Help for crypt 7

0xBBA5

? [dfalcon]
9 years ago

1

Ok so this level is seriously confusing me. I have a read a whole bunch of the forums and am still seriously confused. Any pointers or hints would be really helpful.

66replies
13voices
623views
Cyan Wind [freewind1012]
9 years ago | edited 9 years ago

0

It should be like that. Crypt Level 7 is not there to easily find the password. 600 points, remember?

Hints? IMO, Crypt Level 7 discussion threads have a lot of hints.

Hackay
9 years ago

0

I’m on it since a long time already. This is the most difficult level of HT !
This is very challenging and that’s what is great.


2

Ok seriously Freewind I don’t get this one also. You may be really trying to help but dfalcon already said he looked at all lot of the forums. I also am confused on this level and Freewind you should know that it is quite difficult because it took you and like 14 other guys to figure it out.

Wibben
9 years ago | edited 9 years ago

2

actually it took one guy and some hints from Keeper to figure it out, and 14 others followed after
Regardless this level is extremely difficult


1

Well be that as it may I think that freewind could be a bit more helpful

? [dfalcon]
9 years ago

1

thank you Greyhatfool!

? [dfalcon]
9 years ago

0

at the very least can somebody explain to me when i need to use the info from the second wepage?

Cyan Wind [freewind1012]
9 years ago | edited 9 years ago

0

[quote=Greyhatfool]You may be really trying to help but dfalcon already said he looked at all lot of the forums.[/quote]
Sorry but you misunderstood something. I posted in this thread just to point out that Crypt Level 7 has been the most difficult level so far on HackThis!!. My record for this level:
Attempts: 33 Duration: 21 days
You guys didn’t even try to test every possibility appearing in your mind, but need a right direction from the start? If I gave a hint, it wouldn’t be fair to @LanaRuza, @qwerert, @Pinkrat … and some guys who attempted to solve this level even by dictionary attack.

Pinkrat
9 years ago

1

The previous threads are helpful. I’d tried a lot of nasty maths and LSB extraction before reading the threads..

? [dfalcon]
9 years ago

1

i will check the other threads more closely


1

I will also read through the forums again and see what I can glean

[IAmDevil]
9 years ago

0

Wow @freewind1012 ’s attempts are so much less than mine!
Attempts: 83 Duration: 18 days
That was a really hard time!

Abhi
9 years ago

0

I had a lot of reading resources , so I figured it out in :
Attempts: 23 Duration: 27 days
Yet , I would say that it is the most difficult level among all other levels !!!

[IAmDevil]
9 years ago

1

Haha I was kinda putting all the strings I could to get the key! But it was an odd key which could not be guessed! :p

Pinkrat
9 years ago

0

Not guessed.. but cracked with pen, paper and guessing elsewhere!
Are congratulations in order? :-)

kamzhik
9 years ago

0

Keeper won’t be so generous next time. I’m pretty sure guessing was not supposed to be a way to solve the level and this was due to a small mistake he made.

What he should have done was go straight for the password

However, the level is enjoyable and some great work from him.

Btw, :p
Attempts: 24 Duration: 4 days


0

go straight for the password

The truth has been spoken. It’s time to say goodbye to our luck. :p

Pinkrat
9 years ago

0

Has anyone that’s solved it sorted the pic then? I could get the whole pic but I’m sure not by the method intended.

[IAmDevil]
9 years ago

0

Hmm I did not get a word what you said @Pinkrat ! But i’m egerly waiting for the next bad ass level! ;)

Pinkrat
9 years ago

0

Did you get the key from the pic or?

Pinkrat
9 years ago

0

IMO Crypt 7 still has a puzzle to solve: finding the key by substitution.

[IAmDevil]
9 years ago | edited 9 years ago

0

Obviously not! It was all logical guess work. But yes the key is there in the hex data itself.
EDIT: There is an edit button there @Pinkrat .


0

[quote=IAmDevil]It was all logical guess work. But yes the key is there in the hex data itself.[/quote]
LOL, where?

[deleted user]
9 years ago

0

Yes I would very much like to know that too. Where in the hex data and how do you get. Where is the clue for it.

[IAmDevil]
9 years ago

0

Hey @freewind1012 and @tlotr we all are very much on the same road block! I too don’t know the location of key in the hex data! :p

Pinkrat
9 years ago

0

It has to be by simple substitution. A systematized random substitution has produced full length pic, but there must be a substitution that you can arrive at from the clues.
It is not in the LSB or any meaningful expansion of LSB hiding. A week of the 18 days it took me was spent doing that by hand.

Questions I still have:
Why is the header hashed on fb pic?
Why is there so much extra hex in the main pic? (enough for three more pics?)
What is the purpose of the odd grammar in the level description? In this kind of test grammatical or spelling oddities are usually indicators of something.

[IAmDevil]
9 years ago

0

Ok first of all its not odd grammar, it is a poetical phrase or you may call a hint which is given or represented in a tricky manner.
Second, FB’s pic has nothing to do with the key, its just there to push us in the right direction.
Third, there is no so called extra hex data. I mean what does that even mean?
As far as i’m concerned everything is spick and span in the level! :)

Pinkrat
9 years ago

0

Seems a touch aggressive? Sorry if I’ve offended. I’m in no way complaining about the level.

‘These words are nothing more but an allegory.’
This is odd grammar and in a lot of paper based cryptology the use of ‘but’ rather than ‘than’ would have hidden meaning.
I agree FBs pic has nothing to do with the key - but that is not something you can be certain of until you’ve cracked it. It could have!
By extra hex data, I mean data that can be removed without the slightest effect on the original pic or the full hidden pic - spades of it.
Again I’m not complaining… It’s par for the course to go up blind alleys in a pentest!

[IAmDevil]
9 years ago

1

Lol I was not being aggressive there! Sorry if it felt so. Haha yes I too was trying to edit the picture at first to get a clearer image but later realized that I was just being stupid! :p

Pinkrat
9 years ago

0

Did you get a full length pic? I got one by systematically replacing hex.

[IAmDevil]
9 years ago

1

Nope I just left that idea there itself and then walked upon a more sensible path. Lol :)

Pinkrat
9 years ago

0

I did it (I think) the same way as everyone else but then, like Freewind, was less than satisfied… :-(

? [dfalcon]
9 years ago

0

huh< it sounds like all of the people who have completed this level completed it using a shortcut that made the level less pleasurable. if that is the case then flabbyrabbit should alter the level so that the shortcut is no longer possible

Pawda [Memoria]
9 years ago

0

You can’t prevent all available short-cuts for this level or it would be change radically. There is many ways to solve it and its add some good thing to this level. People not happy with their solution just have to find another one. I’m quite happy with mine personally.

? [dfalcon]
9 years ago

0

so are you saying that there are multiple ways to solve the level or multiple solutions?

Pawda [Memoria]
9 years ago

0

multiple ways to find the unique pass accepted to validate.

? [dfalcon]
9 years ago

0

so technically that could mean that since the level could be solved in different ways that some options are harder than others and that depending on which method you used to solve, you could get a different point value if the level could track in some way the method that you used to complete the level. just technically. is that even a possibility? because i think it is than I think that it might be an intereting thing to do to decrease the probablilty of top players getting the same number of points and then getting stuck competting with each other to get medals to earn the extra points needed to put themself on top of the other player. did that even make sence?

Pawda [Memoria]
9 years ago

0

It does make some sense but so far, the only way would be to upload a txt file with the method used and it will be too much work for flabby to check that.

? [dfalcon]
9 years ago

0

well, first, there are not very many people who have completed the level, and people are not going to complete it very regularly. so if flabbyrabbit and the moderators like daMage both checked when a user completed the level, working together and based on the samll number of people completing the level, i shouldnt be too hard

Pawda [Memoria]
9 years ago

0

For this level yes, but what would be greater is too extend the upload of methods to all concerned level so we can have a track on possible cheaters.

Abhi
9 years ago

0

Yaa…then there will be a check on Copy-Pasters !!

Pawda [Memoria]
9 years ago

1

This can be half automatized but then comes false-positive, possibility to ask for a manual verification and yes, more and more work.
That’s good for a CTF with limited participant in a limited time, not for usual levels.
Implementing this kind of feature would require to hire some people for checking, so take some of their time.
If it’s free, then we should manage a way to keep the checkers to keep checking…

A possible way would be to allow anyone who has validated the level to check other users in exchange of some points or another meaningful resource (karma ?, after checking X validations give the helper medal ?).
That’s a way to build a community around another and a way for the creator to say “This website is mine as much as yours, enjoy yourself”

A sustainable way would be to give money to checkers but how do we pay them ? That would make the need of a registration price on hackthis. This would decrease the number of users drastically, except if we could provide some feature like personal coach, personal lessons with exercises and follow up as a real e-learning platform.

There is surely many things to do and Hackthis could impose itself as the number 1 reference but it’s needs time, motivation and a lot of other things.

Sorry for the off-topic by the way.

Abhi
9 years ago | edited 9 years ago

0

No…this may be off-topic but is really a nice idea.
The thought of paying may be a farfetched idea at the moment, but when all that comes with the trainers and exercises , it seems pretty good in a near future.
Just some questions that arise are that :
How will the method be validated by a checker ? ( I mean , on what parameters ? )
Suppose if a Checker consents to a particular method , will it be accepted ?

Pawda [Memoria]
9 years ago

0

I’m not affiliated to hackthis in any way so I wasn’t making specs, just exposing simple ideas haha.
The way method can be accepted can be defined on a grid with checkboxes.

  • did the user find the password? y/n
  • did he explain his way? y/n
  • did he copy pasted from another user? y/n
  • was it uncommon?
  • was it by abusing a bug on the website ?

According the total of yes/ no, then points can be calculated.
Since checkers are different, notations might not always be fair but that’s part of the game, and abusing this could be penalized by adding the possibility to complain on the final results.

Cyan Wind [freewind1012]
9 years ago | edited 9 years ago

0

[quote=dfalcon]to decrease the probablilty of top players getting the same number of points and then getting stuck competting with each other to get medals to earn the extra points needed to put themself on top of the other player[/quote]
Who did come up with this competing idea? HackThis is a learning website and we have still tried our best to support newbies to learn something new. If we ever wanted to make it more competitive, wouldn’t the amount of time for solving a level be more than enough? In that case, we didn’t setup a forum because a question (ironically, like your first question in this thread about Crypt Level 7) is only for the weak. You should solve it by yourself, shouldn’t you?

P/S: If you ever wanted to be on the Scoreboard, you should learn programming language(s).

Pawda [Memoria]
9 years ago | edited 9 years ago

0

[quote=freewind1012]P/S: If you ever want to be on the Scoreboard, you should learn programming language(s). Simple like that.[/quote]
Or start your nickname with the good char….

Abhi
9 years ago

0

Nickname with the good char ??? Didn’t understood !! o_O

Pawda [Memoria]
9 years ago

0

For two people having the same amount of point, the ladder order by nick and not by date of achievement.
Abhi_hacker with 10035 points will be set before Bbhi_hacker with 10035 points.

Mystery [kapuccino]
9 years ago

0

@Memoria: I disagree with your statement. Check the 10th place on the Scoreboard.

Abhi
9 years ago

0

Yup…I am on the last position in the 10th rank group !! So , its not by nick….its by the order of reaching that score !!

Pawda [Memoria]
9 years ago | edited 9 years ago

0

Note I said “characters”, ADIGA is 10th because he’s using upper-case characters which have in the ASCII table lower values than lower-case characters.
edit: Might have changed with new version, but I remember in the past being behind someone whereas I was the first getting that amount of points.

Pinkrat
9 years ago

0

There are at least three methods to solve:
1. Intended method involving whole pic.
2. The way everyone (AFAIK) did it, cracking because of an educated guess once one’d nearly reached the end anyway.
3. Just cracking the password with an exhaustive dictionary.

The 2nd method still required a lot of work whereas the 3rd is pointless.

[IAmDevil]
9 years ago

0

Haha i too wondered how the scoring is biased! So it is ASCII then. I too regret some times why didn’t i put i nick as Alfa rather than IAmDevil. lol never mind. :)

Pawda [Memoria]
9 years ago

1

[quote=Pinkrat]3. Just cracking the password with an exhaustive dictionary.[/quote]
I would be curious to see a dictionary with this password inside.

On the top of that, they’re is more or less elegant way of “cracking”, I won’t put more in there. Dear, I miss the afterwards section…

Pinkrat
9 years ago

0

A dictionary generated exhaustively will find it.

Mystery [kapuccino]
9 years ago | edited 9 years ago

1

[quote=Memoria]I remember in the past being behind someone whereas I was the first getting that amount of points.[/quote]

@Abhi_hacker and I have the same point. I got 10,035 after him but as you can see, I am above him in the list. Therefore, I believe that the order is based on the amount of point, then the time when you signed up an account on HT!!

Pawda [Memoria]
9 years ago

0

Or by userid yea that would makes sense.

Abhi
9 years ago

0

No , @kapuccino , you got 10,035 points before me !! I got them yesterday only…after completing Coding 1 after 74 attempts !!

Mystery [kapuccino]
9 years ago | edited 9 years ago

0

@Abhi_hacker: Now that’s kinda weird.

Forget that example, just look at the 5th rank right now. As you can see: A from @ANONRA, k from @kamzhik and then I from @IAmDevil . The alphabetic order doesn’t make sense, but the order of users ID does: ANONRA joined 4 years ago, kamzhik joined on July 12, 2012 and then IAmDevil joined on July 13, 2012.

Abhi
9 years ago

0

Yeah….its basically decided by higher number of points , then longer time duration on site !!
Poor @IAmDevil missed it by one day !! :p
One more thing @kapuccino , what if two guys joined on the same day ??

[IAmDevil]
9 years ago

0

Thank you for your sympathy @Abhi_hacker . sob

Pawda [Memoria]
9 years ago | edited 9 years ago

1

No more assumption, its by point, then by user id.

https://github.com/HackThis/hackthis.co.uk/blob/master/files/class.stats.php

`` $sql = 'SELECT users.user_id, username, score, (users_medals.user_id IS NOT NULL) AS donator, profile.gravatar, IF (profile.gravatar = 1, users.email, profile.img) asimage`
FROM users
LEFT JOIN users_profile profile
ON users.user_id = profile.user_id
LEFT JOIN users_priv
ON users_priv.user_id = users.user_id
LEFT JOIN users_medals
ON users.user_id = users_medals.user_id AND users_medals.medal_id = (SELECT medal_id FROM medals WHERE label = “Donator”)
WHERE COALESCE(users_priv.site_priv, 0) != 2
ORDER BY score DESC, user_id ASC
LIMIT ‘.$limit;

```

[deleted user]
9 years ago

0

Woaaa… This thread went way off topic and is now 7 pages long. Lets make 10 pages long guys what do say……..

? [dfalcon]
9 years ago

-4

easy for me!!!!! ;)

qwerert
9 years ago

-2

Looks at pages

Whistles in an impressed way

Reply has been removed
Abhi
9 years ago | edited 9 years ago

0

Haha…lol…. @IAmDevil , you called him a perfectionist ?

Discussion thread has been locked. You can no longer add new posts.
1 of 67

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss