Rating:

See here : [https://berryberry.hatenablog.jp/](https://berryberry.hatenablog.jp/entry/2022/03/27/034315)

Index.php was given.

![](https://cdn-ak.f.st-hatena.com/images/fotolife/B/Berrys/20220327/20220327031820.png)

I thought that I needed to calculate for a number would result in the same hash value (=Collision). However, I found there are two equal signs and three equal signs in the php comparison operator. In the case of two equal signs, a hash value begin with "0e" is computed as a power of zero. So, it will be true if the hash value of input number begin with "0e".
Now, You can find the correct input with the program below.

```
import string
import hashlib

strings = string.ascii_uppercase + string.ascii_lowercase + string.digits

def check(h):
if (h[:2] != "0e"):
return 0
for i in range(2, len(h)):
if (h[i] not in string.digits):
return 0
return 1

def make_magic(moji, cnt):
h = hashlib.sha1(moji.encode()).hexdigest()
if (check(h)):
print(moji)

if (cnt == 9):
return

for j in strings:
moji += j
make_magic(moji, cnt+1)
moji = moji[:-1]

moji = ""
for i in strings:
moji += i
make_magic(moji, 0)
moji = ""
```

I input a string "AAAAABzIOf" and got the FLAG.

![](https://cdn-ak.f.st-hatena.com/images/fotolife/B/Berrys/20220327/20220327031806.png)