Open roaris opened 3 months ago
SafeOpener.java
import java.io.*;
import java.util.*;
public class SafeOpener {
public static void main(String args[]) throws IOException {
BufferedReader keyboard = new BufferedReader(new InputStreamReader(System.in));
Base64.Encoder encoder = Base64.getEncoder();
String encodedkey = "";
String key = "";
int i = 0;
boolean isOpen;
while (i < 3) {
System.out.print("Enter password for the safe: ");
key = keyboard.readLine();
encodedkey = encoder.encodeToString(key.getBytes());
System.out.println(encodedkey);
isOpen = openSafe(encodedkey);
if (!isOpen) {
System.out.println("You have " + (2 - i) + " attempt(s) left");
i++;
continue;
}
break;
}
}
public static boolean openSafe(String password) {
String encodedkey = "cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz";
if (password.equals(encodedkey)) {
System.out.println("Sesame open");
return true;
}
else {
System.out.println("Password is incorrect\n");
return false;
}
}
}
とりあえずコンパイルして実行してみる https://java.keicode.com/lang/how-to-compile-basic.php
javacがないので、Amazon Correttoをインストールする https://docs.aws.amazon.com/corretto/latest/corretto-21-ug/downloads-list.html
$ wget https://corretto.aws/downloads/latest/amazon-corretto-21-x64-linux-jdk.tar.gz
$ tar -zxvf amazon-corretto-21-x64-linux-jdk.tar.gz
amazon-corretto-21.0.2.14.1-linux-x64 という名前のディレクトリが作成され、amazon-corretto-21.0.2.14.1-linux-x64/binにjavacがある amazon-corretto-21.0.2.14.1-linux-x64/binをパスに追加する
コンパイルして実行する
$ javac SafeOpener.java
$ java SafeOpener
Error: LinkageError occurred while loading main class SafeOpener
java.lang.UnsupportedClassVersionError: SafeOpener has been compiled by a more recent version of the Java Runtime (class file version 65.0), this version of the Java Runtime only recognizes class file versions up to 61.0
javaとjavacのバージョンが違うというエラーらしい(参考)
javaは/usr/binにあるものが使われており、確かにjavacとバージョンが異なる
$ which java
/usr/bin/java
$ java --version
openjdk 17.0.10 2024-01-16
OpenJDK Runtime Environment (build 17.0.10+7-Debian-1)
OpenJDK 64-Bit Server VM (build 17.0.10+7-Debian-1, mixed mode, sharing)
$ which javac
/home/roaris/amazon-corretto-21.0.2.14.1-linux-x64/bin/javac
$ javac --version
javac 21.0.2
/usr/bin/javaを/usr/bin/java-disabledにして解決
$ mv /usr/bin/java /usr/bin/java-disabled
$ which java
/home/roaris/amazon-corretto-21.0.2.14.1-linux-x64/bin/java
$ java --version
openjdk 21.0.2 2024-01-16 LTS
OpenJDK Runtime Environment Corretto-21.0.2.14.1 (build 21.0.2+14-LTS)
OpenJDK 64-Bit Server VM Corretto-21.0.2.14.1 (build 21.0.2+14-LTS, mixed mode, sharing)
実行できた
$ java SafeOpener
Enter password for the safe: a
YQ==
Password is incorrect
You have 2 attempt(s) left
Enter password for the safe: b
Yg==
Password is incorrect
You have 1 attempt(s) left
Enter password for the safe: c
Yw==
Password is incorrect
You have 0 attempt(s) left
入力した文字列をbase64エンコードした結果がcGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz
に一致していると、Sesame open
と出るようになっている
cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz
をbase64デコードすると、フラグが得られる
$ echo -n "cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz" | base64 -d
pl3as3_l3t_m3_1nt0_th3_saf3
https://play.picoctf.org/practice/challenge/294