Phone Lock

Web - 50 Points

I forgot my phone password, can you help me unlock it? (Don’t judge, happens to us all)


For this challenge we got a web page with a number lock resembling a phone pad. A quick look to the page source returns some interesting functions…


function buttonClick(e)
	if (locked) return false;
	var t=$("#result");
	if (t.val().length>=4)
		if (md5(salt+result)==valid)
			alert("Flag is: "+md5(salt+result+result));

We then just used hashcat to retrieve the original combination :) All we needed to do was setting the right params.

./hashcat-cli64.bin -m 20 -a 3 --outfile=testresult.txt --outfile-format=3 -1 ?d ./input.txt ?d?d?d?d

#  -m, Hash-type, 20 = md5($salt.$pass)
#  -a, Attack-mode, 3 = Brute-force
#  --outfile-format=NUM, Define outfile-format for recovered hash, 3 = hash[:salt]:plain

The flag here vary (time-dependent).