Help for crypt 7

It should be like that. Crypt Level 7 is not there to easily find the password. 600 points, remember?

Hints? IMO, Crypt Level 7 discussion threads have a lot of hints.

I’m on it since a long time already. This is the most difficult level of HT !
This is very challenging and that’s what is great.

Ok seriously Freewind I don’t get this one also. You may be really trying to help but dfalcon already said he looked at all lot of the forums. I also am confused on this level and Freewind you should know that it is quite difficult because it took you and like 14 other guys to figure it out.

actually it took one guy and some hints from Keeper to figure it out, and 14 others followed after
Regardless this level is extremely difficult

Well be that as it may I think that freewind could be a bit more helpful

thank you Greyhatfool!

at the very least can somebody explain to me when i need to use the info from the second wepage?

[quote=Greyhatfool]You may be really trying to help but dfalcon already said he looked at all lot of the forums.[/quote]
Sorry but you misunderstood something. I posted in this thread just to point out that Crypt Level 7 has been the most difficult level so far on HackThis!!. My record for this level:
Attempts: 33 Duration: 21 days
You guys didn’t even try to test every possibility appearing in your mind, but need a right direction from the start? If I gave a hint, it wouldn’t be fair to @LanaRuza, @qwerert, @Pinkrat … and some guys who attempted to solve this level even by dictionary attack.

The previous threads are helpful. I’d tried a lot of nasty maths and LSB extraction before reading the threads..

i will check the other threads more closely

I will also read through the forums again and see what I can glean

Wow @freewind1012 ’s attempts are so much less than mine!
Attempts: 83 Duration: 18 days
That was a really hard time!

I had a lot of reading resources , so I figured it out in :
Attempts: 23 Duration: 27 days
Yet , I would say that it is the most difficult level among all other levels !!!

Haha I was kinda putting all the strings I could to get the key! But it was an odd key which could not be guessed! :p

Not guessed.. but cracked with pen, paper and guessing elsewhere!
Are congratulations in order? :-)

Keeper won’t be so generous next time. I’m pretty sure guessing was not supposed to be a way to solve the level and this was due to a small mistake he made.

What he should have done was go straight for the password

However, the level is enjoyable and some great work from him.

Btw, :p
Attempts: 24 Duration: 4 days

go straight for the password

The truth has been spoken. It’s time to say goodbye to our luck. :p

Has anyone that’s solved it sorted the pic then? I could get the whole pic but I’m sure not by the method intended.

Hmm I did not get a word what you said @Pinkrat ! But i’m egerly waiting for the next bad ass level! ;)

Did you get the key from the pic or?

IMO Crypt 7 still has a puzzle to solve: finding the key by substitution.

Obviously not! It was all logical guess work. But yes the key is there in the hex data itself.
EDIT: There is an edit button there @Pinkrat .

[quote=IAmDevil]It was all logical guess work. But yes the key is there in the hex data itself.[/quote]
LOL, where?

Yes I would very much like to know that too. Where in the hex data and how do you get. Where is the clue for it.

Hey @freewind1012 and @tlotr we all are very much on the same road block! I too don’t know the location of key in the hex data! :p

It has to be by simple substitution. A systematized random substitution has produced full length pic, but there must be a substitution that you can arrive at from the clues.
It is not in the LSB or any meaningful expansion of LSB hiding. A week of the 18 days it took me was spent doing that by hand.

Questions I still have:
Why is the header hashed on fb pic?
Why is there so much extra hex in the main pic? (enough for three more pics?)
What is the purpose of the odd grammar in the level description? In this kind of test grammatical or spelling oddities are usually indicators of something.

Ok first of all its not odd grammar, it is a poetical phrase or you may call a hint which is given or represented in a tricky manner.
Second, FB’s pic has nothing to do with the key, its just there to push us in the right direction.
Third, there is no so called extra hex data. I mean what does that even mean?
As far as i’m concerned everything is spick and span in the level! :)

Seems a touch aggressive? Sorry if I’ve offended. I’m in no way complaining about the level.

‘These words are nothing more but an allegory.’
This is odd grammar and in a lot of paper based cryptology the use of ‘but’ rather than ‘than’ would have hidden meaning.
I agree FBs pic has nothing to do with the key - but that is not something you can be certain of until you’ve cracked it. It could have!
By extra hex data, I mean data that can be removed without the slightest effect on the original pic or the full hidden pic - spades of it.
Again I’m not complaining… It’s par for the course to go up blind alleys in a pentest!

Lol I was not being aggressive there! Sorry if it felt so. Haha yes I too was trying to edit the picture at first to get a clearer image but later realized that I was just being stupid! :p

Did you get a full length pic? I got one by systematically replacing hex.

Nope I just left that idea there itself and then walked upon a more sensible path. Lol :)

I did it (I think) the same way as everyone else but then, like Freewind, was less than satisfied… :-(

huh< it sounds like all of the people who have completed this level completed it using a shortcut that made the level less pleasurable. if that is the case then flabbyrabbit should alter the level so that the shortcut is no longer possible

You can’t prevent all available short-cuts for this level or it would be change radically. There is many ways to solve it and its add some good thing to this level. People not happy with their solution just have to find another one. I’m quite happy with mine personally.

so are you saying that there are multiple ways to solve the level or multiple solutions?

multiple ways to find the unique pass accepted to validate.

so technically that could mean that since the level could be solved in different ways that some options are harder than others and that depending on which method you used to solve, you could get a different point value if the level could track in some way the method that you used to complete the level. just technically. is that even a possibility? because i think it is than I think that it might be an intereting thing to do to decrease the probablilty of top players getting the same number of points and then getting stuck competting with each other to get medals to earn the extra points needed to put themself on top of the other player. did that even make sence?

It does make some sense but so far, the only way would be to upload a txt file with the method used and it will be too much work for flabby to check that.

well, first, there are not very many people who have completed the level, and people are not going to complete it very regularly. so if flabbyrabbit and the moderators like daMage both checked when a user completed the level, working together and based on the samll number of people completing the level, i shouldnt be too hard

For this level yes, but what would be greater is too extend the upload of methods to all concerned level so we can have a track on possible cheaters.

Yaa…then there will be a check on Copy-Pasters !!

This can be half automatized but then comes false-positive, possibility to ask for a manual verification and yes, more and more work.
That’s good for a CTF with limited participant in a limited time, not for usual levels.
Implementing this kind of feature would require to hire some people for checking, so take some of their time.
If it’s free, then we should manage a way to keep the checkers to keep checking…

A possible way would be to allow anyone who has validated the level to check other users in exchange of some points or another meaningful resource (karma ?, after checking X validations give the helper medal ?).
That’s a way to build a community around another and a way for the creator to say “This website is mine as much as yours, enjoy yourself”

A sustainable way would be to give money to checkers but how do we pay them ? That would make the need of a registration price on hackthis. This would decrease the number of users drastically, except if we could provide some feature like personal coach, personal lessons with exercises and follow up as a real e-learning platform.

There is surely many things to do and Hackthis could impose itself as the number 1 reference but it’s needs time, motivation and a lot of other things.

Sorry for the off-topic by the way.

No…this may be off-topic but is really a nice idea.
The thought of paying may be a farfetched idea at the moment, but when all that comes with the trainers and exercises , it seems pretty good in a near future.
Just some questions that arise are that :
How will the method be validated by a checker ? ( I mean , on what parameters ? )
Suppose if a Checker consents to a particular method , will it be accepted ?

I’m not affiliated to hackthis in any way so I wasn’t making specs, just exposing simple ideas haha.
The way method can be accepted can be defined on a grid with checkboxes.

• did the user find the password? y/n
• did he explain his way? y/n
• did he copy pasted from another user? y/n
• was it uncommon?
• was it by abusing a bug on the website ?
• …

According the total of yes/ no, then points can be calculated.
Since checkers are different, notations might not always be fair but that’s part of the game, and abusing this could be penalized by adding the possibility to complain on the final results.

[quote=dfalcon]to decrease the probablilty of top players getting the same number of points and then getting stuck competting with each other to get medals to earn the extra points needed to put themself on top of the other player[/quote]
Who did come up with this competing idea? HackThis is a learning website and we have still tried our best to support newbies to learn something new. If we ever wanted to make it more competitive, wouldn’t the amount of time for solving a level be more than enough? In that case, we didn’t setup a forum because a question (ironically, like your first question in this thread about Crypt Level 7) is only for the weak. You should solve it by yourself, shouldn’t you?

P/S: If you ever wanted to be on the Scoreboard, you should learn programming language(s).

[quote=freewind1012]P/S: If you ever want to be on the Scoreboard, you should learn programming language(s). Simple like that.[/quote]
Or start your nickname with the good char….

Nickname with the good char ??? Didn’t understood !! o_O

For two people having the same amount of point, the ladder order by nick and not by date of achievement.
Abhi_hacker with 10035 points will be set before Bbhi_hacker with 10035 points.

@Memoria: I disagree with your statement. Check the 10th place on the Scoreboard.

Yup…I am on the last position in the 10th rank group !! So , its not by nick….its by the order of reaching that score !!

Note I said “characters”, ADIGA is 10th because he’s using upper-case characters which have in the ASCII table lower values than lower-case characters.
edit: Might have changed with new version, but I remember in the past being behind someone whereas I was the first getting that amount of points.

There are at least three methods to solve:
1. Intended method involving whole pic.
2. The way everyone (AFAIK) did it, cracking because of an educated guess once one’d nearly reached the end anyway.
3. Just cracking the password with an exhaustive dictionary.

The 2nd method still required a lot of work whereas the 3rd is pointless.

Haha i too wondered how the scoring is biased! So it is ASCII then. I too regret some times why didn’t i put i nick as Alfa rather than IAmDevil. lol never mind. :)

[quote=Pinkrat]3. Just cracking the password with an exhaustive dictionary.[/quote]
I would be curious to see a dictionary with this password inside.

On the top of that, they’re is more or less elegant way of “cracking”, I won’t put more in there. Dear, I miss the afterwards section…

A dictionary generated exhaustively will find it.

[quote=Memoria]I remember in the past being behind someone whereas I was the first getting that amount of points.[/quote]

@Abhi_hacker and I have the same point. I got 10,035 after him but as you can see, I am above him in the list. Therefore, I believe that the order is based on the amount of point, then the time when you signed up an account on HT!!

Or by userid yea that would makes sense.

No , @kapuccino , you got 10,035 points before me !! I got them yesterday only…after completing Coding 1 after 74 attempts !!

@Abhi_hacker: Now that’s kinda weird.

Forget that example, just look at the 5th rank right now. As you can see: A from @ANONRA, k from @kamzhik and then I from @IAmDevil . The alphabetic order doesn’t make sense, but the order of users ID does: ANONRA joined 4 years ago, kamzhik joined on July 12, 2012 and then IAmDevil joined on July 13, 2012.

Yeah….its basically decided by higher number of points , then longer time duration on site !!
Poor @IAmDevil missed it by one day !! :p
One more thing @kapuccino , what if two guys joined on the same day ??

Thank you for your sympathy @Abhi_hacker . sob

No more assumption, its by point, then by user id.

https://github.com/HackThis/hackthis.co.uk/blob/master/files/class.stats.php

`` $sql = 'SELECT users.user_id, username, score, (users_medals.user_id IS NOT NULL) AS donator, profile.gravatar, IF (profile.gravatar = 1, users.email, profile.img) asimage`
FROM users
LEFT JOIN users_profile profile
ON users.user_id = profile.user_id
LEFT JOIN users_priv
ON users_priv.user_id = users.user_id
LEFT JOIN users_medals
ON users.user_id = users_medals.user_id AND users_medals.medal_id = (SELECT medal_id FROM medals WHERE label = “Donator”)
WHERE COALESCE(users_priv.site_priv, 0) != 2
ORDER BY score DESC, user_id ASC
LIMIT ‘.$limit;

```

Woaaa… This thread went way off topic and is now 7 pages long. Lets make 10 pages long guys what do say……..

easy for me!!!!! ;)

Looks at pages

Whistles in an impressed way

Haha…lol…. @IAmDevil , you called him a perfectionist ?