Radools Realm, Part 1: Introduction

This is the first of four CTF problems I made while studying at Carnegie Mellon University. The problems are not particularly difficult, rather are meant to be instructive. The target audience is highschoolers, so I designed the problem as a video game that the players must hack to turn on all the achievements.

To try the problem, go to this repository. You will need a recent version of Java installed. More detailed instructions can be found in the repository. The first level can be found in the level0 directory.

Solution

The first level is very simple; there are no data integrity checks implemented on the server side, so the player can just edit their save file to turn on all the achievements directly. The achievements are represented by a JSON dictionary:

"achievements":{
    "overwrought fish washer":0,
    "languid bison anthropologist":0,
    "plastic jellyfish specialist":0,
    "rich aardvark filterer":0,
    "screeching gnat grinder":0,
    "picayune giant therapist":0,
    "determined eagle allergist":0,
    "magical mallard acupuncturist":0,
    "glorious pigeon attacher":0,
    "flashy starling installer":0
}

Changing all the 0’s to 1’s and submitting the save file (by moving the duck onto the owl in the game) will yield the flag.

See this video for a walk-thru.

Teaching Goal

The purpose of this level was to introduce players to the format and mechanics of the series. They come to understand how to launch the game and submit a save file, which is relevant to future problems.