function bacon_encode(WC_Challenge $chall, $hidden)
{
$message = strtolower($chall->lang('message'));
$len = strlen($hidden);
$pos = -1;
$a = ord('A');
for ($i = 0; $i < $len; $i++) {
$c = ord($hidden[$i]);
$bin = decbin($c - $a);
$bin = sprintf('%05d', $bin);
for ($j = 0; $j < 5; $j++) {
$pos = bacon_next_pos($message, $pos);
if ($bin[$j] === '1') {
$message[$pos] = strtoupper($message[$pos]);
}
}
}
$pos++;
$len = strlen($message);
while ($pos < $len) {
$message[$pos] = strtoupper($message[$pos]);
$pos += 2;
}
return $message;
}
function hashgame_check_answer(WC_Challenge $chall, $answer, array $list1, array $list2)
{
$solutions = array_merge(hashgame_longest_two($list1), hashgame_longest_two($list2));
$answers = explode(',', $answer);
if (count($answers) !== 4) {
echo GWF_HTML::error('HashGame', $chall->lang('err_answer_count', array(count($answers))), false);
// return false;
}
if (count($answers) > 4) {
echo GWF_HTML::error('HashGame', $chall->lang('err_answer_count_high', array(count($answers))), false);
$answers = array_slice($answers, 0, 4);
}
$correct = 0;
foreach ($answers as $word) {
$word = trim($word);
foreach ($solutions as $i => $solution) {
if ($word === $solution) {
unset($solutions[$i]);
$correct++;
break;
}
}
}
if ($correct === 4) {
$chall->onChallengeSolved(GWF_Session::getUserID());
} else {
echo GWF_HTML::error('HashGame', $chall->lang('err_some_good', array($correct)), false);
}
}
public function onVote(WC_Challenge $chall)
{
if ('0' === ($userid = GWF_Session::getUserID())) {
return GWF_HTML::err('ERR_LOGIN_REQUIRED');
}
if (!WC_ChallSolved::hasSolved($userid, $chall->getID())) {
return $this->module->error('err_chall_vote');
}
$form = $this->getFormVote($chall, false, $userid);
if (false !== ($error = $form->validate($this->module))) {
return $error;
}
if (false !== ($vs = $chall->getVotesDif())) {
$vs->onUserVoteSafe($_POST['dif'], $userid);
}
if (false !== ($vs = $chall->getVotesEdu())) {
$vs->onUserVoteSafe($_POST['edu'], $userid);
}
if (false !== ($vs = $chall->getVotesFun())) {
$vs->onUserVoteSafe($_POST['fun'], $userid);
}
if (false === WC_ChallSolved::setVoted($userid, $chall->getID(), true)) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
if (false === $chall->onRecalcVotes()) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
return $this->module->message('msg_chall_voted');
}
function crypto_dig1_ciphertext(WC_Challenge $chall)
{
WC_CryptoChall::checkPlaintext($chall->lang('plaintext'), true);
$solution = WC_CryptoChall::generateSolution('The22_GHDIdiiiiEEEEZZ', true, true);
$pt = $chall->lang('plaintext', array($solution));
$ct = crypto_dig1_encrypt($pt);
return $ct;
}
function crypto_trans1_ciphertext(WC_Challenge $chall)
{
WC_CryptoChall::checkPlaintext($chall->lang('plaintext'), true, true);
$solution = WC_CryptoChall::generateSolution('The_GHSUBBBBEEEEZZ', true, true);
$pt = $chall->lang('plaintext', array($solution));
$ct = crypto_trans1_encrypt($pt);
$ct = str_replace(' ', ' ', $ct);
return $ct;
}
function crypto_caesar_1_ciphertext(WC_Challenge $chall)
{
WC_CryptoChall::checkPlaintext(strtoupper($chall->lang('plaintext')));
$solution = WC_CryptoChall::generateSolution('The Foo The Bar The Lee', true, true);
$pt = $chall->lang('plaintext', array($solution));
$pt = strtoupper($pt);
$pt = preg_replace('/[^A-Z ]/', '', $pt);
$ct = crypto_caesar_1_encrypt($pt);
return $ct;
}
function crypto_caesar_2_ciphertext(WC_Challenge $chall)
{
WC_CryptoChall::checkPlaintext($chall->lang('plaintext'), true);
$solution = WC_CryptoChall::generateSolution('The_Foo!The!Bar_The!Lee', true, true);
$pt = $chall->lang('plaintext', array($solution));
// $pt = strtoupper($pt);
// $pt = preg_replace('/[^A-Z]/', '', $pt);
$ct = crypto_caesar_2_encrypt($pt);
return WC_CryptoChall::hexdump($ct);
}
function ttr2_mail_me(WC_Challenge $chall, $email, $token)
{
$mail = new GWF_Mail();
$mail->setSender(GWF_BOT_EMAIL);
$mail->setReceiver($email);
$mail->setSubject($chall->lang('mail_subj'));
$mail->setBody($chall->lang('mail_body', array($token)));
$mail->sendAsHTML('*****@*****.**');
# cc me for testing purposes
}
function www_basic_go(WC_Challenge $chall, $url, $content)
{
if (false === ($response = GWF_HTTP::getFromURL($url))) {
echo GWF_HTML::error('WWW Basics', $chall->lang('err_file_not_found'));
} elseif ($response !== $content) {
echo GWF_HTML::error('WWW Basics', $chall->lang('err_wrong', array(htmlspecialchars($response), htmlspecialchars($content), strlen($response), strlen($content))));
} else {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
}
function wcc_ip6_check_answer(WC_Challenge $chall, $answer, $level)
{
require_once 'solutions.php';
if ($level === count($solutions)) {
$ip = $_SERVER['REMOTE_ADDR'];
if (GWF_IP6::isV6($ip)) {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
return false;
}
return in_array(strtolower($answer), $solutions[$level], true);
}
public static function checkSolution(WC_Challenge $chall, $random, $letters_only = false, $lowercase = false, $length = 12)
{
if (false === ($answer = Common::getPostString('answer', false))) {
return;
}
$solution = self::generateSolution($random, $letters_only, $lowercase, $length);
if ($lowercase) {
$answer = strtolower($answer);
}
$chall->setVar('chall_solution', WC_Challenge::hashSolution($solution, $lowercase));
$chall->onSolve(GWF_Session::getUser(), $answer);
}
function www_rewrite_go(WC_Challenge $chall, $url)
{
$n1 = rand(1000000, 1000000000) . rand(1000000, 1000000000);
$n2 = rand(1000000, 1000000000) . rand(1000000, 1000000000);
$solution = bcmul($n1, $n2);
$url .= $n1 . '_mul_' . $n2 . '.html';
if (false === ($response = GWF_HTTP::getFromURL($url))) {
echo GWF_HTML::error('WWW Rewrite', $chall->lang('err_file_not_found'));
} elseif ($response !== $solution) {
echo GWF_HTML::error('WWW Rewrite', $chall->lang('err_wrong', array(htmlspecialchars($response), htmlspecialchars($solution), strlen($response), strlen($solution))));
} else {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
}
function wccgpg_doit(WC_Challenge $chall, $user)
{
if ($user === false) {
echo GWF_HTML::error('GPG', $chall->lang('err_login'), false);
return;
}
if (!$user->hasValidMail()) {
echo GWF_HTML::error('GPG', $chall->lang('err_no_mail'));
return;
}
$receiver = $user->getValidMail();
if (!function_exists('gnupg_init')) {
echo GWF_HTML::error('GPG', $chall->lang('err_server'));
return;
}
if (false === ($fingerprint = GWF_PublicKey::getFingerprintForUser($user))) {
$url = GWF_WEB_ROOT . 'account';
echo GWF_HTML::error('GPG', $chall->lang('err_no_gpg', $url), false);
return;
}
$solution = WC_CryptoChall::generateSolution('OHOYOUGOTGPG!', true, false);
$mail = new GWF_Mail();
$mail->setSubject($chall->lang('mail_s'));
$mail->setSender(GWF_BOT_EMAIL);
$mail->setReceiver($receiver);
$mail->setBody($chall->lang('mail_b', array($user->displayUsername(), $solution)));
if (false === $mail->sendToUser($user)) {
echo GWF_HTML::err('ERR_MAIL_SENT');
} else {
echo GWF_HTML::message('GPG', $chall->lang('msg_mail_sent', array(htmlspecialchars($receiver))));
}
}
function identity_filter(WC_Challenge $chall)
{
if (!isset($_POST['answer']) || !is_string($_POST['answer'])) {
return;
}
$answer = $_POST['answer'];
$answer = str_replace(array(' ', ','), '', $answer);
$answer = strtolower($answer);
$answer = str_replace('049', '0', $answer);
if (strpos($answer, '17659598844') !== false) {
echo GWF_HTML::error($chall->lang('title'), $chall->lang('err_home_phone'));
}
$_POST['answer'] = $answer;
}
public function __wakeup()
{
if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) {
$chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 2, 'challenge/are_you_serial/index.php');
}
$chall->onChallengeSolved(GWF_Session::getUserID());
}
function train_regex_level_4(WC_Challenge $chall, $answer)
{
$solution = '/^(wechall4?)\\.(?:jpg|gif|tiff|bmp|png)$/';
$samples_good = array('wechall.jpg', 'wechall.gif', 'wechall.tiff', 'wechall.bmp', 'wechall.png', 'wechall4.jpg', 'wechall4.gif', 'wechall4.tiff', 'wechall4.bmp', 'wechall4.png');
$samples_bad = array('wechall', 'wechall4', 'wechall3.png', 'wechall4.jpf', 'wechallpng', 'wechallxjpg', 'wechall.jpg ', ' wechall.jpg', 'mechall.jpg', 'meechll.jpg', 'wechall44.jpg', 'wecdfss.jpg');
foreach ($samples_good as $t) {
if (!preg_match($answer, $t, $matches)) {
echo GWF_HTML::error('WeChall', $chall->lang('err_no_match', array($t)), false);
return false;
}
$filename = Common::substrUntil($t, '.');
if (count($matches) !== 2 || $filename !== $matches[1]) {
echo GWF_HTML::error('WeChall', $chall->lang('err_not_capturing'), false);
return false;
}
}
foreach ($samples_bad as $t) {
if (preg_match($answer, $t, $matches)) {
echo GWF_HTML::error('WeChall', $chall->lang('err_matching', $t), false);
return false;
}
}
if (strlen($answer) > strlen($solution)) {
echo GWF_HTML::error('WeChall', $chall->lang('err_too_long', array(strlen($solution))), false);
return false;
}
return true;
}
function checkSolution(WC_Challenge $chall)
{
if (false === ($correct = GWF_Session::getOrDefault('cyrm_solution'))) {
return htmlDisplayError($chall->lang('err_no_request'));
}
$timediff = microtime(true) - GWF_Session::get('cyrm_timeout');
$taken = sprintf('%.03fs', $timediff);
if ($correct !== ($answer = Common::getGetString('solution', ''))) {
return htmlDisplayError($chall->lang('err_wrong', array(htmlspecialchars($answer, ENT_QUOTES), $correct, $taken)));
}
$maxtime = 2.5;
if ($timediff >= $maxtime) {
return htmlDisplayError($chall->lang('err_slow', array($maxtime . 's', $taken)));
}
return htmlDisplayMessage($chall->lang('msg_correct', array($taken)));
}
function checkSolution(WC_Challenge $chall)
{
if (false === ($correct = GWF_Session::getOrDefault('lg_solution'))) {
return htmlDisplayError($chall->lang('err_no_req'));
}
$maxtime = LETTERGRID_MAX_TIME;
$timediff = microtime(true) - GWF_Session::getOrDefault('lg_timeout', 0);
if ($correct !== Common::getGet('solution')) {
GWF_Session::remove('lg_timeout');
GWF_Session::remove('lg_solution');
return htmlDisplayError($chall->lang('err_wrong', array(htmlspecialchars(Common::getGet('solution'), ENT_QUOTES), $correct, $timediff, $maxtime)));
}
if ($timediff >= $maxtime) {
return htmlDisplayError($chall->lang('err_slow', array($maxtime, $timediff)));
}
return htmlDisplayMessage($chall->lang('msg_correct', array($timediff)));
}
function shadowlamb3solver(WC_Challenge $chall, $answer)
{
if (!GWF_Session::isLoggedIn()) {
echo GWF_HTML::error('Shadowlamb', 'Better login first!');
return;
}
$code = WC5Lamb_Solution::validateSolution3($answer, GWF_Session::getUserID());
switch ($code) {
case 1:
echo GWF_HTML::message('Shadowlamb', $chall->lang('msg_right'));
$chall->onChallengeSolved(GWF_Session::getUserID());
break;
default:
echo GWF_HTML::error('Shadowlamb', $chall->lang('err_wrong_' . $code));
break;
}
}
function prog2CheckResult(WC_Challenge $chall)
{
if (false === ($user = GWF_Session::getUser())) {
die($chall->lang('err_login'));
}
if (false === ($answer = Common::getGet('answer'))) {
die($chall->lang('err_no_answer'));
}
$solution = GWF_Session::getOrDefault('prog2_solution', false);
$startTime = GWF_Session::getOrDefault('prog2_timeout', false);
if ($solution === false || $startTime === false) {
die($chall->lang('err_no_request'));
}
$back = "";
if (trim($answer) !== $solution) {
$back .= $chall->lang('err_wrong', array(htmlspecialchars($answer, ENT_QUOTES), $solution));
} else {
$back .= $chall->lang('msg_correct');
}
$timeNeeded = microtime(true) - $startTime;
if ($timeNeeded > TIMELIMIT) {
return $back . $chall->lang('err_timeout', array(sprintf('%.02f', $timeNeeded), TIMELIMIT));
}
return trim($answer) === $solution ? true : $back;
}
function stalking_check_answer(WC_Challenge $chall, $answer)
{
$answer = mb_strtolower($answer);
// To Lower
$answer = str_replace(' ', '', $answer);
// No Spaces
$sections = explode(',', $answer);
$sc = count($sections);
if ($sc !== 4) {
return $chall->lang('err_sections', array($sc));
}
list($company, $coworker, $brother, $band) = $sections;
if (stalking_company($company) && stalking_coworker($coworker) && stalking_brother($brother) && stalking_band($band)) {
return false;
} else {
return $chall->lang('err_wrong');
}
}
public static function testSmiley(WC_Challenge $chall, $smiley, $path)
{
$back = true;
# Test passed :S?
# Generate test input :)
$ues = str_replace('\\', '', $smiley);
$ues = Common::regex('#/([^/]+)/#', $ues);
$text = 'Test ' . $ues . '. Test ' . $ues;
echo GWF_Box::box($text, $chall->lang('test_input'));
# Generate test output :)
if (NULL === ($out = self::replaceSmiley($smiley, $path, $text))) {
$back = false;
$out = $text;
}
# Output the test :)
echo GWF_Box::box($out, $chall->lang('test_output'));
return $back;
}
/**
* Exploit this!
* @param WC_Challenge $chall
* @param unknown_type $username
* @param unknown_type $password
* @return boolean
*/
function auth1_onLogin(WC_Challenge $chall, $username, $password)
{
$db = auth1_db();
$password = md5($password);
$query = "SELECT * FROM users WHERE username='******' AND password='******'";
if (false === ($result = $db->queryFirst($query))) {
echo GWF_HTML::error('Auth1', $chall->lang('err_unknown'), false);
# Unknown user
return false;
}
# Welcome back!
echo GWF_HTML::message('Auth1', $chall->lang('msg_welcome_back', htmlspecialchars($result['username'])), false);
# Challenge solved?
if (strtolower($result['username']) === 'admin') {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
return true;
}
function crypto_sub1_ciphertext(WC_Challenge $chall)
{
WC_CryptoChall::checkPlaintext(strtolower($chall->lang('plaintext')), true, true);
$solution = WC_CryptoChall::generateSolution('The_GHEEEEZZ', true);
// var_dump($solution);
$chars1 = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z');
$chars2 = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z');
shuffle($chars1);
shuffle($chars2);
$map = array();
for ($i = 0; $i < 26; $i++) {
$map[$chars1[$i]] = $chars2[$i];
}
$pt = $chall->lang('plaintext', array($solution));
$pt = strtoupper($pt);
$pt = preg_replace('/[^A-Z ]/', '', $pt);
$ct = crypto_sub1_encrypt($pt, $map);
return $ct;
}
function sidologyRemixCheckAnswer(WC_Challenge $chall, $answer)
{
if (false !== ($error = $chall->isAnswerBlocked(GWF_User::getStaticOrGuest()))) {
echo $error;
return;
}
$solution = '726f3a30c8ae485b4f34d5ff0fed05552d3da60b';
# :) HappyCracking!
$hash = $answer;
for ($i = 0; $i < 100000; $i++) {
$hash = sha1($hash);
}
// echo "$hash<br/>\n";
if ($hash === $solution) {
$chall->onChallengeSolved();
} else {
echo WC_HTML::error('err_wrong');
}
}
function ttr2_submit(WC_Challenge $chall)
{
if ('' === ($answer = Common::getPostString('answer', ''))) {
return;
}
$sessid = GWF_Session::getSessSID();
# First check all "custom" solutions
$solutions = TTR2_Tokens::getSolutions($sessid);
foreach ($solutions as $solution) {
if ($solution['ttr_token'] === $answer) {
echo GWF_HTML::message($chall->lang('title'), $chall->lang('msg_reset_own', array(htmlspecialchars($solution['ttr_email']))));
return;
}
}
# Now lets check "THE" solution
$solution = TTR2_Tokens::getSolution($sessid);
$chall->setSolution($solution['ttr_token']);
$chall->onSolve(GWF_User::getStaticOrGuest(), $answer);
}
function wcChallVotes(WC_Challenge $chall, $section)
{
$db = gdo_db();
# Init back;
$back = array();
for ($i = 0; $i <= 10; $i++) {
$back[$i] = array(0, 0);
}
$back[11] = array(0, 0.0);
$total = 0;
$count = 0;
$vsr = GWF_TABLE_PREFIX . 'vote_score_row';
$vsid = $chall->getVar('chall_vote_' . $section);
$query = "SELECT vsr_score, COUNT(vsr_uid) FROM {$vsr} WHERE vsr_vsid={$vsid} GROUP BY(vsr_score) ORDER BY vsr_score ASC";
// var_dump($query);
if (false === ($result = $db->queryRead($query))) {
return $back;
}
while (false !== ($row = $db->fetchRow($result))) {
$cnt = (int) $row[1];
# 15 people
$score = (int) $row[0];
# voted N
$back[$score] = array($cnt, $score * $cnt);
$total += $score * $cnt;
$count += $cnt;
}
$db->free($result);
if ($count === 0) {
$count = 1.0E-8;
}
for ($i = 0; $i <= 10; $i++) {
// $back[$i] = array($back[$i][0], $back[$i][1] / $total * 100);
$back[$i] = array($back[$i][0], round($back[$i][0] / $count * 100, 2));
}
if ($count > 0) {
$back[11] = array($count, round($total / $count * 10, 2));
}
// var_dump($back);
return $back;
}
function ludde_is_satisfied(WC_Challenge $chall)
{
# Missing POST var?
if (!isset($_POST['username'])) {
return $chall->lang('err_missing_var');
}
# Submitted a string?
if (!is_string($_POST['username'])) {
return $chall->lang('err_var_type');
}
# Valid username?
if (!preg_match('/^[a-zA-Z]{1,16}$/', $_POST['username'])) {
return $chall->lang('err_illegal_username', array(1, 16));
}
# WTF! WTF! WTF!
if (strlen($_POST['username']) > 16) {
return true;
}
# Normal, OK and no error :)
return false;
}
function x169(WC_Challenge $chall)
{
$matrix = x169Matrix();
shuffle($matrix);
$embed = $chall->lang('embed');
$el = strlen($embed);
$ml = count($matrix);
if ($el > $ml) {
die('WHAT THE HACK!!!');
}
$embed .= str_repeat('o', $ml - $el + 1);
$i = 0;
$out = '';
foreach ($matrix as $m) {
$out .= mb_substr($embed, $i, 1, 'UTF8');
// $out .= substr($embed, $i, 1);
$out .= $m;
$i++;
}
return $out;
}
private static function recalcVotes(Module_WeChall $module, $dropTable)
{
if (false === ($mod_votes = GWF_Module::loadModuleDB('Votes', true))) {
return GWF_HTML::err('ERR_MODULE_MISSING', array('Votes'));
}
if (false === WC_Site::onRecalcAllVotes()) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
if (false === WC_Challenge::onRecalcAllVotes()) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
return '';
}
