CTFtime.org

Safe Opener

by Aley / RainbowHash

Rating:

# Safe Opener
Author: MUBARAK MIKAIL
*Reverse Engineering*, 100 Points

## Description
```
Can you open this safe?
I forgot the key to my safe but this program is supposed to help me with retrieving the lost key. Can you help me unlock my safe?
Put the password you recover into the picoCTF flag format like:
picoCTF{password}
```

## Solution
Opening the Java program, we get the code of the program.
```java
import java.io.*;
import java.util.*;
public class SafeOpener {
public static void main(String args[]) throws IOException {
BufferedReader keyboard = new BufferedReader(new InputStreamReader(System.in));
Base64.Encoder encoder = Base64.getEncoder();
String encodedkey = "";
String key = "";
int i = 0;
boolean isOpen;

while (i < 3) {
System.out.print("Enter password for the safe: ");
key = keyboard.readLine();

encodedkey = encoder.encodeToString(key.getBytes());
System.out.println(encodedkey);

isOpen = openSafe(encodedkey);
if (!isOpen) {
System.out.println("You have " + (2 - i) + " attempt(s) left");
i++;
continue;
}
break;
}
}

public static boolean openSafe(String password) {
String encodedkey = "cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz";

if (password.equals(encodedkey)) {
System.out.println("Sesame open");
return true;
}
else {
System.out.println("Password is incorrect\n");
return false;
}
}
}
```
Taking a closer look at the program, we see the following lines that look interesting (not together in code):
```java
Base64.Encoder encoder = Base64.getEncoder();

encodedkey = encoder.encodeToString(key.getBytes());
// This is where the input is encoded.

String encodedkey = "cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz";
// This key is the encoded password that the encoded input is checked against.
```
From `Base64.Encoder encoder = Base64.getEncoder();
` and `encodedkey = encoder.encodeToString(key.getBytes());`, we can tell input encoded to base 64 before it is compared to the encoded password.
Thus, `cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz`, is simply the correct password but encoded in Base 64, and decoding it using an online decoder gives us `pl3as3_l3t_m3_1nt0_th3_saf3`.

Putting the password in the flag format, we get `picoCTF{pl3as3_l3t_m3_1nt0_th3_saf3}` which is the correct flag. Hooray!

`picoCTF{pl3as3_l3t_m3_1nt0_th3_saf3}`

Original writeup (https://github.com/yanganyi/writeup-picoctf-2022/blob/main/Reverse%20Engineering/Safe%20Opener/README.md).

Comments