It's that time of year again! SANS Holiday Hack Challenge. Looks like the Counter Hack crew are changing up things a bit. They have a scheduled release for each section of the challenge and are allowing write-ups to be posted a week after each section starts.
I don't expect to complete the challenge, but that's not important. Part of the fun is learning, and I learn something from every challenge I attempt. I did do the last few years' challenges, but didn't post them. This time around, I intend to post it whether I complete it or not.
The prologue was a fun little puzzle. Not efficient solutions but they passed the objectives.
First Terminal
This one is easy. Click on the Raspberry Pi Terminal near Jingle Ringford, and click into the top of the Terminal as described and type answer.
Elf Connect
The next Terminal is the Elf Connect Terminal near Angel Candysalt. The game can be played normally, as described in the rules, to get the Silver Trophy.
To get the Gold Trophy, the score needs to be manipulated. The Source Code can be viewed and manipulated by using Chrome Browser Developer Tools as shown in the video below.
Start the Terminal near Angel Candysalt, Click the "Click Anywhere to begin" button to get the rules off the screen, right-click, Inspect. Then change to the Elements tab if it doesn't already place you there. After that, look for the link to the game. The link was in body in the iframe. Right-click the link and select "Load in New Tab".
Go to the new Tab with the Elf Connect game loaded, Right-click and click Inspect again. This can also be done in the full challenge window, but it's not as easy to see which code belongs to just the Elf Connect terminal itself. If you're new to this, having the code just linked to the game in plain view makes it easier.
Play the game and see how it functions. In the Application Tab, there's an area for Local Storage. The score and round number are stored in this area. Manipulating just this value doesn't seem to change the score because it's reset when the level is played and the score changes.
Go to the Console tab and type:
score+=score+1000000
Then play a round. The next time you score, the score is updated but 1000000 is added to it. This is how to get the Gold Trophy for this game.
Elf Minder
The next Terminal is Elf Minder, near Poinsetta McMittens.
Again, this one can be played legitimately. Yes, even the Crate Caper level. It's just important to understand how each of the entities function. Entities are the items you can put into play like the tunnels and springs.
There are 12 levels visible at the start of the game. Complete those to get a Silver Trophy.
A final level, A Real Pickle, is unlocked after the first levels are complete.
The game usually limits the springs to 2 and the portals/tunnels to 2, however, the source code can be manipulated to change that.
Again, Developer Tools in Chrome was used for this puzzle as described in the Elf Connect Terminal write-up/video above.
if (existingSprings.length === 2){
//remove just the oldest spring
const oldestSpring = game.entities.findIndex(entity => entity[2] === EntityTypes.SPRING);
game.entities.splice(OldestSpring, 1);
}
Just change the 2 in the if statement to a number of your choosing like 500 for example.
The portals/tunnels are a different animal. They can be manipulated, however, there was an error popped when more than two were used like the elf couldn't figure out where to go.
The puzzle can be solved without manipulating the number of portals.
The portal locations and the spring locations can be manipulated as well. The game is laid out in a coordinate plane. 1,1 is the top left, all the way to 1,13 at the right. Then the next row down is 2,1 to 2,13. Each item placed is stored in Local Storage under the Application tab in Developer Tools in Chrome. There is one entry in local storage for each level. Example: There would be a line for Sandy Start which would have entities and segments next to it. Then a different line for A Real Pickle and so on a so forth. The portals and tunnels go into an array called "entities". The path segments go into an array called "segments".
There are some rules that are checked server side as well as client side so commenting out those sections in the client-side code doesn't affect it server side, so the level doesn't count as being complete and an error pops up relating to that condition.
Some things that should be checked are not. Example: A tunnel can be placed on a boulder block and a segment can go to and from that tunnel. Normally this wouldn't be allowed.
The points in either the segments or the entities can be manipulated making it possible to break rules. Example: You can have a tunnel coming off the start square instead of the square nearby. The video shows more detail of this.
No comments:
Post a Comment