lucasg.github.io blog about rss github

HACKVent 2014 - Day 10 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the tenth challenge, in which I debug SQL queries without knowing a thing about SQL.

How I Learned to Stop Worrying and Love SQL Part :


For the Day 10 Hackvent challenge, we were given the following instructions :

Riddle from hackvent.hacking-lab.com for Day 10

For this challenge, the authors didn’t even gave a damn about obfuscating the way to the solution. It’s in plain sight : use your sql-fu to get the answer. SQLfiddle.com is a great site to test and run your sql database and queries. It also has a script to converse text-based table into proper SQL schema :

Of course the sql query don't fucking run ...

We got a resulting code with 5 texts separated by dashes. But the submission code (the one encoded in qr xmas ball) has the following format : HV14-xxxx-xxxx-xxxx-xxxx-xxxx. We have to tweak the query in order to get the valid code.

In other words we have to transform the &1 into HV14. the query used to get the first part is the following :

 translate('&1','abcdefghijklmnopqrstuvwxyz','MEZ4VPG5NS6RYH7CT1QW2FO3AI')

It’s a simple substitution table, so you have to enter nerd in order to get HV14. We obtain the next code :

HV14-3212-7553-ED2D-1597-6897

However, it’s not a valid code, so let’s take another look at the whole query. The thing is, in SQl, the &1 char also mean it’s the first input argument of a progrem (kinda like $1 in bash or sys.argv[1] in python) so we have to replace every occurences of &1 with nerd. The resulting code is valid :

HV14-3212-7553-BCF8-1597-6897

That was easier than I anticipated.