MITRE CTF 2013 – bin200 #2

brute force, java, mitrectf

This challenge gave us a JAR. We extracted it, and opened the class in JDGUI. It’s immediately clear that this challenge is to brute force an MD5. The manifest file gives us the first 6 characters, and leaves us to brute force the last 6. We know the keyspace is 0-9 A-F, as previous challenge flags fit that format.

So, we modify this to brute force the 6 characters and we’re done! Since the main challenge here is brute forcing, this is really more of a crypto challenge than it is a binary challenge.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import java.io.PrintStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Scanner;
public class Overrated
{
  public static void main(String[] paramArrayOfString)
  {
    String str1 = new String();
    String str2 = "3d38629f056c942d561b63dbe8e94653";
    //MCA-8E + (6 hex allcaps)
    int max = 16;
    //for every combination
    for(int a=0;a<max;a++) {
    	for(int b=0;b<max;b++) {
    		for(int c=0;c<max;c++) {
    			for(int d=0;d<max;d++) {
    				for(int e=0;e<max;e++) {
    					for(int f=0;f<max;f++) {
    						String teststr = Integer.toString(a, 16) + Integer.toString(b, 16) + Integer.toString(c, 16) + Integer.toString(d, 16) + Integer.toString(e, 16) + Integer.toString(f, 16);
    						teststr = teststr.toUpperCase();
    						if(encrypt("MCA-8E"+teststr).equals(str2)) {
    							System.out.println("WOOT "+ "MCA-8E"+teststr);
    							return;
    						}
    					}
    				}
    			}
    		}
    	}
    }
    System.out.println("Good job!");
  }
  public static String encrypt(String paramString) {
    String str1 = "";
    try {
      MessageDigest localMessageDigest = MessageDigest.getInstance("MD5");
      localMessageDigest.reset();
      localMessageDigest.update(paramString.getBytes());
      byte[] arrayOfByte = localMessageDigest.digest();
      // md5 array above
      
      String str2 = "";
      
      // convert to a hex string
      for (int i = 0; i < arrayOfByte.length; i++) {
    	  
    	// this & does nothing
        str2 = Integer.toHexString(0xFF & arrayOfByte[i]);
        
        
        if (str2.length() == 1)
          str1 = str1 + "0" + str2;
        else
          str1 = str1 + str2;
      }
    } catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {
    }
    return str1;
  }
}