Codehead's Corner
Random ramblings on hacking, coding, fighting with infrastructure and general tech
Posted: 6 Feb 2022 by Codehead
6 minute read

Intro

Following on from breaking Wordle in my earlier post, I decided to use the data extracted from the app to try and work out the best starting words for the game.

I’ve seen a few articles about people’s chosen starter which is often based on vowel-heavy words. However, I have all the solutions and the valid words, so I can run some analysis and select a statistically accurate answer rather than guessing a word.

There is a lot of analysis, charts and statistical calculation below. The idea is to walk through the process so you understand why the words were selected. However, if you just want the results, scroll to the bottom of the page.

Facts and Figures

The solution list contains 2315 words. This means that Wordle has enough daily answers to run until Oct 21, 2027. The recent news that the game has been bought by the New York Times had people rushing to save a local copy of the game to play for free ‘forever’. Looks like we only have 5 years worth of games unless the answer list is extended.

The valid word list is much bigger at 10657 words. Some of the entries are pretty bizarre, so it wouldn’t be a good idea to use those as an extended solution list. However, if this was the answer list, the game could run until Aug 23, 2050. Only really an option if you’re happy with answers like: “aiyee”, “akkas”, “buhls”, “dzhos” and “thagi”.


Categories: Analysis Misc
Posted: 28 Jan 2022 by Codehead
3 minute read

Intro

The year is 2022 and EVERYONE is playing Wordle.

Wordle is a fun little word game that anyone can pick up and play. Six guesses to find a five letter word. It is surprisingly addictive.

However, after solving the daily puzzle I found I had to wait 24 hours for the next one. Like any self respecting hacker I wasn’t having that so I smashed F12 to have a dig around in the guts of the game.


Categories: Hacking Hacks
Posted: 19 Feb 2018 by Codehead
3 minute read

Problem

Easy and Peasy

nc 35.200.197.38 8003

Europe: nc 35.205.196.143 8003

Like many of the EvlzCTF challenges, this one was a little light on detail, but good fun to complete.


Categories: Hacking CTF
Posted: 23 Jan 2018 by Codehead
2 minute read

Challenge

Aalekh joined IIIT in 2014. Soon, he started selling T-shirts and hoodies. One day, Aalekh got a big order and trusted his childhood friend to handle the order. But his friend betrayed him and sold bad pieces. College students got angry and tried to beat Aalekh up. His good friend, Anshul, wanted to save him. To prevent Aalekh from going under loss, he has to sell 500 T-shirts on the market, the only condition being, customers have to be unique.

Can you help Anshul sell 500 T-shirts?

https://felicity.iiit.ac.in/contest/breakin/questions/uuid/

Flag Format: BREAKIN{[0-9A-Za-z_]+}


Categories: Hacking CTF
Posted: 9 Nov 2017 by Codehead
7 minute read

After completing the video lectures of the Security Tube Linux 64 bit Assembler Expert course (SLAE64), a series of assessments must be completed to gain certification. This is the forth assignment; create a custom encoder/decoder to disguise a shellcode payload.

Many security and threat monitoring tools rely on signature matching to identify bad code. A good way to avoid signature based detection is to obscure the content of a payload with encryption or encoding. The same payload can be repeatedly disguised with different obfuscation schemes. Creating a new encoding method is much simpler than building a new payload.

For the assignment, we will design a simple encoding scheme, create an encoding script to disguise our shellcode and write a decoder stub which we will deploy with the payload to rebuild the original code on the fly.


Categories: SLAE64 Assembler Shellcode
Posted: 8 Oct 2017 by Codehead
2 minute read

A pretty simple crypto challenge, but the technique is applicable to more complex problems.

Challenge

The smart home system has the function of remote monitoring of what is happening in the home and every few minutes sends pictures of the surveillance cameras to the owner of the house. You successfully intercepted the network traffic of this system, however, its creators took care of the security of their users data and encrypted the pictures. Decrypt the provided image and you will find the flag.

SECRET_ENCRYPTED.PNG


Categories: Hacking CTF
Posted: 20 Sep 2017 by Codehead
3 minute read

I was expecting a keygen or licence key cracking based on the title of this challenge, so revisiting some old protocols that I haven’t used in anger for ages was a nice surprise. The challenge blurb was pretty minimal:

Challenge

Serial

nc misc.chal.csaw.io 4239


Categories: Hacking CTF
Posted: 5 Sep 2016 by Codehead
2 minute read

I almost missed the Tokyo Westerns CTF. I stumbled across the event on the last day and wasn’t able to spend too long on it. I managed a few of challenges, mainly the PPC category. However, I wanted to write up the ‘Glance’ image manipulation challenge for future reference.

Challenge

I saw this through a gap of the door on a train.


Categories: Hacking CTF
Posted: 21 Aug 2016 by Codehead
12 minute read

The LabyREnth competition ran from 15th July to 14th Aug. I only managed to find time to do the first Windows challenge. It was a tricky one and I was only able to work at it in fits and starts, often with days or weeks between sessions. However, I learnt quite a few handy new things while working on it, so I’m writing this as a reference for myself and as an example of the dead-ends and rabbit holes of the analysis process for those who are interested.


Categories: Hacking CTF
Posted: 17 Apr 2016 by Codehead
2 minute read

Challenge:

Welcome to Vertinet.

This problem follows the same specifications as the previous Verticode problem, except that you have to solve many of them by developing a client to communicate with the server available at problems1.2016q1.sctf.io:50000. Good luck.


Categories: Hacking CTF
Site powered by Hugo.
Polymer theme by pdevty, tweaked by Codehead