Programming Riddle/Challenge (Timestamp/HMAC)

  • Thread starter jegues
  • Start date
  • #1
1,097
2

Main Question or Discussion Point

I'm doing an online "hacking" challenge and I'm trying to get to the next level.

On the current level, we're given the Caption "Think fast", asked the following question,

"What is element x in the Fibonacci sequence, where element zero is 0?"

Where x is randomly generated.

When I compute the answer and submit it, it prompts me with another itteration of the question above (with a different value for x) and it says "Didn't answer fast enough". I've tried submitting answers as fast as I can with no avail, so there must be another way.

If we view the source code of the page, we see the following:
(I'm only going to post the portion I think is interesting/relevant)

Code:
<form action="herecomes9.php" method="get">
  <input type="text" name="answer" />
  <input type="hidden" name="timestamp" value="1311528704" />
  <input type="hidden" name="number" value="274" />
  <input type="hidden" name="hmac" value="6d423e4405ceb79022662fbf5d1d2885c51b6ada2ad5e99500a3fbc4d0170b4fd9c7fd22af9a7e542617a5924586ca7e41860e17289120d1a899f1bcac007df3" />
  <input type="submit" value="Answer" />
</form>
So my next idea was to edit the timestamp by changing the information contained in the url, like so

(Just an example to explain my doing, may not match answer, timestamp, hmac listed above in code)

http ://www.skullspace.net/2011/08-batman/herecomes9.php?answer=1&timestamp=1&number=1&hmac=e41bd1f9093a67b70ce9316b19abc1862ec35c5c0f746444d8018286bf19d9adb05a652c46b5de53b2d4fd6bfb2c1f848c8dc92a54e84d042953d6b48b30b0f9

If I submit that into my browser, we are given the caption, "Don't try to be clever, the HMAC has to match the parameters you were given."

This is where I'm stuck.

Does anyone have any ideas or hints as to how I can proceed to the next level? Can I somehow make the HMAC match? Is there another way entirely?

Thanks for the ideas/input/help!
 

Answers and Replies

  • #2
jhae2.718
Gold Member
1,161
20
Not particularly my area of expertise, but if you haven't already maybe try and calculate a new HMAC hash using your new timestamp and the number as the key? Based on the length maybe it's HMAC-SHA512?
 
  • #3
1,097
2
Not particularly my area of expertise, but if you haven't already maybe try and calculate a new HMAC hash using your new timestamp and the number as the key? Based on the length maybe it's HMAC-SHA512?
How do I go about calculating the new HMAC hash, using the timestamp and number?
 
Last edited:
  • #4
jhae2.718
Gold Member
1,161
20
The Wikipedia article has links to some implementations, as well as descriptions: http://en.wikipedia.org/wiki/HMAC

I've never personally played around with HMACs before.
 
  • #5
jhae2.718
Gold Member
1,161
20
This should do an HMAC with SHA-512 in Python:
Code:
[B][COLOR="DarkOrange"]import[/COLOR][/B] hashlib
[B][COLOR="DarkOrange"]import[/COLOR][/B] hmac

key = [COLOR="SeaGreen"]'the string that is your key'[/COLOR]
msg = [COLOR="SeaGreen"]'the string that is your message'[/COLOR]

[B][COLOR="DarkOrange"]print[/COLOR][/B](hmac.new(key, msg, hashlib.sha512).hexdigest())
I'm not sure what they're suing as the parameters for their HMAC. You'll want to play around with the answer, timestamp, and number.
 

Related Threads on Programming Riddle/Challenge (Timestamp/HMAC)

  • Last Post
Replies
22
Views
4K
  • Last Post
Replies
6
Views
2K
Replies
15
Views
1K
Replies
12
Views
8K
Replies
31
Views
3K
  • Last Post
Replies
7
Views
449
  • Last Post
Replies
3
Views
3K
  • Last Post
Replies
2
Views
2K
  • Last Post
2
Replies
25
Views
3K
Replies
3
Views
1K
Top