pshegger’s blog

Introduction Instant is a medium difficulty Linux machine on HackTheBox. To compromise the machine, we need to decompile an Android application, find credentials for a Swagger page, and discover an endpoint with a Local File Inclusion vulnerability. We can use this vulnerability to get the SSH private key for a user on the machine. Once we’re on the machine, we can discover a backup file for Solar PuTTY, which we can crack to recover the root password. ...

Coding Summoners Incantation It is a fairly simple task. The aim is to choose a number of tokens with the maximum possible sum. The twist is that we cannot use a token next to one that we’ve already chosen. To solve it, we can create a recursive search with the following constraints: if there are no tokens left, the max sum is 0 if there’s one token left, the max sum is the value of that token otherwise, we can check the first two tokens to decide which one we should use we take the 1st one and call the recursive function with the remaining ones (making sure to remove the 2nd token, since that’s the neighbor we cannot use) repeat previous step with the 2nd token; now we have to remove the 1st and 3rd tokens choose the one that has the higher sum def find_max_energy(tokens): if len(tokens) == 0: return 0 elif len(tokens) == 1: return tokens[0] e1 = tokens[0] + find_max_energy(tokens[2:]) e2 = tokens[1] + find_max_energy(tokens[3:]) return max(e1, e2) input_text = input() tokens = [int(t) for t in input_text[1:-1].split(',')] print(find_max_energy(tokens)) Dragon Fury For this task, we get a 2d array that contains possible “damage values” for rounds, and a target we need to reach. Our aim is to select a single value for each round in a way that adds up to our target in the end. ...

IrisCTF has just ended, and since I was one of the participants, I decided to write a few thoughts about it, as well as write proper writeups for the challenges I managed to solve. As a start, let’s go through the challenges by categories, and in the end, I’ll add some personal thoughts. Cryptography Baby Charge For this challenge, we got access to the source code for a custom cipher. At startup, it generated a random key and nonce, and after that, there were two options for the user: ...

If you’re only here to try the game, you can do it on itch.io I cannot even remember when was the first time I heard about Ludum Dare, but it was at least 5 years ago. Even back then, I was fascinated by the idea of creating a game in such a short time, but even though I wanted to try it, I had no game development experience at that time, so it always remained just a dream. ...

Procedural generation is incredible. It is the key to writing games with endless content. Without it, Minecraft couldn’t have (nearly) infinite worlds with infinite terrain. Spelunky would only contain a few rooms, and we could learn the layout and enemy placement instead of learning the game mechanics. These are only a few examples, but there are a lot of games that use this mechanic for generating content. In this article, I’d like to show you my way of generating a random dungeon that can be later used in a game. ...

This year’s h@cktivitycon was held last Saturday, but even before it started, there was another event HackerOne had organized: this year’s CTF. It began on Thursday and ran for 48 hours. As I wasn’t following the events, it was already Friday when I realized it was running. I still had a bit more than a day to complete as many challenges as possible, so I decided to register and see how it goes. ...

The 2020 Advent of Code ended less than a week ago, and I thought the best way to cope with the void it left behind is writing a post about how I’ve seen it. This was my 5th year I jumped into it, but only the first one I actually did all the tasks. Just a small warning, this post contains some minor spoilers. This year my aim was to do all the tasks as fast as possible, so I didn’t use a new language. I started with Python, but after the second week, it became obvious that I don’t know it enough to be fast with it, as I had to look up things every day, which took some time. After that, I moved to Kotlin, which was a bit slower because of the compilation time, but my better knowledge of the language paid off. I also rewrote my existing solutions to Kotlin to have them all in one place. You can find it on GitHub, and as you can see, it has a few solutions for tasks from the previous years. I’m planning on going back and doing every task ever released, but that’ll take some time. ...

A few months ago, I stumbled upon a video that led me into a rabbit hole. It resulted in a simple application that overlays a sudoku’s solution into the camera image of the puzzle. This post is about the process of getting to the end result. It all started with the idea of writing a sudoku solver. The first version was ready relatively quickly, but there was one big problem: entering the starting position was slow and tedious. That’s when I realized that I could use the camera on my phone as the input device. I’ve never worked with image processing before, but it sounded like a good challenge, so I dived into it. ...

I’m sure for most of you it’s not a surprise, but I also think that there are people out there who either doesn’t know what it is or simply tends to forget about it. The aim of this article is to show these people what it is and why should they use it. So, what is RenderScript? RenderScript is an Android framework which can be used for running computationally heavy tasks at high performance. You will get the most benefit on using it for tasks which require a lot of computation that can be parallelized, as the framework will run your code on every available CPU and GPU cores. ...

This is the talk I gave at the November 2019 Kotlin Budapest meetup. You can find the slides here and the sample code at GitHub.