back to home

GLASSHEADS, pt. 1 Challenge #2 - Java

This challenge can be found when Eli spends the night analyzing source code.

The Setup

Take a look at this Java program. Can you analyze this piece of server code and find the flag?

We get Main.java, a piece of Java code.

The Verification

This piece of code reads a user input and checks:

1. that the string is 6 characters long
2. that each character c at index i satisfies (c + i * 3) ^ 7 == secret[i]

where secret is an array of six integers.

In Java, ^ is the XOR operation, which is reversible. This means we can "reverse" this check to: c = (secret[i] ^ 7) - i * 3. We compute this value for all six values of the secret to get our flag.