rev/vault_door_5

This commit is contained in:
2026-07-03 03:27:23 +09:00
parent 8010543bdd
commit 87f994ebde
2 changed files with 89 additions and 0 deletions
+49
View File
@@ -0,0 +1,49 @@
import java.net.URLDecoder;
import java.util.*;
class VaultDoor5 {
public static void main(String args[]) {
VaultDoor5 vaultDoor = new VaultDoor5();
Scanner scanner = new Scanner(System.in);
System.out.print("Enter vault password: ");
String userInput = scanner.next();
String input = userInput.substring("picoCTF{".length(),userInput.length()-1);
if (vaultDoor.checkPassword(input)) {
System.out.println("Access granted.");
} else {
System.out.println("Access denied!");
}
}
// Minion #7781 used base 8 and base 16, but this is base 64, which is
// like... eight times stronger, right? Riiigghtt? Well that's what my twin
// brother Minion #2415 says, anyway.
//
// -Minion #2414
public String base64Encode(byte[] input) {
return Base64.getEncoder().encodeToString(input);
}
// URL encoding is meant for web pages, so any double agent spies who steal
// our source code will think this is a web site or something, defintely not
// vault door! Oh wait, should I have not said that in a source code
// comment?
//
// -Minion #2415
public String urlEncode(byte[] input) {
StringBuffer buf = new StringBuffer();
for (int i=0; i<input.length; i++) {
buf.append(String.format("%%%2x", input[i]));
}
return buf.toString();
}
public boolean checkPassword(String password) {
String urlEncoded = urlEncode(password.getBytes());
String base64Encoded = base64Encode(urlEncoded.getBytes());
String expected = "JTYzJTMwJTZlJTc2JTMzJTcyJTc0JTMxJTZlJTY3JTVm"
+ "JTY2JTcyJTMwJTZkJTVmJTYyJTYxJTM1JTY1JTVmJTM2"
+ "JTM0JTVmJTY0JTMxJTM5JTM0JTM4JTY0JTM0JTY1";
return base64Encoded.equals(expected);
}
}
+40
View File
@@ -0,0 +1,40 @@
#!/usr/bin/env python3
import base64
# public String urlEncode(byte[] input) {
# StringBuffer buf = new StringBuffer();
# for (int i=0; i<input.length; i++) {
# buf.append(String.format("%%%2x", input[i]));
# }
# return buf.toString();
# }
# public boolean checkPassword(String password) {
# String urlEncoded = urlEncode(password.getBytes());
# String base64Encoded = base64Encode(urlEncoded.getBytes());
# String expected = "JTYzJTMwJTZlJTc2JTMzJTcyJTc0JTMxJTZlJTY3JTVm"
# + "JTY2JTcyJTMwJTZkJTVmJTYyJTYxJTM1JTY1JTVmJTM2"
# + "JTM0JTVmJTY0JTMxJTM5JTM0JTM4JTY0JTM0JTY1";
# return base64Encoded.equals(expected);
# }
def url_decode(input: str) -> str:
return ''.join(chr(int(x, 16)) for x in input.split('%')[1:])
def main():
expected = (
"JTYzJTMwJTZlJTc2JTMzJTcyJTc0JTMxJTZlJTY3JTVm"
"JTY2JTcyJTMwJTZkJTVmJTYyJTYxJTM1JTY1JTVmJTM2"
"JTM0JTVmJTY0JTMxJTM5JTM0JTM4JTY0JTM0JTY1"
)
url_encoded = base64.b64decode(expected).decode()
result = url_decode(url_encoded)
print(f"picoCTF{{{result}}}")
if __name__ == '__main__':
main()