星期五, 五月 08, 2009

NetEase Youdao Nanti PWND! [Spoiler]



06

NetEase

Youdao Nanti PW

ND! [Spoiler]

Hacks, dHTML15 Comments »

Saw an interesting puzzle

, blogging about it in English is not zhuangbility, but to avoid n00b finding solutions too easily via search engines.

  1. Sniff
  2. No packets transfered when click 'submit', so all answers must be downloaded somewhere to client
  3. Firebug analyze URL requests & responses
  4. Decompiled all .swf files, nothing found
  5. Found it's using PHP-RPC
  6. Tried phprpc-python but didn't work
  7. Worked out puzzle 2. answer is bomb
  8. Dumped all browser memory
  9. Search for keyword bomb
  10. Got all answers to 15 questions
  11. Copy, paste & submit all the right answers, but nothing happend, so just blogging about it http://initiative.yo2.cn/archives/639837
  12. ???
  13. Profit!

有道居然用PHPRPC把所有答案加密了。哼哼。任何加密都挡不住内存dump大法。

So, here's the answers:

以下是剧透,丧失游戏乐趣后果自负,没有自己动脑筋思考的同学请不要手贱,报名参加真正的TopCoder比赛吧:http://www.youdao.com/nanti/apply.php




< ?xml version="1.0" encoding="utf-8" ?>
< radius="220" a="320" b="170" skey="youdao">
< src="questions/q1oioqzvveoalz.fa.swf" answer="o" lowcase="true" visible="true">一样的人物
< src="questions/q80afzfdqrezxc0-rwq.f0.swf" answer="bomb" lowcase="true" visible="true">湖边的回忆
< src="questions/q4098azvhlaql.f-fq53.swf" answer="0441" visible="true">危险之地
< src="questions/q3zlllweafl342laozl.swf" answer="@($" visible="true" locked="true">火星文
< src="questions/q5zpaqa.eop2-f-qe4.swf" answer="也可能" visible="true" locked="true">博客中的线索
< src="questions/q6pkltix.04.-af.swf" answer="本机地址" visible="true" locked="true">IT码农的留言
< src="questions/q70a9fdalqrexc65o.vz.swf" answer="search engine" lowcase="true" visible="true" locked="true">曲径通幽
< src="questions/q909qalzxovaltazt-fq.fq.swf" answer="为" visible="true" locked="true">手机词典的帮助
< src="questions/q10090zvalzp-f.4.swf" answer="3624087915" visible="true" locked="true">古诗中的数字
< src="questions/q2098alzraz.5.ao.swf" answer="12355331" visible="true" locked="true">彩铃包月
< src="questions/q1109zgflqre0f-aw.w2.swf" answer="2月18日||二月十八日" visible="true" locked="true">和智玲的聊天
< src="questions/q120z0fda2r.z0f-a2.swf" answer="cctv" lowcase="true" visible="true" locked="true">黑客是怎样炼成的
< src="questions/q13-zf0w2rzlf0.f43.swf" answer="圆周率||祖冲之" visible="true" open="15" locked="true">Morse的登录
< src="questions/q1409falz-fa.2aof.swf" answer="0731-5310163" visible="true" locked="true">错误的号码
< src="questions/q160z-af.4er0zafwe.swf" answer="LOVE" visible="true" locked="true">数学之美
< src="questions/q170z.gzzf-32zflgpqert.swf" answer="ONLMK" lowcase="true" visible="false">残破的画卷
< /data>



Seems that there's even a hidden puzzle:http://www.youdao.com/nanti/mi/questions/q170z.gzzf-32zflgpqert.swf but I haven't figured out how to invoke it (yet) . Perhaps using some .swf hook :D

转载请注明出处 http://initiative.yo2.cn/archives/639837

张贴者 时间:
标签:

没有评论:

发表评论

订阅: 博文评论 (Atom)