Programming Riddle/Challenge (Timestamp/HMAC)

  • Thread starter Thread starter jegues
  • Start date Start date
  • Tags Tags
    Programming
Click For Summary

Discussion Overview

The discussion revolves around a programming challenge involving the Fibonacci sequence, HMAC (Hash-based Message Authentication Code), and timestamp manipulation. Participants are exploring methods to generate a valid HMAC to bypass a challenge prompt that requires quick responses.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested

Main Points Raised

  • One participant describes a challenge where they must answer a Fibonacci sequence question quickly but are unable to do so, suggesting a potential issue with the HMAC validation.
  • Another participant proposes calculating a new HMAC hash using the modified timestamp and number as inputs, speculating that it might be HMAC-SHA512.
  • A subsequent post reiterates the suggestion to calculate a new HMAC hash and asks for guidance on how to do so.
  • One participant references a Wikipedia article that contains implementations and descriptions of HMAC, indicating a lack of personal experience with HMACs.
  • A later post provides a Python code snippet for generating an HMAC with SHA-512, but notes uncertainty about the specific parameters used in the challenge's HMAC.

Areas of Agreement / Disagreement

Participants generally agree on the need to calculate a new HMAC but do not reach a consensus on the exact method or parameters to use, leaving the discussion unresolved.

Contextual Notes

There are limitations regarding the assumptions about the HMAC parameters and the specific implementation details that may affect the ability to generate a valid HMAC.

jegues
Messages
1,085
Reaction score
3
I'm doing an online "hacking" challenge and I'm trying to get to the next level.

On the current level, we're given the Caption "Think fast", asked the following question,

"What is element x in the Fibonacci sequence, where element zero is 0?"

Where x is randomly generated.

When I compute the answer and submit it, it prompts me with another itteration of the question above (with a different value for x) and it says "Didn't answer fast enough". I've tried submitting answers as fast as I can with no avail, so there must be another way.

If we view the source code of the page, we see the following:
(I'm only going to post the portion I think is interesting/relevant)

Code: 
<form action="herecomes9.php" method="get">
  <input type="text" name="answer" />
  <input type="hidden" name="timestamp" value="1311528704" />
  <input type="hidden" name="number" value="274" />
  <input type="hidden" name="hmac" value="6d423e4405ceb79022662fbf5d1d2885c51b6ada2ad5e99500a3fbc4d0170b4fd9c7fd22af9a7e542617a5924586ca7e41860e17289120d1a899f1bcac007df3" />
  <input type="submit" value="Answer" />
</form>

So my next idea was to edit the timestamp by changing the information contained in the url, like so

(Just an example to explain my doing, may not match answer, timestamp, hmac listed above in code)

http ://www.skullspace.net/2011/08-batman/herecomes9.php?answer=1&timestamp=1&number=1&hmac=e41bd1f9093a67b70ce9316b19abc1862ec35c5c0f746444d8018286bf19d9adb05a652c46b5de53b2d4fd6bfb2c1f848c8dc92a54e84d042953d6b48b30b0f9

If I submit that into my browser, we are given the caption, "Don't try to be clever, the HMAC has to match the parameters you were given."

This is where I'm stuck.

Does anyone have any ideas or hints as to how I can proceed to the next level? Can I somehow make the HMAC match? Is there another way entirely?

Thanks for the ideas/input/help!
 
Technology news on Phys.org
Not particularly my area of expertise, but if you haven't already maybe try and calculate a new HMAC hash using your new timestamp and the number as the key? Based on the length maybe it's HMAC-SHA512?
 
jhae2.718 said:
Not particularly my area of expertise, but if you haven't already maybe try and calculate a new HMAC hash using your new timestamp and the number as the key? Based on the length maybe it's HMAC-SHA512?

How do I go about calculating the new HMAC hash, using the timestamp and number?
 
Last edited:
The Wikipedia article has links to some implementations, as well as descriptions: http://en.wikipedia.org/wiki/HMAC

I've never personally played around with HMACs before.
 
This should do an HMAC with SHA-512 in Python:
Code: 
[B]import[/B] hashlib
[B]import[/B] hmac

key = 'the string that is your key'
msg = 'the string that is your message'

[B]print[/B](hmac.new(key, msg, hashlib.sha512).hexdigest())

I'm not sure what they're suing as the parameters for their HMAC. You'll want to play around with the answer, timestamp, and number.
 

Similar threads

Why do emails from my contact form bounce?
  • · Replies 10 ·
Replies
10
Views
4K
Finding the "Runner Up" (Second Highest Value)
  • · Replies 29 ·
Replies
29
Views
4K
Help in my program using Classes
  • · Replies 75 ·
3
Replies
75
Views
7K
Where is my logic wrong in this dynamic programming problem?
  • · Replies 2 ·
Replies
2
Views
2K
Is There a Flaw in this Turing Test Reasoning?
  • · Replies 9 ·
Replies
9
Views
2K
PHP Using PHP and cURL to submit POST requests to a website
  • · Replies 7 ·
Replies
7
Views
6K
How can I efficiently vary and run a program with multiple input parameters?
  • · Replies 9 ·
Replies
9
Views
3K
PHP Preventing SQL Injection in PHP Forms
  • · Replies 4 ·
Replies
4
Views
7K
Comp Sci Validating Braces Placement for Expression Evaluation
  • · Replies 10 ·
Replies
10
Views
2K
Graduate How Many Hidden Variables Would It Take to Model Photon Polarization?
  • · Replies 45 ·
2
Replies
45
Views
7K