Saturday, November 1, 2014

Natas 8

This one lets us see the PHP code again:

It looks like the POST parameter is encoded with the encodeSecret() function and then compared with the $encodedSecret string.

We can write our own PHP script to reverse these operations like this:


function decodeString($secret){
    return base64_decode(strrev(hex2bin($secret)));

echo decodeString("3d3d516343746d4d6d6c315669563362");


Running this locally will prints a string, and feeding this string in as the POST parameter solves the level!

No comments:

Post a Comment