# Programming Riddle/Challenge (Timestamp/HMAC)

## Main Question or Discussion Point

I'm doing an online "hacking" challenge and I'm trying to get to the next level.

On the current level, we're given the Caption "Think fast", asked the following question,

"What is element x in the Fibonacci sequence, where element zero is 0?"

Where x is randomly generated.

When I compute the answer and submit it, it prompts me with another itteration of the question above (with a different value for x) and it says "Didn't answer fast enough". I've tried submitting answers as fast as I can with no avail, so there must be another way.

If we view the source code of the page, we see the following:
(I'm only going to post the portion I think is interesting/relevant)

Code:
<form action="herecomes9.php" method="get">
<input type="hidden" name="timestamp" value="1311528704" />
<input type="hidden" name="number" value="274" />
</form>
So my next idea was to edit the timestamp by changing the information contained in the url, like so

(Just an example to explain my doing, may not match answer, timestamp, hmac listed above in code)

If I submit that into my browser, we are given the caption, "Don't try to be clever, the HMAC has to match the parameters you were given."

This is where I'm stuck.

Does anyone have any ideas or hints as to how I can proceed to the next level? Can I somehow make the HMAC match? Is there another way entirely?

Thanks for the ideas/input/help!

Related Programming and Computer Science News on Phys.org
jhae2.718
Gold Member
Not particularly my area of expertise, but if you haven't already maybe try and calculate a new HMAC hash using your new timestamp and the number as the key? Based on the length maybe it's HMAC-SHA512?

Not particularly my area of expertise, but if you haven't already maybe try and calculate a new HMAC hash using your new timestamp and the number as the key? Based on the length maybe it's HMAC-SHA512?
How do I go about calculating the new HMAC hash, using the timestamp and number?

Last edited:
jhae2.718
Gold Member
The Wikipedia article has links to some implementations, as well as descriptions: http://en.wikipedia.org/wiki/HMAC

I've never personally played around with HMACs before.

jhae2.718
Gold Member
This should do an HMAC with SHA-512 in Python:
Code:
[B][COLOR="DarkOrange"]import[/COLOR][/B] hashlib
[B][COLOR="DarkOrange"]import[/COLOR][/B] hmac

key = [COLOR="SeaGreen"]'the string that is your key'[/COLOR]
msg = [COLOR="SeaGreen"]'the string that is your message'[/COLOR]

[B][COLOR="DarkOrange"]print[/COLOR][/B](hmac.new(key, msg, hashlib.sha512).hexdigest())
I'm not sure what they're suing as the parameters for their HMAC. You'll want to play around with the answer, timestamp, and number.