vault-door-4 picoCTF 2019 Solution

Description

1. Step 1Read the Java source
   Open VaultDoor4.java and find the checkPassword method. It compares each character of the input to a hardcoded integer using charAt and a cast to int.
   bash

   cat VaultDoor4.java

   Copied!
   Learn more

   The vault stores the expected password as an array of ASCII decimal values (integers). Each character of your input is compared against these integers by casting the char to an int.

   ASCII is a 7-bit encoding where every printable character maps to a number between 32 and 126. For example, 'A' is 65, 'a' is 97, '0' is 48.

2. Step 2Convert ASCII values to characters
   Extract the integer array from the source code and convert each value to its ASCII character. Use Python to do this quickly.
   python

   python3 -c "vals = [/* paste integers here */]; print(''.join(chr(v) for v in vals))"

   Copied!
   Learn more

   Python's chr() function converts an integer to the corresponding Unicode (and ASCII) character. The reverse, ord(), converts a character to its integer code point.

   This is one of the simplest obfuscation techniques in reverse engineering: replacing string literals with their numeric equivalents. It defeats a plain strings search but is trivially reversible.

3. Step 3Submit the password
   Concatenate all the decoded characters in order to form the password string. Wrap it in picoCTF{...} to submit the flag.
   Learn more

   The flag format for vault-door challenges is picoCTF followed by the decoded password wrapped in braces. Make sure to preserve the exact character order from the array.

Alternate Solution

Flag

Convert each integer in the Java array to its ASCII character using chr(). Concatenate them to get the password.