
HackerPit: challenge your inner hacker - Ecco
http://hackerpit.com/
======
jackmaney
You need to change "In this picture, I see _____" to "In this picture, I think
you see ____".

I see nothing but static, and have never been able to see the images in those
old-fashioned "3D" pictures. Thus, when I say "In this picture, _I_ see
static", that is absolutely correct.

Why should I waste another second on your page after you've pulled such a
bait-and-switch? What does the page have to do with hacking?

~~~
shawabawa3
It's not a 3D picture. There's a code hidden in the image.

I found it by opening in gimp and randomly messing with
colours/brightness/levels/etc

Level 2 appears to require that I download iTunes to reverse engineer an
itunes twitter app... I gave up on that

~~~
xvolter
You can also do this in Chrome/webkit by inspecting the element and messing
with -webkit-filter, I used: -webkit-filter: brightness(50%) contrast(5000%)
sepia(0%); To reveal the code.

------
aeurielesn
I can't why this application will need all these permissions:

    
    
      + Read Tweets from your timeline.
      + See who you follow.
    

Why's that?

Are these standard twitter permissions?

~~~
Ecco
Unless you have locked your account (missing the whole point of Twitter IMHO)
this is public information…

And yes, this is just the default settings :-)

------
xvolter
I feel like level 4 doesn't take [http://www.mjt.me.uk/posts/falsehoods-
programmers-believe-ab...](http://www.mjt.me.uk/posts/falsehoods-programmers-
believe-about-addresses/) into account.

Also, the question on level 4, "The only gramatically correct address in that
file is", grammatically is spelled incorrectly. Since it wouldn't make a good
hint, I assume it's a typo.

------
darxius
I definitely see shapes when I back up and focus in the middle of the picture.
Reminds me of those awesome hidden picture games as a kid.

I swear I saw Santa.

~~~
Ecco
Don't get yourself a pink eye tough! Hint: I'd be very surprised if you could
see "it" with your naked eyes. You'd better fire up your favorite image editor
;-)

~~~
darxius
Nice, I got the first one. This is fun.

~~~
Ecco
Thanks!

------
lotsofcows
It didn't like "polar bear in a snow storm" so I had play with an image editor
and then gave up because of the Twitter requirement.

~~~
Ecco
Really? Is requiring Twitter _that_ bad? I thought it was a convenient way for
most people to signup!

~~~
shawabawa3
You know what's a convenient way for people to sign up? Having them enter an
email/password.

What are you gaining from Twitter authentication? What are users gaining from
it?

------
eranation
Hm... nice, but I managed to get to level 4 with just using some Google fu
(for #2) and the online <http://pixlr.com> (was lazy enough to download GIMP).
And I didn't need to write a line of code so far (yep, not even for #3, took
me 5 minutes manually). Is that the intention?

~~~
xvolter
I hope that it gets harder, but so far it doesn't appear it will.

------
zombio
Viewed source, found hint. When I get home I'm going to try searching for all
colours that aren't FFFFFF or 000000.

The file name looks like a code.

------
zfran
Got to level 2 and gave up on the Twitter app one, since I'm running Linux and
I don't have an Apple computer handy.

~~~
Ecco
Indeed, but that's not the only way to solve this level!

------
dpcx
I got to level 3. Then there's talk of writing code about Rainman, and now I'm
fully stumped.

~~~
shawabawa3
Well... either you can do image processing to count the number of blobs...or
do a vague count, get a ballpark figure and brute force it

~~~
Ecco
Indeed! Again, that's part of the game. The server is having a bit of a hard
time though, as you weren't the only one having this idea :-)

------
k3liutZu
Remembering why I don't like OAuth

~~~
Ecco
Well, it's more to do with white box crypto ;-)

------
jroblak
The hint in the source is a little strange...it's not really a hint at all.

~~~
adlpz
Well... it _is_ a hint. It does look like that, but it isn't.

------
danbruc
Why sign in with twitter? I have no twitter account so they lost me.

~~~
Ecco
Hi, author here.

Restricting login to Twitter was initially an experiment. Turns out it's also
very convenient for people who are on Twitter, as you signup in a single
click!

And since this website is far from being important for anyone, I thought it
made more sense to lose a few users here and there rather than forcing
everyone through the tedious tunnel of picking an email, picking a password,
checking your email, etc…

Still I'm really sorry to have lost you. Good job on getting to level 2
though!

~~~
zombio
Level 2? The sign in button is on the first page.

~~~
evo_9
Once you pass level 1 you are asked to login with Twitter to continue.

------
ryanSrich
\+ Drag image to desktop

\+ Open photoshop

\+ Reduce brightness 2-4 times

\+ Punch in code

\+ Get to level 2

\+ Give up

~~~
Ecco
Why? Level 2 isn't good?

~~~
shawabawa3
As far as I can tell, you're supposed to download iTunes on mac and reverse
engineer the oauth secret key from the twitter app.

I just got it by googling twitter oauth key leaks...

Definitely wasn't a fun or interesting challenge.

~~~
xvolter
Agreed. Rather lame, just found the solution on pastebin.

~~~
Ecco
Well, that's one of the ways. The fun one involves GDB :)

------
tobeportable
reminds me of : <http://www.ouverture-facile.com/riddles/>

~~~
Ecco
Ouverture facile definitely was an inspiration. This is more developper/hacker
oriented though.

------
abhshkdz
Level 4 hint:

Streets:

1\. rue du Temple

2\. boulevard Montmartre

3\. boulevard du Temple

4\. impasse du chat

5\. rue des blancs-manteaux

6\. avenue des champs-elysees

