<- REVERSE ENGINEERING

Safe Opener

1 minute to read

We are given a Java source file called SafeOpener.java:

import java.io.*;
import java.util.*;

public class SafeOpener {
    public static void main(String args[]) throws IOException {
        BufferedReader keyboard = new BufferedReader(new InputStreamReader(System.in));  
        Base64.Encoder encoder = Base64.getEncoder();
        String encodedkey = "";
        String key = "";
        int i = 0;
        boolean isOpen;

        while (i < 3) {
            System.out.print("Enter password for the safe: ");
            key = keyboard.readLine();

            encodedkey = encoder.encodeToString(key.getBytes());
            System.out.println(encodedkey);

            isOpen = openSafe(encodedkey);
            if (!isOpen) {
                System.out.println("You have  " + (2 - i) + " attempt(s) left");
                i++;
                continue;
            }
            break;
        }
    }

    public static boolean openSafe(String password) {
        String encodedkey = "cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz";

        if (password.equals(encodedkey)) {
            System.out.println("Sesame open");
            return true;
        }
        else {
            System.out.println("Password is incorrect\n");
            return false;
        }
    }
}

Here we find a suspicious string:

String encodedkey = "cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz";

It seems to be encoded in Base64. Let’s decode it:

$ echo cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz | base64 -d  
pl3as3_l3t_m3_1nt0_th3_saf3

The flag is just:

picoCTF{pl3as3_l3t_m3_1nt0_th3_saf3}