Imagine a bacon-wrapped Ferrari. Still not better than our free technical reports.
See all our reports

Celebrate the Programmer’s Day with ZeroTurnaround

We are very passionate about our work and our trade. So as the 0x100th day was nearing, we decided to celebrate it with a special challenge to all you developers out there! (and especially Java developers). And if you can solve then you would automatically pass through the first round of interviews at ZeroTurnaround :)

For bonus points write in the comments how long it took you and what tools did you use.

Have fun!

  • emmm ~2minutes to google online hex->asccii convertor, paster  it there and open the url 

  • emmm ~2minutes to google online hex->asccii convertor, paster  it there and open the url 

  • This is only the first step. Do continue.

  • Took around two hours, used JD decompiler, JAD decompiler, jdb and good old hex editor :)

  • Thomas

    in my head 2 minuts

  •   if(42 != 100)
                throw new IllegalArgumentException(“Fix me! Please!”);
            else

    on right track i suppose :) 

  • Bilgi

    hmm :/ ipek Teknik 

  • Bilgi

    hmm :/ ipek Teknik 

  • Ip_k
  • Got to TWISTED bytearray, then gave up, since I do not know Java, and its compiled bytecode. Looks lik that I’m not target audience of the ad :)

  • Gcsaba2

    I’m trying to start the JAR file but it always outputs an empty string… I hope this is not an applet!

  • I think your console is eating the output because it is binary, try redirecting to a file.

  • Gcsaba2

    Ohh I can’t fix this now, I have a customer meeting :(
    Good challenge though!

  • victor

    got to Almost there now what ?

  • I liked the image trick :)
    The next couple of hoops to jump through just needed a nice java decompiler.

  • victor

    done , in 3 hours with jad , split and java

  • Magicbohemian

    vim xxd
    5 minutes

  • Magicbohemian

    vim xxd
    5 minutes

  • took two heads and 20 minutes :)
    escape, wget, unzip, java, jad, javac, strings, escape
    and neither of us is java programmer :)

  • Anonymous

    1h 45min using hex editor, google :-) and JAD decompiler

  • Mark Baranin

    20 minutes using regedit & notepad++ to get the zt to xor 1. after reading “debugging concurrency issues” I understood that without any knowledge of java there’s nothing else for me to do.

    thanks for good entertainment. reminded me of this: http://www.adpunch.org/entry/ea-posts-job-vacancy-billboard-right-before-rivals-office/

  • It’s just the start :)

  • Quinton Dolan

    I solved it in about 45 minutes 

    I used:
    javap
    jdb
    hexfiend
    perl
    Calculator.app
    Java Bytecode reference

    I solved it entirely without using a decompiler and without writing any java code.

  • Quinton Dolan

    I completed it in around 45 minutes:
    Initially I used my iPhone only, but for part 2 I used:
    javapjdbhexfiendperlCalculator.appa java bytecode reference guide

    To make it interesting I did it entirely without using a decompiler and without compiling any new java bytecode.

  • Phani

    Downloaded the image from bitly url and opened in a hex editor.  how to go ahead?

  • Did you get passed the image?

  • Hahahahaha @ iphone :)

  • public int this_is_what_you_re_looking_for_687474703a2f2f6269742e6c792f7a742d70757a7a6c652d72656c6f61646564(int);
    However I gor…JavaClassFileReadException: premature eof on `AlmostThere.class’, requested 2217, limit 2215 , when using javap

  • Dondi Imperial

    Also around 2 hours. I used jad, emacs, jdb and google chrome. That was fun. :)

  • Geert Bevin

    Thanks for the nice entertainment, the image trick was clever. Took about two hours using Jad, Eclipse, ASM, spent a relatively long time on the last concurrency step since I was trying to figure out which ‘problem’ you were trying to get ‘fixed’ … until I really read that method name :-)

  • Geert Bevin

    Thanks for the nice entertainment, the image trick was clever. Took about two hours using Jad, Eclipse, ASM, spent a relatively long time on the last concurrency step since I was trying to figure out which ‘problem’ you were trying to get ‘fixed’ … until I really read that method name :-)

  • Vjacheslav Ignatyev

    _that_is_what_I_looked_for_
    yearr
    emacs, jad ~1h

  • silb

    Not sure if this was part of the puzzle but I managed to run the concurrency troubled program to completion by killing one of its threads with jdb – didn’t know how to do that till today. Thanks :-)

  • Vjacheslav Ignatyev

    It took about a hour with emacs and jad.
    yeaaa_that_is_what_I_looked_for_!

  • Wasn’t part of the puzzle but cool find. I guess I’m so used to IDE debuggers that I don’t know how to do that in jdb either.

  • Super Mario

    $ echo “62:69:74:2e:6C:79:2f:7a:74:2d:70:75:7a:7a:6c:65” | xxd -r -p
    bit.ly/zt-puzzle$

    $ lynx -dump `echo “62:69:74:2e:6C:79:2f:7a:74:2d:70:75:7a:7a:6c:65” | xxd -r -p`

    $ wget http://www.zeroturnaround.com/wp-content/uploads/2011/07/accept-teh-challenge.png

    $ xxd accept-teh-challenge.png | vi –
    Vim: Reading from stdin…

    $ unzip accept-teh-challenge.png
    Archive:  accept-teh-challenge.png
    warning [accept-teh-challenge.png]:  76314 extra bytes at beginning or within zipfile
      (attempting to process anyway)
       creating: META-INF/
      inflating: META-INF/MANIFEST.MF    
      inflating: 1                       
      inflating: ZT.class                

    $ jad ZT.class
    Parsing ZT.class… Generating ZT.jad
    $ vi ZT.jad
    $ java ZT > output.txt
    $ vi output.txt
    $ jad output.txt
    Parsing output.txt… Generating ZTChallenge.jad
    Overlapped try statements detected. Not all exception handlers will be resolved in the method main
    Couldn’t fully decompile method main
    $
    $
    $ vi ZTChallenge.jad
    $
    Ok, emergency issue at work. Back to optimizing SQL performance issue :D.

  • Andres Kalle

    Typed the ASCII in with % signs and let the browser URL decode it.
    Got sidetracked by parsing the PNG data and didn’t notice the actual hidden content for a while.
    The META-INF/MANIFEST.MF was a clear clue that it’s a JAR.
    Used BeyondCompare to view the source of ZTChallenge (it has a standard plugin for comparing .class files by first decompiling them using jad). It was unable to decompile everything, but I got enough code to extract the bytecode for the next class.
    At that point, the “this_is_what_you_re_looking_for” part was staring me in the face, but for some reason I decided to ignore it and spend several hours trying to fix the bytecode and get a class out of it.
    Eventually returned to the hex string, measured its length and was distracted by 64 being a “round” number. Thought it might be an IPv6 address, but realised it has 256 bits instead of 128. Then looked at the actual bytes and spotted the familiar 0x60-70 range and the double 2F and realised it’s another URL :)

  • Tim Eck

    Did the ascii converstion by hand using asciitable.com :-)

    A little jad and ASM from there. Took a little while to notice that the output from the PNG was .class. Thought I had some terminal emulation problem with all that garbage on my screen. Once I piped it to od -x it was a little more obvious.

  • Matti Jagula

    Damn, you completely nerd-sniped me :) Spent two hours fixing the concurrency problem, which I managed to rewrite to not deadlock anymore. And then I figured out the answer had been staring back at me all that time :)

    Used vim, python, jad, and of course a hex editor.

  • well, I’m disappointed by such ending.  it’s clear that you guys are lacking some culture of ‘crackme’ creation.  good crackme is more like chess etude. it’s meaning – to demonstrate clever and non-obvious way of solving specific problem.  there’s no place for cheap trickery in good crackme.  ;-)

    spend 1.5 hours (mostly ‘debugging concurrency’), have used hiew, jad, dirtyjoe, perl.

  • well, I’m disappointed by such ending.  it’s clear that you guys are lacking some culture of ‘crackme’ creation.  good crackme is more like chess etude. it’s meaning – to demonstrate clever and non-obvious way of solving specific problem.  there’s no place for cheap trickery in good crackme.  ;-)

    spend 1.5 hours (mostly ‘debugging concurrency’), have used hiew, jad, dirtyjoe, perl.

  • ~3h in total w/o breaks.
    Hex Fiend & SynalizeIt.
    jad & javap.

  • bedla.czech

    Got it in 2,5 hours (mostly trying tools but finally ended up with good old JAD).
    Tools: pspad, idea, java-decompiler, jad, jbe)

  • Andres Kalle

    I can’t believe noone’s posted the nerd sniping XKCD comic yet: http://xkcd.com/356/

  • fish

    About half an hour using jad/java/javac and an online hex/asci converter..

    Nice creation, kudos!

  • Andres Kalle

    Ah, this explains it. I also used JD-GUI to try and decompile ZTChallenge and used the array definition code from there, but apparently for indexes between 128 and 255, instead of integer indices, it used character literals:

    arrayOfByte[‘ä’] = 96;

    arrayOfByte[‘å’] = 76;

    And when I copied this to Eclipse, the encoding got messed up, so I got partially corrupted bytecode for AlmostThere.class and thought part of the puzzle was analyzing and repairing it :D

    On the other hand, this helped me find the actual solution before I had to deal with any threading or concurrency issues.

  • Bjarni

    Took 50 minutes, plus the 30-40 min spent on the “concurrency problem”. >:(
    Used hex2string converter, jad, text editor, calculator and of course java/javac

  • Vassili

    Luckily, didn’t start fixing concurrency problem :)

  • Alex Snaps

    Same here… Why would I ever care about a method name :P
    Good clean fun using idea, javap & asm to adapt the classes.

  • Bruno Canettieri

    Little under 2 hours…used asciitable, jad and eclipse.

    I am mainly a .Net programmer so I discover some new things about Java =D Thanks

  • Oleg Shelajev

    Well, I hope you enjoyed it until the end :)
    But thanks for the feedback, when we prepare another puzzle, we’ll make it more etude-ish and try to deny all simple workarounds.

  • Murka

    Took about 3 hours to complete. I fixed the 42!=100 part, but the rest seemed to require more than hex editing. Looked for some decompilers but none could spew out code that would recompile so i took a shortcut and just wrote code to xor the array and give me the next file. Upon reading it i instantly found the this_is_what_you_are_looking_for and familiar range of hex codes.
    Probably would have been easier if i had touched java before.

  • Harro

    It took me about 2 hours yesterday to get to the challenge class. I was stuck because I could not convert that twisted array to proper bytecode. The problem was the JD decompiler. Thanks to comments in this thread, I tried this morning with JAD and was able to get a valid class. Almost there. Using the same trick to solve the puzzle url I found the solution URL. I may now apply for a job with ZeroTurnaround? :)

    Thanks for the challenge! Now let’s get back to work ;)

    Tools used: IntelliJ, Java, JAD, WinHex (and JD decompiler, but let’s forget that)

  •  Ah, so we were not supposed to fix the concurrency bug after all?  I grabbed the lock array using reflection and made both locks the same object.  That way we would not have the deadlock.  No output, of course.  I eventually just grabbed the method name and used that.  Was that what I was supposed to do?

  • Yeah, the idea was to spot it from the thread dump.

  • Took me almost an hour. 
    I used a frhed hex editor, jd decompiler, jbe, jdb, and Google Chrome for the final step. It was lots of fun!

  • Ivar Mällas

    Link was sent to me at 9:55. You solved the puzzle was replied 11:36 (same day :) ).
    Used eclipse, jad and google. I cheated though because I read comments and got clues about the tools to use. Never used a decompiler before so learned something new today. Thanks!

  • Anonymous

    agrrr… wanna laugh? Go ahead… At first I used stand-alone JD-GUI
    (neither eclipse plugin nor command line) and the result didn’t look at
    that moment as surprising for me as it is probably for rest of You guys,
    who used solved the puzzle using jad… What I saw was a main method
    containing only bytecode instructions in form of comments like that:

      public static void main(String[] paramArrayOfString)

        throws java.lang.Exception

      {

        // Byte code:

        //   0: iconst_0

        //   1: istore_3

        //   2: goto +140 -> 142

        //   5: iload_3

        //   6: ifne +12 -> 18

        //   145: goto -140 -> 5

        //

        // Exception table:

        //   from    to    target    type

        //   5    15    5    java/lang/Exception

      }

    But as far as I understand JRebel is a lot about modifying bytecode(with
    some kind of higher level tools, but still), then I thought that the
    challenge might require me to actually study and understand each
    bytecode instruction and decode it to Java source – in my mind I
    congratulated Römer for such a interesting challenge (I though that
    probably he is the mastermind behind the challenge and based on final
    URL I guess I was right)… Well, I did it – it just took me a lot of
    time ;)

    Even though at the moment I feel a bit embarrassed for playing
    translator from bytecode to java I’m slightly proud as well. I should
    have tried other decompilers as well and make my life easier, but then I
    wouldn’t have learned anything about bytecode – at least now I
    understand how JVM interpreters each of those bytecode instructions ;)

    Obviously I was very surprised at first when I read comments from here that some guys have solved it in one or two hours :D

    My toolkit:

    1) eclipse

    2) code to convert from hex to string – at the moment not as proud as Super Mario with his single-liner

    3) Avira antivirus – tnx for the hint ;)

    4) 7zip

    5) JD-GUI – should have used jad

    6) few web pages regarding bytecode. Biggest thanx to Anton – I almost
    read this article 3 times to squeeze most out of this article:
    http://arhipov.blogspot.com/2011/01/java-bytecode-fundamentals.html

  • Maciej M

    About 2h used jad, online hex editor, and the best java ide – idea :)
    Really nice fun, thx 

  • I used our domestic product http://www.cs.ioc.ee/~ando/jbe/ for fixing fixMe method and utilities jps and jstack from JDK to locate deadlock.

  • Toomas Tamm

    Took about two hours. I first had to photograph the ad (the huge banner at Akadeemia tee in Tallinn) and then used hexdump, emacs, java, jdc, and I tried to re-compile the java code with gjc, but that failed. I had found this thread by the time and did not waste time on the concurrency issue. Instead, I wrote a piece in C (so I also used gcc) to decode the last part and again, thanks to this page, immediately proceeded to decoding the final URL.

    This was my first contact ever with java, and I do not think I wrote any piece in C in the last ten years or so… I am not a programmer at all, although I did a lot of programming in my previous life.

  • 1,5h. Found it late, but a very cool test. Used Eclipse, Unix tools (dd) and Apache BCEL. It was a huge fun.

  • Paulius

    Old, but nice one. ~15min; XCode, unzip, JAD, online tool for HEX2ASCII

  • Ryan Schipper

    A little over an hour. I’m on OSX, so I used 0xED, JD-GUI and jad.
    Probably wasted half an hour because JD-GUI couldn’t decompile that first one.

    Nice red herrings.

  • Ryan Schipper

    I had the same issue with JD-GUI. Wasted five minutes hand-modifying the indexes only to find that it also couldn’t decompile the main. Jad to the rescue!

  • Ryan Schipper

    Importantly, no clues. =)

  • after 3 hours I did it.
    Nice challenge.
    I just hope that I could get an interview now … =)
    Just a tip, I tried out some java decompilers, but I was not getting the whole decompiled class, until I found jode.

  • Guest

    2 minutes: window’s charmap and notepad -_-u

  • I think you only got the first step done!