A Challengers Handbook
by
Caesum
General Considerations
I have been doing challenges for some time now and most of the time I have not kept any notes on solutions, etc. Only recently have I started noting things down and keeping notes on challenges. The advantages of doing this are tremendous. I once completed around 40 challenges on a site and kept no notes. Then a new level was put up which required solving the first 40 or so challenges and noting down a letter that had been added to the end of each solution. I was back at the start. Other times I have solved something on one site only to see the exact same problem on another site, only to have forgotten how I solved it in the first place. As a third example I have seen so many resets on some sites, and so many site moves that keeping notes on how challenges were solved in the first place is really important to me now. If you complete a set of levels and two years later the site moves and does a reset then you can be back at the start. As a fourth example of not keeping notes - a recent site had four levels. You got to the end and waited happily and then the fifth level came out. One of the passwords referred to something from the previous level, if you can't remember because it was several months ago then you are stuck. So having said all of this I hope that you will keep some kind of logbook on the challenges that you solve.
A few general words of advice for when you are really stuck on something. Sometimes you get to a point when trying to solve a certain challenge when you really can't see any way forward. The best things to do at this point are:
Wait a few days, give it a rest and then return with a fresh mind and start again.
Always take a close look at html source. Select everything and note if there is anything at all that is strange about the source. I have known encoded messages in tabs and spaces at the end of lines before and that does require a careful analysis. Note all script names, and all pathnames. Look for anything out of the ordinary. Perhaps you are looking at /level1/level2/index.html and it refers to images/blah.jpg. Now why is there an images directory in the level2 directory, what else is in it ?
Read any visible comments carefully, do they provide a veiled clue for the level ? Will some searching on google get you somewhere ? Think carefully about what you are searching on, try phrases as well as words.
Ask yourself what makes this level different from other levels? Recently I finished a level at one site and moved on to the next. I hadn't even looked at the task when I hovered on the forum link and noticed that it had a different name to the names of the previous level boards. A search on google quickly revealed that this was the name of some common board and guess what ? You had to exploit it, that was the essentially the challenge but I had seen this before anything else whereas other people had been there for a long time without noticing the difference. A lot of these kinds of levels are 99% observation.
Often you will find a hand written html page in amongst a lot of program generated pages and this can be a real giveaway. Hand written code is neat and small. Program generated code is a mess. If you've looked carefully at html source for long enough then you will notice the differences straight away.
Read the forums. Sites normally have forums, read them. Read everything, there are often hints to be found there amongst the pleas for help that people tend to post. +Malas riddles are an excellent example of this, the forums are jam packed with hints if you can understand them, and this often takes several complete readings of the forum.
Look around the site. I have come across some strange levels on sites where you can be really stuck only to look around the site at downloads or links and realise that part of the challenge has been hidden elsewhere on the site (normally in plain view, like 'here is a useful word list for you').
Here is a good place to just mention a few general everyday tools that have a multitude of uses. Now people will always say things like 'hey, im a Linux user, what about us ?' and to be honest here is my opinion: I use windows, I'm not averse to Linux but in general people who do use Linux seem to like doing things in difficult ways. They like reading manuals and they like command line tools. They like writing scripts and they like installing their own operating systems, compiling kernels and generally messing about with everything in sight. My question would be 'what are you doing reading this anyway ?'. So that said, tools I talk about will be windows tools although they may have counterparts on other OS's (and if you're a Mac user then sorry....... but who uses Macs anyway ? And I suppose you have some addon piece of equipment that lets you run PC stuff anyway).
A good text editor/multi-purpose editting program. Wordpad is rubbish, get rid of it. Notepad is good for messing with text at least if you have a version that will load more than 64k (ie not the early win95/98 version). My choice of editor: Ultraedit. UE will detect unix format files and ask you if you want to convert it when you load it. UE is fast. UE will sort, do conversions, display in hex, do syntax highlighting and recongise various languages from C to Perl, do file comparisons, complex formatting and macros and all kinds of things that I probably haven't even thought about. It really is worth getting hold of.
A good hexeditor. I use Hex Workshop. There may be better ones but I have used this one for years and I like it. It will do everything that I expect of a hexeditor like manipulating bytes, etc. It will also do xor's, rotates, etc and file compares. When you want to see what really makes up a file you need a hex editor.
A language. You should aim to be able to program in at least one language. It will get you much further in challenges. My language of choice is C, and I use MSVC or Borland depending on my mood. This isn't the end of the line though because I might just do something in VBA/Excel, Maple, ASM or any of the 20+ other languages that I have used or known in the past. Learn one and the next one you learn will be ten times easier to learn.
A number cruncher. This is an unusual tool to cite and few people will have some kind of generalised number cruncher behind them. I did Pure Maths at Uni and later an MSc so I like to have some kind of number cruncher/symbolic manipulation program available to me. Plus I got a discount on Maple and I had to study it. I use Maple for all kinds of problems. To cite a few examples from problem sites: A few cracking problems have been based on inverse modular functions - easy in Maple, Some problems at Vallodolid involve finding a set of mathematical relationships between points and then solving the simultaneous equations - can't be bothered to do it ? give it to Maple. This is not to say that Maple is an easy tool to use. You don't just pick it up and start solving all your math problems in it. I guess I am just in a lucky position. A few recent challenge problems have been based on RSA. Easy to crack in Maple (given that the problems were made easy to crack). All that said I also have my own number crunching routines that I can solve problems in big numbers with, and have used them to solve 5000 digit problems given at Vallodolid, so it is worth having some kind of big number routines for your language of choice (and if that is Java then its built in anyway).
There are a few books which are useful and do not fit under any one section alone. Some kind of HTML reference is always useful. Personally I use 'Instant HTML' when I want to look something up, but I have heard that 'dynamic html' is pretty good. I've also linked to 'code complete' which people have asked me about after I mentioned I read it. I should read it again and slap myself on both wrists for not following what he says. Also Maximum Security is recommended for newbies as it talks about many many tools used for all kinds of tasks. It's the sort of book that you can read from cover to cover and you will no longer be a newbie.
Back to Contents