 Hey guys, John Hammond here looking at Pico CTF 2017 and a little bit of getting started in the capture to flag scene. So this challenge is hash 101. It's the next level in the cryptography category we've been looking at. Looks like prove your knowledge of hashes and claim a flag as your prize. Connect to the service at Shell 2017, blah, blah, blah. Let's go ahead and make that make the AR hash 101. Cool. And let's create a connect script just so we can, again, keep in mind that host name and port number in case we lose it. CHmod connects and welcome to hashes 101. There are four levels complete on receive a prize. Text is just ones and zeros. All texts can be represented by numbers. So different letters, these numbers go to ASCII table.com to unlock the next level. Give me the ASCII representation of this thing. OK, hmm. Well, let's do a little bit of Python magic so we can keep getting used to working in Python, because I think that's pretty awesome. So let's try Python and we've got binary right here, right, zeros and ones. So how can we convert that into ASCII? ASCII is the representation of characters like A, B, C, D, etc. or letters in the alphabet as numbers. So they all live in that ASCII table that was linked here. They're typically zero to 255 in the ASCII table, just like we've seen in that red, green, blue values because they're being represented by bytes. And those, again, can be like binary because it's a number or hex because it's a number or decimal or octal or whatever the case may be, whatever base we want, because it's still just data, still just numbers. So how do we convert it? Well, in Python, we can say, all right, this is a number, right? So we need you to convert it to an int or a number. Int expects your input to be a string. So I wrapped it in single quotes here and then int as a second argument or a second parameter we can give to this function in Python is the base that we want. So if I said base two, it says, oh, that's this number in like decimal, right? But I want an easy function to suddenly make that ASCII, right? We can do that with strings. Like if we had, hello, we can encode that to hex, right? See, hello is already ASCII. It's already kind of a string. We can encode it to hex. And then we had this thing that we could work with. And if we wanted to, we could decode that from hex and bring it back to the original thing. I use the underscore there to represent the previous evaluation result. So let's get this thing into hex with the hex function. And OK, we've got a zero X in front, that's fine. But we can slice that off if we really wanted to, or we could just like, you know, paste it and modify it and do whatever we want. If I were to slice it, that is like array indexing with square braces. If I wanted this, the two first two pieces of the pie gone with the, you can use the colon to say, from that position, I want to go all the way to the very end and you'd get that position out of it. So that works just fine for us. And now we can dot decode that into hex, right? And that's just the word plaid. OK, so let's start to combine some of those things. Let's go ahead and take the original binary. Put it in base 10 and then let's modify that and turn it to hex, right? And then let's slice it, get that zero X away from it. And then let's decode that and put it into regular ASCII, because we knew it was hex to begin with. We can decode it. And now it's just the word plaid. Awesome. OK, so that level is done. Let's take note of these things. Let's nano input dot text plaid. Cool. Now, if I connect, I can input plaid. Oh, boy, I guess that may be changing from connection to connection. That's OK. We can handle that. Let's go ahead and create a new terminal window, just like we've done in the previous challenge, go into hash 101, go ahead and connect to this. Let's use the same string that we had previously used. In our Python interpreter. But instead of using the binary that we're given at that point, let's use what we have as we've just connected the service plaid. OK, I guess we just got kind of unlucky on that one. So numbers can be base anything, as it says, plaid. No, that was stupid of me. I shouldn't have disconnected. I did it to try and change the display on the screen. Numbers can be represented in many ways. A popular way to represent computer data is base 16 or hex. Since it's numbers line up nicely with the bytes, two hex characters equals eight binary bits. Other formats include base 64, binary and just regular base 10 or decimal. In a way, the ASCII chart represents a system where all text can be seen as base 128, not including the extended ASCII codes. To unlock the next level, give it the text that you just decoded as its hex equivalent, and then the decimal equivalent of that number. OK, so we've already learned how to do all of that just in just in Python. Right? If we wanted the Earth to be encoded to hex, that's all we could do. Cool. And now if we wanted that in decimal, we could take that string and give it to the int function. But say we wanted, OK, we want that in base 10. So int will always return base 10 for us, but it needs to know what base the input we give it is in. So since this is in base 16 because it's hex, it will pass that as the understanding here. Now we'll take the decimal number that it gave us and give that to the program. Cool. OK. Level three, hashing functions. A hashing function intakes any data of any size and irreversibly transforms it to a fixed length number. For example, a simple hashing function could be to add up the sum of all the values of the bytes in the data and get the remainder after dividing by 16. So it's modulus 16. Give me a string that will result in 10 after being transformed with the mentioned example hashing function. OK, so we need something that a simple hashing function that divide up all the sum of all the values of all the bytes in the data and get the remainder after dividing by 16. OK, so we've got functions in Python that allow us to do cool things like that. If we had an array of numbers like one, four and 10, just that's a list, right? We could use the function sum and pass in that list to it and it will return. OK, the sum is 15. So now we want to get a string like hello, we've been working with before and get the ASCII value out from each of those. So I'm going to do a neat thing because I want to keep us moving and doing kind of interesting cool things. So I want to showcase list comprehension in Python. If you haven't seen it before, you can totally Google that term. But essentially, it allows us to create a list or a looping through any kind of data just in one line. So let's say C for the character that we're looking for will be represented by for every character in that string. Because hello, this right here is an iterable like we can loop through that. We can look at the H we can look at the E and then the L and then the L and the O. So now we can do whatever we want with that variable C and it will be added to its own list just like that. So now we've just kind of converted that to a list in not as much of a basic way as just passing it to the list function because we can do whatever we want with this variable C after it's evaluated inside that for loop. You can kind of in your mind to break these away because C is just the value that we're going to be doing whatever we want with and you can give that variable whatever name you want, but this list is just the next part of the list comprehension, but this is a separate thing in our mind. So let's actually get the ordinal value or what number that is in the ASCII table. So I can say or of that and if we check out the ASCII table, we've got to look at letters H, E, L, L and O. And those are numbers 104, 101, 108. Check it out in the ASCII table. I'm over here. H, 104, E, 101, L, 108 and O, 111, just as we saw in Python. So now we can get the sum of this, right? Cool, and modulus it by 10. OK, or modulus by 16, I'm sorry, just as the original challenge was asking for. We want the solution to be 10. So we've got to just pump up the numbers a little bit. Let's go, we're going to have six more than that. So L, M, N, O, P, right? Because P, now that we've changed the O to a P, that 111 now became 112. So if we change the string to whatever we want, we can still keep moving Q, R, ST, et cetera, until we get to 10. So I guess, hell, you is an example string we can use. And we can give that to the binary, give that to the program. Now that we've lost some of the code we were working with. I'm just going to get us back to that same state that we were in. In case this is plaid, nope, it's not this is plaid. Nope. All right, fine. I'll do it for real. Obviously, this would be a lot easier in a script or an automated tool that can handle all of this for us. And we can do that with Pone Tools, which is a pretty neat thing. But we're not there just yet. OK, pasting in the decimal form. Now we want this to result in seven. OK, so that would be heller in our case, heller. Great. Now we've got a real hash. A real hashing function is used for many things. This can include checking to ensure a file has not been changed or hash value would change if any part of it is changed. It's kind of like a digital signature, a digital like thumb print, fingerprints, like if anything were to be different about one file or another, it'll have a different hash. An important use of hashes is for storing passwords because a hashing function cannot be reversed to find the initial data. It is a one way function. Therefore, if someone steals the hashes, they must try many different inputs to see if they can crack it to find out what the password yields the same hash. Normally, this is too much work if the password is too long. But people's passwords can be easy to guess if you can brute force hashes itself. So if you wanted to, you can look at websites that are storing cracked hashes, let's check out what this might be. And their hash, sorry, most hashes are represented as hex. So if we went to Google, we can say hash crack MD5. So that is, as it said, the version or the kind of hash. You can paste it in the crack station. Go ahead and run to the cra, the crapsha, the captcha. And that will crash. It says this is the result. We can paste it in and we're complete. All right, we completed level four. We finished the hash 101 challenge. This is our flag. Go ahead and save that. Perfect. And we can mark this challenge as complete. But I hope you were able to learn a little bit of some cool tips and tricks to use in Python to work with some of the data. And I hope you're able to learn a little bit about hashes if you haven't seen those before, but they are super duper common. We'll see them all the time. They're typically hexadecimal, right? They look like a hex string and they're normally of a fixed length. As it said, either 32 or 40 or 64, depending on the type of hash you're working with. So we'll see them time and time again. But for now, we can submit this flag and move on. Enjoying whatever cool stuff we learned about cybersecurity, computer science, capture the flag stuff. Sweet. Thanks for watching, guys. I want to give a shout out to my supporters. So special thank you to these individuals that are helping support me on Patreon. You're awesome. Can't say it enough. I'm super duper grateful you're willing to go on this journey with me. One dollar a month on Patreon will give you a special shout out just like this at the end of every video. Five dollars a month will give you early access to things that I create. Put them on YouTube because normally I'll wait for YouTube to release them gradually like day by day. If you want it right now, if you want it as soon as the content is ready, you can do just that. If you did like this video, please do press that like button. Maybe leave me a comment if you're willing to subscribe. And if you really want to check me out on Patreon, support me. That would be fantastic. Thank you. Thank you.