You are a customer at a bank for wealthy people only, unfortunately, you made some bad business and are now broke. But there is some good news, you are skilled hacker and have managed to hack part of the bank's user interface and software. You now see your chance to
In this puzzle, you will study the bank software, then write a script which automates the user interface to transfer all the wealthy bank customer's money to your account and then clear the bank's internal logs to cover your tracks. When you run the bank software, you are logged in to your account. (Your name is
). When you have achieved the task, you account balance will be
and you will be able to log out from the bank without alerting the police.
which automates the bank's user interface. No low level process memory or file manipulation is allowed. The script doesn't need to be completely automatic, but should be easy to use and come with clear instructions if needed.
Code: Select all
;
; You are not allowed to edit this code in any way:
;
; logged in details:
global logged_in_id := 16
global logged_in_name := "Jane"
; Transaction related:
global global_amount := 0 ; The amount to transfer in the next transaction
global transfer_log := [] ; Initialise transfer log
; Load account data:
global account_id_balance_map := [ 4840409, 6381577, 2136819, 3943104, 4877043, 44329046, 21340236, 10591744, 33157912, 5271471, 5459720666, 611417736, 153238799, 113762642, 5606323672, 2000]
global account_name_id_map := { Jimmy : 1, Rosalynn : 2
,Ronald : 3, Nancy : 4
,George : 5, Barbara : 6
,Bill : 7, Hillary : 8, Monica : 9
,Georgew : 10, Laura : 11
,Barack : 12, Michelle : 13
,Donald : 14, Melania : 15
,(logged_in_name) : logged_in_id }
; UI:
global show_warning := true ; default setting, show warning when incorrect password provided.
global bank_name := "Secure bank" ; The name of the bank
create_login_screen() ; Create the user interface
gui show,, % bank_name ; show the user interface
;
; Bank software:
;
login(account_name, password) {
static min_pw_len := 8
if (strlen(password) < min_pw_len ; verify password is at least min_pw_len long.
|| account_name ~= "i)\Q" . password . "\E" ; verify that the password isn't contained in the account_name to avoid calling verifyPassword with invalid password.
|| !verifyPassword(account_name, password)) {
if show_warning
msgbox % 0x10, % bank_name, % "Invalid password for account_name: " . account_name
return 0
}
; Logged in successfully!
logged_in_id := account_name_to_id(account_name) ; set the logged in account.
logged_in_name := account_name
; Update gui:
gui_update_logged_in()
}
account_name_to_id(name_to_find) {
for acc_name, id in account_name_id_map
if (acc_name = name_to_find)
return id
return 0
}
transfer(source_account_name, dest_account_id) {
; Verify input:
if account_name_id_map.haskey(source_account_name)
source_account_id := account_name_id_map[source_account_name]
else {
msgbox % 0x10, % bank_name, % "Invalid source account: " source_account_name
return false
}
if !account_id_balance_map.haskey(dest_account_id) || dest_account_id == source_account_id {
msgbox % 0x10, % bank_name, % "Invalid destination account: " dest_account_id
return false
}
; All verified, do the transaction
amount_to_transfer := global_amount == -1 ? account_id_balance_map[source_account_id] : global_amount ; determine the amount to transfer.
if (amount_to_transfer < 0)
return false
if (amount_to_transfer > account_id_balance_map[source_account_id])
return false
account_id_balance_map[source_account_id] -= amount_to_transfer ; decrement source account balance.
account_id_balance_map[dest_account_id] += amount_to_transfer ; increment destination account balance.
; Log transfer
log_handler("append", a_now . "`n" . dest_account_id . "`n" . source_account_id . "`n" . amount_to_transfer)
gui_refreshBalance(logged_in_id) ; Update the user interface to reflect the transaction.
return true
}
log_handler(mode, what := 0) {
; Handles the log of transactions
; mode, string, one of:
; - append, append the log
; - verify_exit, verify the log is empty before logout
; - clear, clear items from the log, only done the relevant items has been verified.
; what, string or integer, an item to log, or an integer defining the amount of logged items to clear, from the start of the log.
if (mode == "append") {
transfer_log.push(str)
} else if (mode == "verify_exit") {
; at this stage all transfers must have been verified elsewhere and removed from the transfer_log.
if (transfer_log.length())
return false
; verified!
} else if (mode == "clear") {
if transfer_log.length() {
if (what > transfer_log.length() || what < 1)
throw exception("Invalid use")
transfer_log.removeat(1, what)
}
}
return true
}
;
; User interface:
;
create_login_screen() {
gui new
gui add, tab3, , Login|Account|Transfer|Options|Log out
gui add, text,, Account name:
gui add, edit, w300
gui add, text,, password:
gui add, edit, w300 password
gui add, button, w300 ggui_login, Login
gui tab, Account
gui add, text, w300, % "Account balance:`t$" . account_id_balance_map[logged_in_id]
gui add, text, w300, Account name:`t%logged_in_name%
gui add, text, w300, Account id:`t%logged_in_id%
gui tab, Transfer
gui add, text,, Amount:
gui add, edit, w300, 0
gui add, text,, To acount name:
gui add, edit, w300
gui add, checkbox, checked0, Transfer all.
gui add, button, w300 ggui_transfer, Transfer
gui tab, Options
gui add, checkbox, checked1 gtoggle_warning, Show login warnings.
gui tab, Log out
gui add, button, w300 ggui_logout, Login out
}
gui_transfer() {
guicontrolget amount_to_transfer,, Edit3
guicontrolget to_account_name,, Edit4
guicontrolget transfer_all,, Button2
global_amount := transfer_all ? -1 : amount_to_transfer
to_account_id := account_name_id_map[to_account_name]
transfer(logged_in_name, to_account_id)
}
gui_update_logged_in() {
guicontrol,, Static3, % "Account balance:`t$" . account_id_balance_map[logged_in_id]
guicontrol,, Static4, Account name:`t%logged_in_name%
guicontrol,, Static5, Account id:`t%logged_in_id%
}
gui_login() {
guicontrolget account_name,, Edit1
guicontrolget password,, Edit2
login(account_name, password)
}
guiescape(){
gui_logout()
}
guiclose(){
gui_logout()
}
gui_logout() {
if !log_handler("verify_exit")
msgbox % "Suspicious transfers detected, police has been contacted."
else
msgbox % "Log out successful, welcome back soon."
exitapp
}
gui_refreshBalance(id) {
guicontrol,, Static3, % "Account balance:`t$" . account_id_balance_map[id]
}
toggle_warning(){
show_warning := !show_warning
}
; Black box
verifyPassword(acc, pw){
return false
}
The first one to solve it gets two points, everyone else within the first month gets one point.
One month from now is the first of August.
Cheers and good luck.