Scribd Logo
Upload

Welcome to Scribd!

  • Flare-On 5: Challenge 1 Solution - Minesweeper Championship Registration - Jar

    Uploaded by

    Michel Edi
    23 views3 pages
    This document summarizes the first challenge of the Flare-On 5 capture the flag competition. The challenge involved decompiling a simple Java application to reveal a hardcoded string that needed to be entered in a dialog box. Decompiling the application using JD-GUI showed a single class containing main() that compared the user input to the hardcoded string "GoldenTicket2018@flare-on.com" and displayed the appropriate success or failure message. Entering the correct string triggered a success dialog congratulating the user.

    Original Description:

    Pi

    Original Title

    FlareOn5_Challenge1_Solution

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes the first challenge of the Flare-On 5 capture the flag competition. The challenge involved decompiling a simple Java application to reveal a hardcoded string that needed to be entered in a dialog box. Decompiling the application using JD-GUI showed a single class containing main() that compared the user input to the hardcoded string "GoldenTicket2018@flare-on.com" and displayed the appropriate success or failure message. Entering the correct string triggered a success dialog congratulating the user.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    23 views3 pages

    Flare-On 5: Challenge 1 Solution - Minesweeper Championship Registration - Jar

    Uploaded by

    Michel Edi
    This document summarizes the first challenge of the Flare-On 5 capture the flag competition. The challenge involved decompiling a simple Java application to reveal a hardcoded string that needed to be entered in a dialog box. Decompiling the application using JD-GUI showed a single class containing main() that compared the user input to the hardcoded string "GoldenTicket2018@flare-on.com" and displayed the appropriate success or failure message. Entering the correct string triggered a success dialog congratulating the user.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    Flare-On 5: Challenge 1 Solution - Minesweeper Championship

    Registration.jar
    Challenge Author: Nick Harbour

    Description

    This year’s first challenge was a Java GUI application that presents the following simple dialog prompt
    to the user when launched.

    Figure 1: Input Dialog

    If you enter the correct code (which is the challenge key) into this dialog it will present a dialog box
    telling you that you entered the correct key, otherwise it will present a dialog box telling you it was
    incorrect.

    Solution

    This year’s first challenge returned Flare-On to its approach of having a first challenge that was so easy
    it was almost a captcha to see how many people where actually making any attempt to play. An
    obvious approach to reverse engineering Java programs is to attempt to decompile them. Due to the
    design of the Java platform programs will often decompile into perfectly readable source code unless a
    deliberate obfuscation step was introduced by the programmer. The following screenshot shows this
    challenge loaded into JD-GUI.

    FireEye, Inc., 1440 McCarthy Blvd., Milpitas, CA 95035 | +1 408.321.6300 | +1 877.FIREEYE (347.3393) | info@FireEye.com | www.FireEye.com 1
    Figure 2: JD-GUI decompilation

    FireEye, Inc., 1440 McCarthy Blvd., Milpitas, CA 95035 | +1 408.321.6300 | +1 877.FIREEYE (347.3393) | info@FireEye.com | www.FireEye.com 2
    You will notice in the decompiled program there is only one class (named InviteValidator) which
    contains the main() function. The code contained in the main function simply compares the string
    inputted in the input dialog box with the string “GoldenTicket2018@flare-on.com” and
    decides which message box message to show based on that comparison. The full decompiled text of
    this class is shown in Figure 3 below.
    import javax.swing.JOptionPane;

    public class InviteValidator


    {
    public static void main(String[] args)
    {
    String response = JOptionPane.showInputDialog(null, "Enter your invitation code:", "Minesweeper
    Championship 2018", 3);
    if (response.equals("GoldenTicket2018@flare-on.com")) {
    JOptionPane.showMessageDialog(null, "Welcome to the Minesweeper Championship 2018!\nPlease
    enter the following code to the ctfd.flare-on.com website to compete:\n\n" + response, "Success!", -
    1);
    } else {
    JOptionPane.showMessageDialog(null, "Incorrect invitation code. Please try again next year.",
    "Failure", 0);
    }
    }
    }
    Figure 3: Decompiled Source Code

    If you entered the correct key (“GoldenTicket2018@flare-on.com”) into the dialog you would
    be presented with the following success dialog.

    Figure 4: Success Dialog

    FireEye, Inc., 1440 McCarthy Blvd., Milpitas, CA 95035 | +1 408.321.6300 | +1 877.FIREEYE (347.3393) | info@FireEye.com | www.FireEye.com 3

    You might also like