Radools Realm, Part 2: Simple Checksum

This is the second of four CTF problems I made while studying at Carnegie Mellon University. To try the problem, go to this repository. You will need a recent version of Java installed. More detailed instructions can be found in the repository. The problem can be found in the level1 directory.

Solution

As before, the goal is to turn on all achievements in the save file (savelvl1.rr). This time, the file is protected by a simple checksum over it’s contents. If we inspect the server code snippet provided with the problem, we see that this is an MD5 checksum calculated over the entire save file (save for the checksum field itself).

It becomes quickly apparent that this MD5 checksum only considers the user contents of the file, and doesn’t factor in any server-side secret. Therefore, we need only modify the achievements, recompute the MD5 checksum, and submit the save file. Players can compute the hash using a webapp or with their favorite programming language.

Teaching Goal

This level introduces a minor obstacle for the player, namely the checksum. The player needs to investigate the server code, and understand that an MD5 checksum is being calculated. They also need to read the code to determine exactly what is being included in the checksum. Finally, they need to figure out how to recompute a checksum. The hope is that players unfamiliar with message authientication will learn about basic hashes, and why hashes alone are not sufficient to protect a message from tampering.