1) Get CRC32 value in 7zip
2) Since giveaway links are 5 characters, In a textfile, generate 5 random characters where char1-4 = random, 5th char is all the characters possible in SG giveaway link (a-z, A-Z, 0-9)
3) Used this tool >> https://www.nayuki.io/page/forcing-a-files-crc-to-any-value to force all those txt files with the CRC32 value
4) Check all txt files if there are valid giveaway links
5) "r" contain a valid giveaway link and I got this.
Finally!
After reading lots of stuff about zip encryption (12 random bytes salt, then data, plain text attack etc, trying to code the actual zip encryption - failed 2 times) I thought about crc32 of the message and heck! - it's a lot more easier than I thought, heh :) 262 million codes checked (about 260 seconds).
Hey! Yeah, I tried to get this in python as well, but for some reason pwntools (crc.crc_32 + mbruteforce) turned out to be unacceptably slow for this (on a pretty fast machine) and I didn't have much time to test different approaches, so I didn't really try to check it with just the stdlib tools. I guess there're some deficiencies there.
itertools.product to generate the codes? Did you put the uppercase first? Because I used itertools.product("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",repeat=5) and had to go through more than 700 codes before finding the right one...
I think i used just 5 "for" cycles (a+b+c+d+e) - yeah, I know - not fancy :(.
The thing is I tried to run it once and something hiccuped. Then I changed the code to make codes in different order (e+d+c+b+a) and it hit after 262 mln codes.
Just did another try putting the lowercase last ("ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz") and it found the code after ~310 mln codes, so your solution is still better, even if by a few seconds
Nice red herrings :D
Did it in java. Somewhat similar to Award's code but without parallelization.
But I was somewhat confused for a little while after getting the code. I wasn't aware that you need a slash at the end of the code on SGv2. Shows how long I've been away :D
Nice to some familiar faces here :)
Thanks for fun puzzle and giveaway, as always!
parallelization for the win! gotta make all those cores sweat. It's so much easier nowadays to code like that, too, at least with C# or Microsoft Visual C++ with Parallel Patterns Library / Concurrency runtime.
My code: as usual unoptimized, but it works. It took me a while because "hex" cut the leading zero, so I kept searcing for 0x01a72207 while the correct output was 0x1a72207.
gotem, thanks!
I did a different method though.
1) Get CRC32 value in 7zip
2) Since giveaway links are 5 characters, In a textfile, generate 5 random characters where char1-4 = random, 5th char is all the characters possible in SG giveaway link (a-z, A-Z, 0-9)
3) Used this tool >> https://www.nayuki.io/page/forcing-a-files-crc-to-any-value to force all those txt files with the CRC32 value
4) Check all txt files if there are valid giveaway links
5) "r" contain a valid giveaway link and I got this.
Solution step by step: https://www.youtube.com/watch?v=5YYrENl36WE
Comment has been collapsed.
Congratulations! Good thinking
Comment has been collapsed.
aaawww you be around still too, 'ello! waves
Comment has been collapsed.
Finally!
After reading lots of stuff about zip encryption (12 random bytes salt, then data, plain text attack etc, trying to code the actual zip encryption - failed 2 times) I thought about crc32 of the message and heck! - it's a lot more easier than I thought, heh :) 262 million codes checked (about 260 seconds).
As usual used python (zlib.crc32)
Comment has been collapsed.
Hey! Yeah, I tried to get this in python as well, but for some reason pwntools (crc.crc_32 + mbruteforce) turned out to be unacceptably slow for this (on a pretty fast machine) and I didn't have much time to test different approaches, so I didn't really try to check it with just the stdlib tools. I guess there're some deficiencies there.
Comment has been collapsed.
zlib was really fast for me - about 1 mln crc per second/1.5 second.
Comment has been collapsed.
Very good, I was a tad concerned that people would not be able to do it within decent time with python
Comment has been collapsed.
ellllllo chour, been long time since I've popped in around here
you stay strong still, I see, nice
Comment has been collapsed.
The evil puzzle makers don't let me relax.
Comment has been collapsed.
itertools.product to generate the codes? Did you put the uppercase first? Because I used itertools.product("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",repeat=5) and had to go through more than 700 codes before finding the right one...
Comment has been collapsed.
I think i used just 5 "for" cycles (a+b+c+d+e) - yeah, I know - not fancy :(.
The thing is I tried to run it once and something hiccuped. Then I changed the code to make codes in different order (e+d+c+b+a) and it hit after 262 mln codes.
Comment has been collapsed.
Just did another try putting the lowercase last ("ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz") and it found the code after ~310 mln codes, so your solution is still better, even if by a few seconds
Comment has been collapsed.
:)
Comment has been collapsed.
The solution just came to me randomly. Wasn't even specifically thinking about it. Whipped my own code in C# http://pastebin.com/Zxk9vECM
you lied bruteforcing was required :D
Exists in mah account, thank you for the generosity either way and maybe even more so for luring me here teeeheeeeeeeeeeeeehee
Comment has been collapsed.
Still in the game eh :D
Comment has been collapsed.
Nice red herrings :D
Did it in java. Somewhat similar to Award's code but without parallelization.
But I was somewhat confused for a little while after getting the code. I wasn't aware that you need a slash at the end of the code on SGv2. Shows how long I've been away :D
Nice to some familiar faces here :)
Thanks for fun puzzle and giveaway, as always!
Comment has been collapsed.
parallelization for the win! gotta make all those cores sweat. It's so much easier nowadays to code like that, too, at least with C# or Microsoft Visual C++ with Parallel Patterns Library / Concurrency runtime.
Comment has been collapsed.
Welcome! Dat slash, yeah :\
Comment has been collapsed.
Wooo! CRC-32 FTW!
Glad to see some familiar faces around :P
My code: as usual unoptimized, but it works. It took me a while because "hex" cut the leading zero, so I kept searcing for 0x01a72207 while the correct output was 0x1a72207.
A least I made it in time!
Comment has been collapsed.
Hi! Congratulations :)
Comment has been collapsed.
You guys are awesome.
Comment has been collapsed.