Phone Lock

Web - 50 Points

I forgot my phone password, can you help me unlock it? (Don’t judge, happens to us all)


For this challenge we got a web page with a number lock resembling a phone pad. A quick look to the page source returns some interesting functions…


function buttonClick(e)
if (locked) return false;
var t=$("#result");
if (t.val().length>=4)
if (md5(salt+result)==valid)
alert("Flag is: "+md5(salt+result+result));

We then just used hashcat to retrieve the original combination :) All we needed to do was setting the right params.

./hashcat-cli64.bin -m 20 -a 3 --outfile=testresult.txt --outfile-format=3 -1 ?d ./input.txt ?d?d?d?d

# -m, Hash-type, 20 = md5($salt.$pass)
# -a, Attack-mode, 3 = Brute-force
# --outfile-format=NUM, Define outfile-format for recovered hash, 3 = hash[:salt]:plain

The flag here vary (time-dependent).