HHC 2024 – Frosty Keypad

Moving to the right after finishing the cURLing challenge we will encounter both the Hardware Hacking and Keypad challenges. Solving the keypad will give us a hint for solving hardware hacking so we’ll start there.

Talking to Morcel Nougat he will ask for our help getting some shredded documents. It looks like there are two different codes we can use to get in and one of the elves left a hint to one of them that we can use.

Silver Medal

The first combination utilizes the hint we have available next to the keypad but first we’ll need to find a few items in the game world. Reviewing the hints will point us to looking for both a book as well as a UV flashlight. The book can be found behind the boxes to the right of the challenge while the flashlight can be found to the left. Simply walk over each to pick the item up.

Once we have the book we can make use of another hint.

Hmmmm. I know I have seen Santa and the other elves use this keypad. I wonder what it contains. I bet whatever is in there is a National Treasure!

National Treasure being bolded immediately reminded me of the Ottendorf Cipher. We can use the note to translate each of the numbers to letters. Translating each set of numbers gives us S,A,N,T,A or SANTA. This is all well and good but now we need a way to convert this word into numbers to enter into the keypad. For this we can use our second hint item, the UV Flashlight.

Using this on the keypad reveals that the buttons pressed were 2,6,7,8 and enter. This tells us that one of the numbers should be used twice and that the repeated number should be in the 2nd and last position. This gives us the below array of 24 possible combinations.

[‘62872’, ‘62782’, ‘68278’, ‘68728’, ‘67287’, ‘67827’, ‘26876’, ‘26786’, ‘28678’, ‘28768’, ‘27687’, ‘27867’, ‘86276’, ‘86726’, ‘82672’, ‘82762’, ‘87627’, ‘87267’, ‘76286’, ‘76826’, ‘72682’, ‘72862’, ‘78628’, ‘78268’]

We could simply try each of these combinations manually in the keypad until we find the right one but our previous work with cURL should have shown that there’s a faster way to do this

Postman Automation

While this whole process is doable with cURL, I am more familiar with postman and decided to use it to automate this process. I began with creating a new collection and request. This needs to be a POST request against https://hhc24-frostykeypad.holidayh ackchallenge.com/submit?id=ID_HERE (replace ID_HERE with your ID). For the body, set the type to raw and the data to {"answer":"{{currentSequence}}"}. With the request now set up we need to configure the pre-request script and environment variables. The pre-request script is configured under scripts in the collection. Set it to the following

const sequenceList = JSON.parse(pm.environment.get("sequenceList"));
let currentIndex = parseInt(pm.environment.get("currentIndex"));

if (currentIndex < sequenceList.length) {
    pm.environment.set("currentSequence", sequenceList[currentIndex]);
    pm.environment.set("currentIndex", currentIndex + 1);
} else {
    pm.environment.unset("currentSequence");  // Clear the variable when done
    pm.environment.unset("currentIndex");     // Clear the index when done
    throw new Error("All combinations tested"); // Stop the runner by throwing an error
}

Make sure to save before moving to the environments tab. Create and activate a new environment and set 2 variables. First set sequenceList to the array of possibilities above. Next create currentIndex and set it to 0. With this done and saved we can run the collection 24 times ensuring that we save the response and set an accurate timeout value to avoid getting rate limited (I used 1000ms). When it completes look for the iteration that responded 200 OK and you should see the combination is 72682. Entering this in the keypad will unlock the silver medal.

Gold Medal

There is definitely an elegant way to find the second code however for every elegant solution there is also a more ham-fisted approach that can still get results. In this case the ham-fisted method of brute forcing all 1024 combinations of the pressed numbers. This list can then be added in place of the previous array of possible solutions in our Postman setup and rerun at 1024 iterations. Letting this run through should provide 2 successful responses, one should be the previous solution, and one should be our new solution of 22786. Once again entering this into the keypad will unlock the Gold Medal.

Leave a Reply

Your email address will not be published. Required fields are marked *