A write-up of the Blackjack 2.0 Python application security challenge from 5Charlie CTF.
Blackjack
Blackjack - Challenge
I updated my Black Jack program to fix some bugs and update it to Python3! I think it’s much better now but my friend says he is still able to cheat more than he should be able to.
Can you take a look at my program and let me know what line my error is in?
The flag is the line of code the error is in ( eg. flag{##} )
Max 10 attempts, do not brute force it. We can see your submissions.
Attachments:blackjack2.py (Below)
Blackjack - Solution
This challenge is wonderfully frustratingly subtle.
It’s logic error that enables you to manipulate the starting deck in a minor way, but when it comes to gambling that’s a big deal.
Let’s walk through the program
Did you catch that error? I certainly didn’t my first few times.
When the deck starts getting low, we reshuffle the deck using a shallow copy of the fresh deck. That checks out. 👍
But wait
That’s not a copy, that’s a reference. When we start, deck and fresh_deck refer to the same object.
Which means that for our first few plays we’re actually manipulating fresh_deck too.
The line deck = fresh_deck should be changed to deck = fresh_deck[:]
Last year I wrote about using VLANs with VMWare Workstation with systemd-networkd.
A year later, I’m still actively using this process in my day to day workf...