LoginLogin

[Challenge] Password Protected Program

Root / Submissions / [.]

amihartCreated:
Version:Size:
The challenge is simple: get around the password screen and execute the program. There's essentially two challenges here: (1) find a valid password in order to get around the password screen without breaking the program, or (2) break the program to skip the screen entirely by modifying its source code. Sounds easy, but is it? Might not be as easy as you think. If you manage to figure out (1) or (2), post in the comments below. (I mainly added this to see how people would go about breaking it I could improve it before actually releasing the program that does this.) Challenge is OVER: Good job to the people who completed it!

Instructions:

The entire program simply consists of one file called "LOCKED". Run "LOCKED" to see a username/password screen. Type an incorrect username/password and the program will end. Type the correct username/password and something nifty will happen.

Replying to:Yolkai
I'd like a chance at this one too, if someone would be so kind as to pass along the source file with hb or similar...
Oh that's interesting I'll have to read into that.

The damn thing checks for source code modification! Bwahaha this is ingenious.

Deobfuscated (with password check/etc. removed):
Spoiler
OPTION STRICT

ACLS
VAR X=400/2
VAR Y=240/2
VAR DIR=0
VAR RUNS=1
VAR RUN=0
VAR COL=-RND(16777216-480*240)

@LOOP
 IF DIR==0 THEN Y=Y+1
 IF DIR==1 THEN X=X+1
 IF DIR==2 THEN Y=Y-1
 IF DIR==3 THEN X=X-1
 
 IF RUN==RUNS THEN
  RUN=0
  INC RUNS
  DIR=(DIR+1) MOD 4
 ENDIF
 INC RUN
 
 IF Y<0||Y>250 GOTO @LOOP
 
 IF X<0 THEN
  REPEAT UNTIL BUTTON()
  ACLS
  END
 ENDIF
 
 GCOLOR COL
 DEC COL
 GBOX X,Y,X+1,Y+1
GOTO @LOOP
I actually picked through and deobfuscated all of the code... In retrospect, it would've been a lot faster for me to just ignore all the code before OPTION STRICT and break at the username prompt to print out the label table.

Replying to:niconii
Deobfuscated (with password check/etc. removed):
Spoiler
OPTION STRICT

ACLS
VAR X=400/2
VAR Y=240/2
VAR DIR=0
VAR RUNS=1
VAR RUN=0
VAR COL=-RND(16777216-480*240)

@LOOP
 IF DIR==0 THEN Y=Y+1
 IF DIR==1 THEN X=X+1
 IF DIR==2 THEN Y=Y-1
 IF DIR==3 THEN X=X-1
 
 IF RUN==RUNS THEN
  RUN=0
  INC RUNS
  DIR=(DIR+1) MOD 4
 ENDIF
 INC RUN
 
 IF Y<0||Y>250 GOTO @LOOP
 
 IF X<0 THEN
  REPEAT UNTIL BUTTON()
  ACLS
  END
 ENDIF
 
 GCOLOR COL
 DEC COL
 GBOX X,Y,X+1,Y+1
GOTO @LOOP
I actually picked through and deobfuscated all of the code... In retrospect, it would've been a lot faster for me to just ignore all the code before OPTION STRICT and break at the username prompt to print out the label table.
I mean the obfuscation is not really the main focus on this project but I'll work on improving it.

This looked interesting so I decided to try it out. After about 3 hours of trial an error, I finally cracked the code.
my solutionUsername: ROOT Password: SBSBSBS
how I did itGetting the username was simple. It's visible in the code from the start. But the password was a different story. To start, I changed all the variable names to more tolerable ones. Unfortunately, the program has an embedded source code check. So, if I were to change anything, the application Wouldn't run. To get around this, I ran the original program up to the INPUT screen, stopped the program, and retrieved all the labels from the corresponding array. I then replaced all the instances of that array with the labels I retrieved. This allowed me to modify the original code without any errors. Next, I used the password checking code to check random strings of characters until it landed on a valid password. This let me know that most, if not all, valid passwords are seven characters long. With that piece of information, I started checking random words and strings until I landed on "SBSBSBS".

Replying to:Nathaniel
This looked interesting so I decided to try it out. After about 3 hours of trial an error, I finally cracked the code.
my solutionUsername: ROOT Password: SBSBSBS
how I did itGetting the username was simple. It's visible in the code from the start. But the password was a different story. To start, I changed all the variable names to more tolerable ones. Unfortunately, the program has an embedded source code check. So, if I were to change anything, the application Wouldn't run. To get around this, I ran the original program up to the INPUT screen, stopped the program, and retrieved all the labels from the corresponding array. I then replaced all the instances of that array with the labels I retrieved. This allowed me to modify the original code without any errors. Next, I used the password checking code to check random strings of characters until it landed on a valid password. This let me know that most, if not all, valid passwords are seven characters long. With that piece of information, I started checking random words and strings until I landed on "SBSBSBS".
This is similar to how Lumage did it. Thanks for the feedback I think I've gotten enough responses for this project so I'll pull it down and start working on the next iteration.

I never got around to downloading it :/ Will the next iteration be harder?

Replying to:Nathaniel
This looked interesting so I decided to try it out. After about 3 hours of trial an error, I finally cracked the code.
my solutionUsername: ROOT Password: SBSBSBS
how I did itGetting the username was simple. It's visible in the code from the start. But the password was a different story. To start, I changed all the variable names to more tolerable ones. Unfortunately, the program has an embedded source code check. So, if I were to change anything, the application Wouldn't run. To get around this, I ran the original program up to the INPUT screen, stopped the program, and retrieved all the labels from the corresponding array. I then replaced all the instances of that array with the labels I retrieved. This allowed me to modify the original code without any errors. Next, I used the password checking code to check random strings of characters until it landed on a valid password. This let me know that most, if not all, valid passwords are seven characters long. With that piece of information, I started checking random words and strings until I landed on "SBSBSBS".
are there more usernames and passwords?

Replying to:Nathaniel
This looked interesting so I decided to try it out. After about 3 hours of trial an error, I finally cracked the code.
my solutionUsername: ROOT Password: SBSBSBS
how I did itGetting the username was simple. It's visible in the code from the start. But the password was a different story. To start, I changed all the variable names to more tolerable ones. Unfortunately, the program has an embedded source code check. So, if I were to change anything, the application Wouldn't run. To get around this, I ran the original program up to the INPUT screen, stopped the program, and retrieved all the labels from the corresponding array. I then replaced all the instances of that array with the labels I retrieved. This allowed me to modify the original code without any errors. Next, I used the password checking code to check random strings of characters until it landed on a valid password. This let me know that most, if not all, valid passwords are seven characters long. With that piece of information, I started checking random words and strings until I landed on "SBSBSBS".
There was only one intended password it was just a poor hashing algorithm so there was a lot of collisions lol I will definitely try to implement a real hashing algorithm before I post the next version of this.

Replying to:spaceturtles
I never got around to downloading it :/ Will the next iteration be harder?
I'm going to try to improve it a lot yet.

You can make a simple password program doing this:
ACLS
@start
EXAMPLE$="EXAMPLE"
NA$=DIALOG("","Guess the password!",14)
'This gives you 14 characters to type. No more than 14.
IF NA$=="EXAMPLE" THEN
DIALOG "You won!!!"
ENDIF
WAIT 1
GOTO @START

Help!!! I need help creating a working password system for your BANK ACCOUNTS(for my game!!) Could anyone help with this???

Replying to:IamLEGEND
You can make a simple password program doing this:
ACLS
@start
EXAMPLE$="EXAMPLE"
NA$=DIALOG("","Guess the password!",14)
'This gives you 14 characters to type. No more than 14.
IF NA$=="EXAMPLE" THEN
DIALOG "You won!!!"
ENDIF
WAIT 1
GOTO @START
If you read the code you know what the password is. The program on this page is so obfuscated that it's basically impossible to know what the password is without brute force.

Yeah, I guess so.