else {
arr[i] = guess.charAt(i) - (arr[i - 1] - 97);
}
arr[i] = (arr[i] - 97 + 29) % 29 + 97;
}
return swapArray(arr);
}
private static int[] swapArray(final int[] arr) {
for (int i = 1; i < arr.length; ++i) {
if (arr[i - 1] <= arr[i]) {
flip(arr, i, i - 1);
}
}
return arr;
}
private static String toString(final int[] arr) {
String ans = "";
for (final int x : arr) {
ans = ans + (char)x;
}
return ans;
}
public static void flip(final int[] arr, final int a, final int b) {
final int temp = arr[a];
arr[a] = arr[b];
arr[b] = temp;
}
public static void main(String[] args) {
String guess = "flag{ten_}";
/*for (int rnd = 0; rnd < 26; rnd++) {
final String distorted = toString(swapArray(toNumbers(guess, rnd)));
System.out.println(rnd + ":" + distorted);
}*/
final int rnd = 5;
final String alpha = " !\\\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz";
String preGuess = "flag{tenpercentofallstatisticsatc";
// _intofallstativmicsatcfamg}
String start = "qtqnhuyj{fjw{rwhswzppfnfrz|qndfktceyba".substring(0, 36);
int len = alpha.length();
for (int a = 0; a < len; a++)
for (int b = 0; b < len; b++)
for (int c = 0; c < len; c++)
for (int d = 0; d < 1; d++) {
guess = "flag{tenpercentofallstatistics"
+ alpha.charAt(a) + alpha.charAt(b)
+ alpha.charAt(c) + "fake}";
final String distorted = toString(swapArray(toNumbers(guess, rnd)));
//System.out.println(guess + ":" + distorted);
if (distorted.startsWith(start)) {
System.out.println(guess + ":" + distorted);
}
}
}
}
```
Flag: `flag{tenpercentofallstatisticsarefake}`
