Official Protein Cookies Discussion

Official discussion thread for Protein Cookies. Please do not post any spoilers or big hints.

I’m not sure how to run the locally. I’m testing both create functions locally and it’s giving me an error saying cannot concatenate string to bytes. Edit: nvm, something is wrong with my python version, tried the same thing in an online python shell and it works.

If you check out the Docker container, it’s running python2. That said, I’m missing the obvious way to mess with integrity and I could really use a nudge. I’m assuming it’s some flask/python thing where I can mess with the addition but I’m coming up blank. I thought maybe I could cause an error to expose it, but I’m coming up stumped there. I am going to feel really, really dumb when I finally figure this out.

./ fails. Is this part of the challenge or is something misconfigured on my machine? I’m a complete noob when it comes to docker.

how brute salt? it unpossible!

It is impossible. If only we could somehow… buff these cookies up and get them swole :wink:

Anyone down to give me a nudge? I feel like I understand how things are created and checked, but the only way forward I see is a long, long bruteforce and my bruteforce power is small due to my lack of gym membership and weak gainz.

Lol. I don’t even know where to start :smiley: to many files :smiley: Edit: I tried a little bit and reverse engineered the code in some places. My question is now: Do I have to use something like Burpsuite? I think it is to much for a Crypto-Challenge… Edit2: Finally I made it! Thanks for the help to the great community. Very interessting challenge, combining several aspects of IT-Security and attack methods

:wave: Hello! I’m also a bit stuck here and looking for a nudge. I understand the code pretty well but like everyone else I’m not sure how to do this without brute-forcing something (which seems wrong to me)

Hey all

Anyone got any hints? I know I need to modify the c***ie … but that’s about it.
I understand how the code works but I have no idea how to forge a c***ie without knowing the secret…

Hi. I analyzed the source code, but have no clue how to bypass a secret when preparing a cookie. I’d be grateful for a nudge in PM

While solving the challenge, I learned a new method. I did not find the solution way on my own. I read and learned, then it was easy. It’s hard to give a nudge. If you don’t know the solution way you have to learn about the crypto method used. Brutal force and big CPU power is not needed.

You’ll have to extend yourself for this one

1 Like

Man ! i understand the code and how it evaluate the cookie ,but still could’nt solve it .can anyone give me a nudge ?

After reading the code, you know the name of the method used. You can find an exploit for this method. I was not able to create such an exploit, but I found the exploit on the web.

1 Like

Hi there, I have implemented the (l***** e********) attack, perhaps there is something missing or wrong with my implementation. Can I DM someone and check if I’m doing something wrong? Thanks!

Anyone can help me with the challenge? Implemented the attack but still missing few points

it’s a fun challenge if anyone is stuck can dm for help

SHA512 is not suspectible to that type of attack