eigenclass logo
MAIN  Index  Search  Changes  PageRank  Login

A Ruby challenge: defuse the code bomb and test your Ruby fu

update.png try also this challenge

Here's a challenge for you. Test your Ruby fu and have some fun! But first some context...

I have (re?)invented clay. Ruby clay. Take plastique.rb (don't rename the script; run with ruby 1.8.3-4 or a recent stable snapshot, say, less than 6-month old). Model the shape of your choice. For example, here's a self-transported Ruby (ruby.rb) (ditto) /ruby.png

This is as visual as programming can get. Reshape the base64-encoded block with the ASCII art of your choice (add spaces, break lines). If you need more clay, append random garbage (/[A-Za-Z0-9=+\//+) to that string. Everybody can do his own Ruby demo in a couple minutes.

The challenge

Plastic explosive (plastique) is soft and hand malleable; you can use plastique.rb to create any shape you want, but see what happens if you modify it. Or even rename it. Yes, it detonates quite loudly. Indeed, plastique.rb only wants to run with

RUBYOPT= ruby plastique.rb

Anything else will make it go BOOM; ruby /tmp/plastique.rb is no good. Also, beware of RubyGems in your RUBYOPT. It will also explode if you preload anything else as in ruby -rtracer plastique.rb

Here's the challenge:

challenge.png challenge.rb (save as challenge.rb, it won't work if you rename it!)

This will only work with Ruby 1.8.4/1.8.3 or stable snapshots after Aug 2005 (unsure about the latter). If you download challenge.rb and when running it as

 RUBYOPT= ruby challenge.rb

it detonates, don't even try, it'd be too hard. But if it runs correctly, the fun begins there.

So here's the challenge exposed as precisely as possible:

  • there is a hidden message inside challenge.rb
  • your mission, should you choose to accept it, is to decode challenge.rb's base-64 encoded text at the beginning
  • by doing so, you'll gain access to the actual source code running the demo and a secret message
  • the secret message will tell you how to prove that you managed to decode challenge.rb
  • please consider dropping a comment saying how long it took you (plus the proof that you did it :) --- I need some feedback to know if it was too easy/hard, and the stats should be interesting.

All means are allowed to get the hidden message. Enjoy.

Hints


  • this can be solved in a few minutes if you know what to look for
  • it can take much longer though, since there are a few traps

(more to be added if needed)


Great challenge! - olivier (2006-08-29 (Tue) 15:22:15)

Thanks Mauricio, you made my day!

Cracking your puzzle was quite satisfying.

olivier:790a79f59da16228a2be9ef17b98a4f0

Solved - llasram (2006-01-18 (Wed) 00:51:00)

It took me about two hours.

llasram:c214b66b0f2fcc65e0f98bdc63cb2e7d

Spoilers - Jaen (2006-01-12 (Thr) 19:53:05)

Here's a shell script to solve it for you, ROT-13'ed:

zxqve unk;pq unk;rpub -a 'Qve.puqve"..";zbqhyr Xreary;nyvnf byqriny riny;qrs riny(k);chgf k;fyrrc 3;byqriny k;raq;raq;fyrrc 2;'>punyyratr.eo;png ../punyyratr.eo>>punyyratr.eo; ehol punyyratr.eo

Took me total ~40 minutes, about 5-10 minutes for this particular method, the other 30 was spent playing pointlessly with -e and irb.

Jaen:720752019352bf5d79ffca2c163d6dce

fansipans 2006-01-13 (Fri) 07:12:19

hmm, doesn't work for me. I tried almost an identical version of this switcheroo and each way I worked it just wouldn't work. ruby 1.8.4 (2005-12-24) [powerpc-darwin8.3.0]

mfp 2006-01-14 (Sat) 09:01:03

Works for me. It's essentially equivalent to the "second best way" I talked about, but a bit more convenient in practice. Nice exploit! :)

fansipans 2006-01-14 (Sat) 09:31:45

Strange... I downloaded everything else again and still no go. It "half" works but still BOOMs at the finale. Does the above work for anyone else on OSX 10.4.4? It is motivating though because I came up with the same attack but it wouldn't work, it'd be funny if I came up with a working exploit just not for my platform.

Tap 2006-01-19 (Thr) 19:29:04

I'm jealous, I wish I had thought of that. My Ruby-fu must not be good enough, since I essentially did the same thing, but in C...

WOOHOO - fansipans (2006-01-11 (Wed) 08:57:24)

your traps are nice :)

fansipans:12cf622a9e1e77eb965c73d3a8f24ce6

fansipans 2006-01-11 (Wed) 08:58:11

oh, and 2 hours for my first failed attempt, and 10 minutes for my second successful attempt

i got one, but not the others - mcodik (2006-01-10 (Tue) 18:16:20)

I was able to decode plastique.rb after about 2 hours.. but I get a 'boom' if I use the same method on the other two files. i may try again tomorrow.

I spent a lot of time trying to figure out how the code worked, without much success. once I gave up on that, I noticed an easier way to go about it, after which it only took a few minutes.

mcodik:a0302f586414b9bc6e55047fca09d7d0

No Title - jzp (2006-01-10 (Tue) 05:27:15)

About 30 mins after installing 1.8.4. But now I see how to do it in a minute or two!

jzp:97ddb79e348587a8c42ca3f81093416e

Ding! - Kevin (2006-01-09 (Mon) 21:10:05)

Wow, I'm really impressed. That was a tough (and fun) puzzle. Quite an interesting method of tamper protection.

Kevin Ballard:a55eb89b03f7a5cd5629ae26790ddbd6

Kevin 2006-01-09 (Mon) 21:19:50

Oops, forgot to say how long. It took just about 1.5 hours from the time I downloaded plastique.rb to the time I solved it, but that included building ruby 1.8.4 :)

Solved it! - aniero (2006-01-09 (Mon) 19:33:45)

My head hurts. Took me nearly two hours :(

aniero:205e30767dcd9f9a90d2db74ae9fac11

mfp 2006-01-10 (Tue) 04:46:48

It took me longer to create the puzzle, so don't complain ;-)))

[OT] Please Email Me - JEG2 (2006-01-09 (Mon) 18:38:06)

Sorry to spam your blog like this, but I can't seem to reach you by email. Would you please send me (james@grayproductions.net) a message I could respond to? I have a quick question for you.

Thanks.

James Edward Gray II

No Title - chris2 (2006-01-09 (Mon) 13:27:45)

chris2:5e16c083b810d6960288d5b11c17803e

codekitchen 2006-06-30 (Fri) 11:41:59

Well, I'm about five months late to the party, but for what it's worth: codekitchen:5f41ed32622b809a68cdcffa84731302

I spent about 45 minutes trying to decipher def(z="145645").to_i I guess my Ruby fu isn't up to snuff. Once I realized what that did, though, it took 10 minutes to go the rest of the way. Very cool!

Last modified:2006/01/10 06:16:30
Keyword(s):[blog] [ruby] [challenge] [ascii] [demo] [zlib]
References:[1.8.4 upgrade frenzy to solve the plastic (explosive) Ruby puzzle?]