Cracking
APK - Anti-debug : don’t be tempted by the easy way!
when doing the challenge you may find a hashed password, so you may be tempted to search for it in online tools... don’t do it!
the hash is certainly online... but it has been put there by someone who already solved the challenge.
In the solutions I got spoiled with the true solution, and let’s say that there’s still some things to do, the challenge deserves it’s description.
so don’t join the dark side, search harder before "cheating"!
(PS: I don’t think I spoiled the challenge, I said there was a hash in a challenge submitted during "Hashdays"...)
APK - Anti-debug : don’t be tempted by the easy way!
TL,DR: there are other challenges with the same issue. I believe that it would be nice, if changes to those challenges could be done to ensure that the difficulty of solving the challenge does not change. There are challenges where such changes are not hard to do.
Similar thing applies to numerous other challenges (I have found challenges in Forensic and Cryptanalysis that are now easier to solve because someone submitted hash or prime factorization to internet databases). I have reported some challenges to root-me staff (IRC), expecting that the challenge would be changed (for example the Crypto challenge with the issue is not hard to change ). The staff-member response was like "well, the challenge has become little easier, so what". And for some point of view he’s right.
There are countless solutions to many root-me challenges on the internet, so it just depends on you what to do with this info. If you are solving the challenges with the intent to learn, than you will have to force yourself from visiting those pages (sometimes it is hard, I know).
But from the other point of view, sometimes you may not be even aware that the challenge had 1 more step to solve. The Forensics challenge I referred to before also had a hash that you would discover in the source code. When you submit the hash to the internet search engine, you will see the solution in 1-st result. When I saw the password it seemed a bit to complex to be in the data leaks (but nothing to crazy like $%&T_ggd64REegs). That’s why I found that there is more in the challenge to learn from it. But I could just as easily missed that and went all happy that I just solved a XX point challenge in few minutes.
So I believe that some challenges are worth changing to ensure that the player must follow the intended way of solving it. But that is upon the root-me staff to decide.
Salut,
NonStandardModel
New reply
New topic