Title : [writeups] Hack Dat Kiwi - Phone Lock 1 (50)
Released : 2015-11-21 15:23:34 -0500
Viewed : 961

Challenge's Description:

 

Link: http://c4c045.hack.dat.kiwi/web/phone-lock/

I forgot my phone password, can you help me unlock it? (Don't judge, happens to us all)

 

As mentioned in the description above, we need to unlock phone code based on PIN Number security. In the source code, i got this javascript

 

result="";
tries=0;
locked=false;
salt="9381bc56e2e8ee1797b5952b6221ff90";
valid="0454698a6228c0d1a76852177bf6a5e0";
//md5(salt+answer)

function buttonClick(e)
{
	if (locked) return false;
	var t=$("#result");
	t.val(t.val()+"X");
	result+=e.target.text;
	if (t.val().length>=4)
	{
		if (md5(salt+result)==valid)
		{
			alert("Flag is: "+md5(salt+result+result));
		}
		else
		{
			locked=true;
			  $("#resultHolder").effect("shake", { times:tries }, 
tries*100,function(){ t.val(""); result=""; tries++; locked=false; }); } } }

 

look at this line

 

if (md5(salt+result)==valid)

where valid = salt + (entered) PIN, so all we need to do is md5-ing the "salt"
and combine it with the correct PIN with range between 0000 to 9999. So, let's
bruteforce it

 

salt="c0fcdb7b7551485b10838b54d48d0af4";
valid="2cb356fbd63b7646c005cc80342974de";
for(var i=1111;i<10000;i++){
    if (md5(salt+i)==valid){
    console.log('Correct PIN: '+i);
    console.log('Flag:'+md5(salt+result+result));
}}
Correct PIN: 9347
Flag:d38e937ea046e56ccecf748c2a396d84

 

Yarp, we got the Flag: d38e937ea046e56ccecf748c2a396d84