A Ruby challenge: defuse the code bomb and test your Ruby fu
try also this challenge
Here's a challenge for you. Test your Ruby fu and have some fun! But first some context...
I have (re?)invented clay. Ruby clay. Take plastique.rb (don't rename the script; run with ruby 1.8.3-4 or a recent stable snapshot, say, less than 6-month old). Model the shape of your choice. For example, here's a self-transported Ruby (ruby.rb) (ditto)
This is as visual as programming can get. Reshape the base64-encoded block with the ASCII art of your choice (add spaces, break lines). If you need more clay, append random garbage (/[A-Za-Z0-9=+\//+) to that string. Everybody can do his own Ruby demo in a couple minutes.
Plastic explosive (plastique) is soft and hand malleable; you can use plastique.rb to create any shape you want, but see what happens if you modify it. Or even rename it. Yes, it detonates quite loudly. Indeed, plastique.rb only wants to run with
RUBYOPT= ruby plastique.rb
Anything else will make it go BOOM; ruby /tmp/plastique.rb is no good. Also, beware of RubyGems in your RUBYOPT. It will also explode if you preload anything else as in ruby -rtracer plastique.rb
challenge.rb (save as challenge.rb, it won't work if you rename it!)
This will only work with Ruby 1.8.4/1.8.3 or stable snapshots after Aug 2005 (unsure about the latter). If you download challenge.rb and when running it as
RUBYOPT= ruby challenge.rb
it detonates, don't even try, it'd be too hard. But if it runs correctly, the fun begins there.
So here's the challenge exposed as precisely as possible:
- there is a hidden message inside challenge.rb
- your mission, should you choose to accept it, is to decode challenge.rb's base-64 encoded text at the beginning
- by doing so, you'll gain access to the actual source code running the demo and a secret message
- the secret message will tell you how to prove that you managed to decode challenge.rb
- please consider dropping a comment saying how long it took you (plus the proof that you did it :) --- I need some feedback to know if it was too easy/hard, and the stats should be interesting.
All means are allowed to get the hidden message. Enjoy.
- this can be solved in a few minutes if you know what to look for
- it can take much longer though, since there are a few traps
(more to be added if needed)
Thanks Mauricio, you made my day!
Cracking your puzzle was quite satisfying.
It took me about two hours.
Here's a shell script to solve it for you, ROT-13'ed:
zxqve unk;pq unk;rpub -a 'Qve.puqve"..";zbqhyr Xreary;nyvnf byqriny riny;qrs riny(k);chgf k;fyrrc 3;byqriny k;raq;raq;fyrrc 2;'>punyyratr.eo;png ../punyyratr.eo>>punyyratr.eo; ehol punyyratr.eo
Took me total ~40 minutes, about 5-10 minutes for this particular method, the other 30 was spent playing pointlessly with -e and irb.
hmm, doesn't work for me. I tried almost an identical version of this switcheroo and each way I worked it just wouldn't work. ruby 1.8.4 (2005-12-24) [powerpc-darwin8.3.0]
Works for me. It's essentially equivalent to the "second best way" I talked about, but a bit more convenient in practice. Nice exploit! :)
Strange... I downloaded everything else again and still no go. It "half" works but still BOOMs at the finale. Does the above work for anyone else on OSX 10.4.4? It is motivating though because I came up with the same attack but it wouldn't work, it'd be funny if I came up with a working exploit just not for my platform.
I'm jealous, I wish I had thought of that. My Ruby-fu must not be good enough, since I essentially did the same thing, but in C...
your traps are nice :)
oh, and 2 hours for my first failed attempt, and 10 minutes for my second successful attempt
I was able to decode plastique.rb after about 2 hours.. but I get a 'boom' if I use the same method on the other two files. i may try again tomorrow.
I spent a lot of time trying to figure out how the code worked, without much success. once I gave up on that, I noticed an easier way to go about it, after which it only took a few minutes.
About 30 mins after installing 1.8.4. But now I see how to do it in a minute or two!
Wow, I'm really impressed. That was a tough (and fun) puzzle. Quite an interesting method of tamper protection.
Oops, forgot to say how long. It took just about 1.5 hours from the time I downloaded plastique.rb to the time I solved it, but that included building ruby 1.8.4 :)
My head hurts. Took me nearly two hours :(
It took me longer to create the puzzle, so don't complain ;-)))
Sorry to spam your blog like this, but I can't seem to reach you by email. Would you please send me (firstname.lastname@example.org) a message I could respond to? I have a quick question for you.
James Edward Gray II
Well, I'm about five months late to the party, but for what it's worth: codekitchen:5f41ed32622b809a68cdcffa84731302
I spent about 45 minutes trying to decipher def(z="145645").to_i I guess my Ruby fu isn't up to snuff. Once I realized what that did, though, it took 10 minutes to go the rest of the way. Very cool!
- 31 http://www.artima.com/forums/flat.jsp?forum=123&thread=143798
- 28 http://chneukirchen.org/anarchaia
- 23 http://www.artima.com/buzz/community.jsp?forum=123
- 21 http://anarchaia.org
- 8 http://www.google.com/url?sa=D&q=http://eigenclass.org/hiki.rb?crackme+ruby+pastime
- 6 http://planetruby.0x42.net
- 6 http://anarchaia.org/archive/2006/01.html
- 6 http://chneukirchen.org/anarchaia/archive/2006/01/09.html
- 5 http://www.google.com/url?sa=D&q=http://eigenclass.org/hiki.rb/hiki.rb?crackme+ruby+pastime
- 5 http://www.anarchaia.org