PicoCTF2022 - Safe Opener
Description
Can you open this safe? I forgot the key to my safe but this program is supposed to help me with retrieving the lost key. Can you help me unlock my safe? Put the password you recover into the picoCTF flag format like: picoCTF{password}.
Information
Point Value: 100 points
Category: Reverse Engineering
Hints
(None)
Solution
After downloading the Java program, we try running it, and it prompts us for a password for the safe. We look
at the actual code for the program. We see on line 6 that the code uses a base64 encoding. Farther down on line
31, we see that if the unencoded key entered matches with the base64 encoding of
"cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz", then the safe will open. We simply run a base64 decoder on the encoded
key, either with the command echo cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz | base64 --decode in the
terminal or using an online base64 decoder such as CyberChef. This gives us the password
"pl3as3_l3t_m3_1nt0_th3_saf3", which we then put into the flag format. We quickly check our work in the terminal
and enter the password when prompted when running the Java program and the safe opens.