Natas Level 7 -> Level 8

Skills: PHP, Encoding/decoding data formats


Visiting source of the homepage, we see little PHP encodedSecret() function and a $encodedSecret value -

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) {
    return bin2hex(strrev(base64_encode($secret)));

All we need to need do is reverse engineer the function and find a plaintext password.

We focus on the return of the function where it performs some conversion.

return bin2hex(strrev(base64_encode($secret)));

First, the plaintext $secret is base64 encoded and then reversed using strrev function and then converted to hex.

We should perform exact opposite on the target value -

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

We can write one-liner reverse engineering script in PHP - We perform hex2bin() first, then strrev() and base64 decode.

php -r 'echo strrev(hex2bin("3d3d516343746d4d6d6c315669563362"));' | base64 -d

Output - oubWYf2kBq

Great!!! We decoded the exact plain text for the encoded/scrambled hex string.

Submitting "oubWYf2kBq" in the homepage, we should see password for next level -

Last updated