Flare On Challenge 1 - Fidler
Welcome to the Seventh Flare-On Challenge!
This is a simple game. Win it by any means necessary and the victory screen will reveal the flag. Enter the flag here on this site to score and move on to the next level. This challenge is written in Python and is distributed as a runnable EXE and matching source code for your convenience. You can run the source code directly on any Python platform with PyGame if you would prefer.
First challenge contains python file and compiled Windows Executable.
When we try to run python file, greets us with Prompt Window.
Once you try to ignore this prompt you will be greeted with FBI.
On Linux / Unix, please install “pygame” using pip3 install pygame.
During source code analysis, we saw a function “password_check” which compares each character of ‘hiptu’ subtracted by 1, to find the real password.
After executing the function we were able to retrieve the password.
Inserting the given password we greeted with Game window.
Clicking the coins, count of click will increase the number from 0 to 1 and so on. At least 10 Coins needed to Click “Buy” button.
There’s a function , [decode_flag(frob)] in the code.
decode_flag is called in victory_screen and it gets an argument called token, which is the parameter of the victory_screen function. We have to go a step back and see how victory_screen is invoked.
The target_amount is set to 2^36 , to get the return value of victory_screen , current_coin should be more than target_amount minus 2^20, it will get subtract current_coins from 2^20.
While executing , we got token value = 1030 .
Inserting Token in decode_flag, we will get our flag.
