New Time challenge

Finally, my time challenge has been released! http://www.hellboundhackers.org/challenges/timed/timed7/index.php Enjoy. :)

Thank you very much.

sweet, i wanna get these timed challenges done, but i need to setup apache 1st, well, i need to install linux 1st… ^^ on it :)

Very very nice! :D

Definitely the hardest timed challenge yet, kudos to swartmumba for coming up with it.

Wow! That's awesome.

Where would you even start with a challenge like this?

I guess googling 'cracking barcodes' ??

If any one has used Hack This Site, this reminds me of the Programming 2 for that site, which had a png that was all black with random white dots. The white dots needed to be measured and the pixel distances gave the decimal of ascii characters such as . and - which then was translated from morse to the answer… the challenge was to return the answer in 15 seconds knowing all these rules.

Here you have a png (downloads as php) and measure the black bars and non-black ones. Very similar to above, the rest is just taking that data and understanding how to crack bar codes, which is easy through google… took about 30 minutes to get the code for all that together but I'm stuck on how to post this back using python. This is the same problem I'm having on Timed 6.

Does anyone know how to get the info and keep that page open in python to post the answer back? Anyone know how long the time limit is for this challenge because I can generate the answer quickly and can post with other tools if I have like 10 seconds?

I'm very happy to help anyone with the coding for detecting what's in the image but really need help posting back my answer…

Thanks, zbert

just rewrote a script for this zbert, so I can probably help you out.

For the record, python doesnt open the page, it makes a request, and it needs to make another one back.

There are a lot of different barcode formats, what's this supposed to be? (EDIT: Nvm I can guess) And what does it mean by "valid" or "invalid?"

Mouzi wrote: There are a lot of different barcode formats, what's this supposed to be? And what does it mean by "valid" or "invalid?"

All part of the challenge I guess.

Yeah I thought I could research on what's invalid or valid, but it didn't turn out that well.

EDIT: Done, but gives "Wrong answer" notification. Can I PM anyone with what I've got? Some of you have done it anyway.

zbert wrote: Anyone know how long the time limit is for this challenge because I can generate the answer quickly and can post with other tools if I have like 10 seconds?

If I wanted to tell you, then I would of done so in the challenge brief. Just know that you are going to have to do a bit of optimization if your script takes 10 seconds. :o

zbert wrote: I'm very happy to help anyone with the coding for detecting what's in the image but really need help posting back my answer…

How did you manage to do the other time challenges if you can't even make a simple post request?

Mozi said: Yeah I thought I could research on what's invalid or valid, but it didn't turn out that well. It is pretty logical if you know how the barcode works.

zbert wrote: I'm very happy to help anyone with the coding for detecting what's in the image but really need help posting back my answer…

[quote]SwartMumba wrote: How did you manage to do the other time challenges if you can't even make a simple post request? [/quote]

Thanks for the input SwartMumba, great challenge by the way and thanks for the idea on time. To answer your question, it was my goal to do all of the Timed in Greasemonkey but timed 6 is the only one that won't take a ?GET in the url or has a form that you can do form[0].submit() to POST with. So I'm stuck learning how to POST with python because my Greasemonkey script which uses xmlhttpRequest to POST… altough I see the POST in tamper data, the page just ends up the same page with different font so it's.

Mozi said: Yeah I thought I could research on what's invalid or valid, but it didn't turn out that well.

It is pretty logical if you know how the barcode works. I don't want a spoiler but I can be PMed for a link to how to figure out the barcode pattern; or google it…

zbert

Look in the page source .

SwartMumba wrote: [quote]Mozi said: Yeah I thought I could research on what's invalid or valid, but it didn't turn out that well. It is pretty logical if you know how the barcode works.[/quote]

Well I'm still not sure I have the right barcode format, but IF I have the right format then the validity means if the barcode forms valid numbers or not.

Anyway, like I said, I have a script done that can decode it and post it back, but apparently I'm still doing something wrong. I may be giving the answer in wrong format too. It'd help if I could PM someone with what I've got because I don't want to spoil here.

EDIT: The above post confirmed that I do have the right format :P EDIT2: What the heck :D When I first time bet this challenge I got this:

Timed 7

SORRY! You already beat this

Points will not be added But I guess it's beaten now.

I think I've solved the challenge, but it keeps saying I ran out of time. The time it took was about 2-3 seconds from when I started it until I got the response from HBH. :/

What is the max time for this one or will it give the wrong message?

I think it has plenty of time. I didn't bother making the script log in so I just made it write a HTML form and I manually clicked it and still got it in time :P But I don't know what the time is in seconds.

Hmm, but I get the message "You ran out of time!". Guess that my answer is wrong and I got wrong message?

c4p_sl0ck wrote: Hmm, but I get the message "You ran out of time!". Guess that my answer is wrong and I got wrong message? Your code is not fast enough. You ran out of time, means you ran out of time. Seriously, …

My script executed in less than 0.06 seconds. With the time to get the image it took 0.16 and including the time it took to submit 1.66 seconds so I'm guessing that's not the problem. Or maybe I should get it, process it and submit it in less than a second. :O On HBH!

Definitely the hardest time challenge and I like it. Although I haven't completed the sixth one, this one looked more interesting, so I started on this one ;)

First thought it was coded in EAN-13, which is more commonly used in my country and which is way harder to encode/decode. Now I know the correct format, so it shouldn't be too long before I get it.;)

Edit: Completed! I've got the points! Lasted a little longer than I expected, turned out I misread how the validity should be submitted. I thought validity was boolean.:happy:

c4p_sl0ck wrote: My script executed in less than 0.06 seconds. With the time to get the image it took 0.16 and including the time it took to submit 1.66 seconds so I'm guessing that's not the problem. Or maybe I should get it, process it and submit it in less than a second. :O On HBH! I PMed you

Well, happy to have a program that decodes the barcode with the same results as I get manually on the program. But I am coming up with the numbers following the information in the link about barcodes and am posting before I get a ran out of time response so I'm wordering if I'm sending my data back in the correct format.

Here's how I'm sending the data: barcode=111111111111&validity=valid

Anyone who has done this, especially in python, I'd be very happy to get a review of my script. I'm thinking it's mostly right but obviously there is something wrong. Please feel free to pm or write back to this post but I'd appreciate smart ass comments be accompanied with some sort of information so that it's not a waste of time and space on this forum… ugh hmmmm, note previous posts…

The barcode post variable must a an ascii number, not binary.

Well I know it can't be in binary, that's not what I meant… it was just a format of 12 numbers, so to make that clearer (thanks for pointing out using 1 or 0 might suggest binary):

POST Data: barcode=123456789123&validity=valid

I had a loop to set my numbers and found I was only getting 11 numbers spat out but I noticed after changing that, that my answers took significantly longer to submit. They would then all say 'ran out of time' where when using a wrong answer on purpose, it'd submit much faster (from 2 seconds to under 1) and would state wrong answer… is there a reason that it does that? Can anyone else confirm this behavior?

zbert wrote: They would then all say 'ran out of time' where when using a wrong answer on purpose, it'd submit much faster (from 2 seconds to under 1) and would state wrong answer… is there a reason that it does that? Can anyone else confirm this behavior? Did you not take the time to think before you posted that, or do you just lack logic?

SwartMumba wrote: [quote]zbert wrote: They would then all say 'ran out of time' where when using a wrong answer on purpose, it'd submit much faster (from 2 seconds to under 1) and would state wrong answer… is there a reason that it does that? Can anyone else confirm this behavior? Did you not take the time to think before you posted that, or do you just lack logic? [/quote] zbert ORIGINALLY wrote: I had a loop to set my numbers and found I was only getting 11 numbers spat out but I noticed after changing that, that my answers took significantly longer to submit. They would then all say 'ran out of time' where…

Wow SwartMumba, I respect your mission but your response was such a waste of forum space, especially when it is so badly out of context. Please at least answer the question while fluffing your ego!

Sorry to have a post that was confusing but the point of it was that when the format of the answer is correct, it takes significantly longer to submit the answer in my code. Like I said, when the answer was incorrect and only 11 numbers, it took less than a second for the code to run and now, when using 12 numbers, it takes more than a second. Yes, it's obvious the page will say ran out of time and that's not my question of why that is, but I was asking why does the page take longer to submit in the correct format? I'm seeing if others have experienced this as there are other posts in this thread with similar behavior.

Thanks, zbert

zbert wrote: Sorry to have a post that was confusing but the point of it was that when the format of the answer is correct, it takes significantly longer to submit the answer in my code.

Ok, now I understand what you are trying to say. Send me your code and I'll take a look, when I have time.

Pulled my code off the self from a couple of months ago and did finally get it working after a few out of time messages (damn slow internet on my part). Thanks again for this challenge.

Yeah, I figure I get to try this one in lieu of Timed 6 (as it is down). Thanks for a new challenge!

Well, my code is running very well since I have tested it locally. What I want to know from the people who solved this challenge is that when I grab the image from http://www.hellboundhackers.org/challenges/timed/timed7/barcode.php , should I grab it with my cookie session? Because I'm getting the following message: You are not handling your cookies properly or you are trying a sneaky trick!

I know I'm not trying a sneaky trick, so what about cookies?

You have to use cookies, yeah.

One thing you can do is to limit each member to a bit of attempts in a certain quantum of time… for example one attempt every 3 minutes, if you post a wrong answer you must wait 3 minutes… with this method is more convenient to write a script that solve the challenge at the first attempt…

yeah, is fairly easy to do.

I don't think you should modify the challenge, it would be unfair for the ones who didn't solve it. I'm not talking because I didn't solve it, but that's how I see things. Why not make another challenge with the inspiration of this challenge, and where you limit the number of attempts… One attempt each 3 minutes would be a hell to me, since my internet connection really sucks… But anyways, my Curl code is working very well in computing the code… What I'm facing now, is how to grab the image with Curl as BINARY, because like we said, I need my session included… so I'm using Curl.

That should not really be that hard. I'd advise you to look up curl_setopt() on PHP.net once more. You'll instantly notice an option you can set for binary transfers. You can use that one, although personally I stored the image in a local file, which method doesn't require this binary option.

Okay, problem solved. I'm downloading the image with Curl, but now I'm running out of time…

Cyph3rHell wrote: One thing you can do is to limit each member to a bit of attempts in a certain quantum of time… for example one attempt every 3 minutes, if you post a wrong answer you must wait 3 minutes… with this method is more convenient to write a script that solve the challenge at the first attempt… Depending on how you program your answer, it wouldn't make any difference. Timed 3 is programmed like that, but I wrote my script in python, and it restarts the session and makes new cookies each time I run it, so I never had to wait for the time limit.

Does anyone know how to use urllib.urlretrieve() to download the image. I mean I can request the index.php fine and be logged in, but if I request the barcode.php page I just get:

Python 2.6.2

|PNG



my code:

import urllib, urllib2
from time import time
t=time()

headers = {HEADERS}
url='http://www.hellboundhackers.org/challenges/timed/timed7/index.php'

req = urllib2.Request(url, None, headers)
req.add_header('Referer', 'http://www.hellboundhackers.org/')
imgBC = urllib.urlretrieve('http://www.hellboundhackers.org/challenges/timed/timed7/', 'barcode.png')
response = urllib2.urlopen(req)
hbh = str(response.read())


print hbh
print time()-t

I have also tried to change the barcode.php to:

barcode.php.png barcode.png

but the image becomes corrupted.

[EDIT]: Figured out how to download and save as a binary file.