You can see a scratched Borderlands 2 Serial and the task was to find out the correct one and submit it there. After a while i came up with the bash script below. Don't read further if you wanna try it yourself first ; )
1: #!/bin/bash
2: url="http://thevamp.back2hack.cc/challs/borderlands/index.php";
3:
4: block1[0]="B";
5: block1[1]="GCQ";
6: block1[2]="COQ";
7: block1[3]="EFSB";
8:
9: block2[0]="D";
10: block2[1]="OQ";
11: block2[2]="K";
12: block2[3]="A";
13:
14: block3[0]="EFB";
15: block3[1]="G";
16: block3[2]="B";
17: block3[3]="O";
18:
19: block4[0]="F";
20: block4[1]="U";
21: block4[2]="PRB";
22: block4[3]="L";
23:
24: block5[0]="W";
25: block5[1]="UO";
26: block5[2]="FEB";
27: block5[3]="M";
28:
29: block6[0]="B";
30: block6[1]="RB";
31: block6[2]="Z";
32: block6[3]="J";
33:
34: # Total Number of Serials, tns
35: tns1=`expr ${#block1[0]} \* ${#block1[1]} \* ${#block1[2]} \* ${#block1[3]}`;
36: tns2=`expr ${#block2[0]} \* ${#block2[1]} \* ${#block2[2]} \* ${#block2[3]}`;
37: tns3=`expr ${#block3[0]} \* ${#block3[1]} \* ${#block3[2]} \* ${#block3[3]}`;
38: tns4=`expr ${#block4[0]} \* ${#block4[1]} \* ${#block4[2]} \* ${#block4[3]}`;
39: tns5=`expr ${#block5[0]} \* ${#block5[1]} \* ${#block5[2]} \* ${#block5[3]}`;
40: tns6=`expr ${#block6[0]} \* ${#block6[1]} \* ${#block6[2]} \* ${#block6[3]}`;
41:
42: tns=`expr $tns1 \* $tns2 \* $tns3 \* $tns4 \* $tns5 \* $tns6`;
43: echo "Total number of possible serials: $tns";
44:
45: function createblock(){
46: block=("$@");
47: for ((b0=0;b0<${#block[0]};b0++))
48: do
49: for ((b1=0;b1<${#block[1]};b1++))
50: do
51: for ((b2=0;b2<${#block[2]};b2++))
52: do
53: for ((b3=0;b3<${#block[3]};b3++))
54: do
55: bl=${block[0]:b0:1}${block[1]:b1:1}${block[2]:b2:1}${block[3]:b3:1};
56: echo $bl;
57: done
58: done
59: done
60: done
61: }
62:
63: function checksearial(){
64: key=${serialblock1[b0]}-${serialblock2[b1]}-${serialblock3[b2]}-${serialblock4[b3]}-${serialblock5[b4]}-${serialblock6[b5]};
65: request="feld1="${serialblock1[b0]}"&feld2="${serialblock2[b1]}"&feld3="${serialblock3[b2]}"&feld4="${serialblock4[b3]}"&feld5="${serialblock5[b4]}"&feld6="${serialblock6[b5]}"&sub=send";
66: result=$(wget --post-data="$request" -qO- /dev/null http://thevamp.back2hack.cc/challs/borderlands/index.php);
67: if [[ "$result" != *falsch* ]]
68: then
69: echo -e "\n[+] FOUND CORRECT SERIAL ";
70: echo -e $key "\n";
71: exit;
72: else
73: echo "[*] Testing [$counter|$tns] $key";
74: ((counter++));
75: fi
76: }
77:
78: # Generate all possible serialblocks
79: serialblock1+=(`createblock "${block1[@]}"`);
80: serialblock2+=(`createblock "${block2[@]}"`);
81: serialblock3+=(`createblock "${block3[@]}"`);
82: serialblock4+=(`createblock "${block4[@]}"`);
83: serialblock5+=(`createblock "${block5[@]}"`);
84: serialblock6+=(`createblock "${block6[@]}"`);
85:
86: # Generate all possible serials
87: counter=1;
88: for ((b0=0;b0<${#serialblock1[@]};b0++))
89: do
90: for ((b1=0;b1<${#serialblock2[@]};b1++))
91: do
92: for ((b2=0;b2<${#serialblock3[@]};b2++))
93: do
94: for ((b3=0;b3<${#serialblock4[@]};b3++))
95: do
96: for ((b4=0;b4<${#serialblock5[@]};b4++))
97: do
98: for ((b5=0;b5<${#serialblock6[@]};b5++))
99: do
100: checksearial;
101: done
102: done
103: done
104: done
105: done
106: done
107:
Line 4-27
6 Arrays, one for each block of the serial and every index got a value of a possible character which i guessed from the picture.
Line 36-40
Calculating all possible serials with the given input.
Example: _ _ _
1 2 3
Position 1: O,C,Q 3
Position 2: A 1
Position 3: I,T 2
All possible values are...
OAI,OAT,CAI,CAT,QAI,QAT Total of 3*1*2 = 6 possible values
Line 85-87 & 45-61 (createblock)
Creates for every block an array of possible values like the OAI, OAT,CA.... above and stores it in serialblocki
Line 88-106
Does almost the same as createblock but with all seriablocks so a complete serial accrues and calls checkserial
Line 63-76 (checkserial)
wgets the serial to the url and checks if the response has the string "falsch" (wrong) in it. If not so, you found the correct key
I'm sure there is space for optimization in this code but hey it works!
Let me know if you have an better nicer idea to solve that chall.
Thx @TheHaloVamp 4challWozPhun
Useful resources...
http://www.thegeekstuff.com/2010/06/bash-array-tutorial/
http://www.thegeekstuff.com/2010/07/bash-string-manipulation/
http://www.thegeekstuff.com/2011/07/bash-for-loop-examples/
http://www.linuxjournal.com/content/return-values-bash-functions
http://samindaw.wordpress.com/tag/bash-function-pass-array-parameters/
http://stackoverflow.com/questions/1063347/passing-arrays-as-parameters-in-bash
http://wiki.bash-hackers.org/doku.php
http://mywiki.wooledge.org/BashGuide
can you send me the file? i dont know how to save it (*.???) my e-mail is Astorphobis@seznam.cz . Thanks!
ReplyDeleter u a spamb0t ?
Deletei am not, please send me the file. I am loser and i dont know how to run it. I have got Windows 8 Enterprise x64 is it working on it?
Deleteok sorry, im never sure if it's a bot or not :D... the script above is a linux shell script so it wont work on windoze out of the box.
Delete:/ that´s bad :/ can you write something like this in batch? (if you have got skype, add me. my skypename is "molissspetr". thanks.
ReplyDelete