miscfreeeasy

find-da-code

TJCTF 2026

Task: 4-stage terminal authentication where each stage shows 10 hex codes and you must pick the correct one; codes are randomized per connection. Solution: statistical frequency analysis over 30+ connections reveals 4 persistent hex codes (0x00FA, 0x1A2B, 0x88D1, 0x9C4F) that always appear — one per stage — among random distractors.

$ ls tags/ techniques/

brute_force authentication_bypass netcat frequency_analysis hex_codes picture_based_auth statistical_analysis

statistical_frequency_analysismulti_connection_samplingautomated_code_selection

$ cat /etc/rate-limit

Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.

find-da-code — TJCTF 2026

Description

You were assigned 4 unique codes to remember a year ago, but you forgot them! Now you need to figure out a way to get in...

P.S. This challenge was inspired by a particular authentication system I had to bypass because I forgot my pictures lol

Connection: nc tjc.tf 31004

English summary: A 4-stage terminal authentication system inspired by picture-based password systems (like Passfaces). Each stage displays 10 hex codes and asks you to pick the correct one — your "assigned" code. The codes and their positions are randomized between connections, so you must figure out which 4 codes are the persistent secrets.

Analysis

Initial Reconnaissance

Connecting to the service shows:

=== SECURE TERMINAL LOGIN ===
Stage 1:
1. 0x3F7E
2. 0x00FA
3. 0xB2C4
4. 0x5D91
5. 0x7A08
6. 0xE6F3
7. 0x4C1D
8. 0xD8A5
9. 0x12B6
10. 0x6E39
Enter choice for stage 1 (1-10):

This repeats for 4 stages. Choosing wrong codes results in:

ERROR: Invalid Authentication Sequence. Connection terminated.

Key Observations

Randomized positions: The same hex code appears at different numbered positions across connections
Randomized distractors: Most hex codes change between connections — they are random noise
No feedback per stage: You only learn if the full 4-stage sequence was correct or not after all stages

Statistical Frequency Analysis

The core insight comes from connecting 30+ times and recording which hex codes appear in each stage. By tallying frequencies:

...

$ grep --similar

Similar writeups

[reverse][free]TunnelMadness— hackthebox
[reverse][free]loicense— pingCTF
[reverse][Pro]Challenge7— tamuctf
[crypto][Pro]Одноразовый блокнот (One-Time Pad)— hackerlab
[misc][Pro]Гесс вот (Guess what)— bug-makers