Blog

The latest expert opinions, articles, and guides for the Java professional.

Celebrate the Programmer’s Day with ZeroTurnaround

We are very passionate about our work and our trade. So as the 0x100th day was nearing, we decided to celebrate it with a special challenge to all you developers out there! (and especially Java developers). And if you can solve then you would automatically pass through the first round of interviews at ZeroTurnaround :)

For bonus points write in the comments how long it took you and what tools did you use.

Have fun!

Responses (70)

  1. Avatar  

    Leonid M

    September 13, 2011 @ 9:49 am

    emmm ~2minutes to google online hex->asccii convertor, paster  it there and open the url 

  2. Avatar  

    Leonid M

    September 13, 2011 @ 9:49 am

    emmm ~2minutes to google online hex->asccii convertor, paster  it there and open the url 

  3. Avatar  

    Toomas Römer

    September 13, 2011 @ 10:04 am

    This is only the first step. Do continue.

  4. Avatar  

    Madis Pink

    September 13, 2011 @ 10:05 am

    Took around two hours, used JD decompiler, JAD decompiler, jdb and good old hex editor :)

  5. Avatar  

    Thomas

    September 13, 2011 @ 10:44 am

    in my head 2 minuts

  6. Avatar  

    Leonid M

    September 13, 2011 @ 10:51 am

      if(42 != 100)
                throw new IllegalArgumentException(“Fix me! Please!”);
            else

    on right track i suppose :) 

  7. Avatar  

    Bilgi

    September 13, 2011 @ 11:13 am

    hmm :/ ipek Teknik 

  8. Avatar  

    Bilgi

    September 13, 2011 @ 11:13 am

    hmm :/ ipek Teknik 

  9. Avatar  

    Ip_k

    September 13, 2011 @ 11:15 am

    thank kombi servisi

  10. Avatar  

    Kaspars Foigts

    September 13, 2011 @ 11:24 am

    Got to TWISTED bytearray, then gave up, since I do not know Java, and its compiled bytecode. Looks lik that I’m not target audience of the ad :)

  11. Avatar  

    Gcsaba2

    September 13, 2011 @ 11:36 am

    I’m trying to start the JAR file but it always outputs an empty string… I hope this is not an applet!

  12. Avatar  

    Toomas Römer

    September 13, 2011 @ 11:37 am

    I think your console is eating the output because it is binary, try redirecting to a file.

  13. Avatar  

    Gcsaba2

    September 13, 2011 @ 11:59 am

    Ohh I can’t fix this now, I have a customer meeting :(
    Good challenge though!

  14. Avatar  

    victor

    September 13, 2011 @ 12:10 pm

    got to Almost there now what ?

  15. Avatar  

    Daniel Parnell

    September 13, 2011 @ 12:27 pm

    I liked the image trick :)
    The next couple of hoops to jump through just needed a nice java decompiler.

  16. Avatar  

    victor

    September 13, 2011 @ 12:28 pm

    done , in 3 hours with jad , split and java

  17. Avatar  

    Magicbohemian

    September 13, 2011 @ 12:37 pm

    vim xxd
    5 minutes

  18. Avatar  

    Magicbohemian

    September 13, 2011 @ 12:37 pm

    vim xxd
    5 minutes

  19. Avatar  

    Kalle Volkov

    September 13, 2011 @ 12:39 pm

    took two heads and 20 minutes :)
    escape, wget, unzip, java, jad, javac, strings, escape
    and neither of us is java programmer :)

  20. Avatar  

    Anonymous

    September 13, 2011 @ 12:46 pm

    1h 45min using hex editor, google :-) and JAD decompiler

  21. Avatar  

    Mark Baranin

    September 13, 2011 @ 12:55 pm

    20 minutes using regedit & notepad++ to get the zt to xor 1. after reading “debugging concurrency issues” I understood that without any knowledge of java there’s nothing else for me to do.

    thanks for good entertainment. reminded me of this: http://www.adpunch.org/entry/ea-posts-job-vacancy-billboard-right-before-rivals-office/

  22. Avatar  

    Jevgeni Kabanov

    September 13, 2011 @ 1:02 pm

    It’s just the start :)

  23. Avatar  

    Quinton Dolan

    September 13, 2011 @ 1:06 pm

    I solved it in about 45 minutes 

    I used:
    javap
    jdb
    hexfiend
    perl
    Calculator.app
    Java Bytecode reference

    I solved it entirely without using a decompiler and without writing any java code.

  24. Avatar  

    Quinton Dolan

    September 13, 2011 @ 1:13 pm

    I completed it in around 45 minutes:
    Initially I used my iPhone only, but for part 2 I used:
    javapjdbhexfiendperlCalculator.appa java bytecode reference guide

    To make it interesting I did it entirely without using a decompiler and without compiling any new java bytecode.

  25. Avatar  

    Phani

    September 13, 2011 @ 1:33 pm

    Downloaded the image from bitly url and opened in a hex editor.  how to go ahead?

  26. Avatar  

    Toomas Römer

    September 13, 2011 @ 1:39 pm

    Did you get passed the image?

  27. Avatar  

    Toomas Römer

    September 13, 2011 @ 1:39 pm

    Hahahahaha @ iphone :)

  28. Avatar  

    Andrei Tkachyov

    September 13, 2011 @ 1:44 pm

    public int this_is_what_you_re_looking_for_687474703a2f2f6269742e6c792f7a742d70757a7a6c652d72656c6f61646564(int);
    However I gor…JavaClassFileReadException: premature eof on `AlmostThere.class’, requested 2217, limit 2215 , when using javap

  29. Avatar  

    Dondi Imperial

    September 13, 2011 @ 3:02 pm

    Also around 2 hours. I used jad, emacs, jdb and google chrome. That was fun. :)

  30. Avatar  

    Geert Bevin

    September 13, 2011 @ 3:47 pm

    Thanks for the nice entertainment, the image trick was clever. Took about two hours using Jad, Eclipse, ASM, spent a relatively long time on the last concurrency step since I was trying to figure out which ‘problem’ you were trying to get ‘fixed’ … until I really read that method name :-)

  31. Avatar  

    Geert Bevin

    September 13, 2011 @ 3:47 pm

    Thanks for the nice entertainment, the image trick was clever. Took about two hours using Jad, Eclipse, ASM, spent a relatively long time on the last concurrency step since I was trying to figure out which ‘problem’ you were trying to get ‘fixed’ … until I really read that method name :-)

  32. Avatar  

    Jevgeni Kabanov

    September 13, 2011 @ 4:02 pm

    http://xkcd.com/916/

  33. Avatar  

    Vjacheslav Ignatyev

    September 13, 2011 @ 4:15 pm

    _that_is_what_I_looked_for_
    yearr
    emacs, jad ~1h

  34. Avatar  

    silb

    September 13, 2011 @ 4:19 pm

    Not sure if this was part of the puzzle but I managed to run the concurrency troubled program to completion by killing one of its threads with jdb – didn’t know how to do that till today. Thanks :-)

  35. Avatar  

    Vjacheslav Ignatyev

    September 13, 2011 @ 4:19 pm

    It took about a hour with emacs and jad.
    yeaaa_that_is_what_I_looked_for_!

  36. Avatar  

    Toomas Römer

    September 13, 2011 @ 4:24 pm

    Wasn’t part of the puzzle but cool find. I guess I’m so used to IDE debuggers that I don’t know how to do that in jdb either.

  37. Avatar  

    Super Mario

    September 13, 2011 @ 5:27 pm

    $ echo “62:69:74:2e:6C:79:2f:7a:74:2d:70:75:7a:7a:6c:65” | xxd -r -p
    bit.ly/zt-puzzle$

    $ lynx -dump `echo “62:69:74:2e:6C:79:2f:7a:74:2d:70:75:7a:7a:6c:65” | xxd -r -p`

    $ wget http://www.zeroturnaround.com/wp-content/uploads/2011/07/accept-teh-challenge.png

    $ xxd accept-teh-challenge.png | vi –
    Vim: Reading from stdin…

    $ unzip accept-teh-challenge.png
    Archive:  accept-teh-challenge.png
    warning [accept-teh-challenge.png]:  76314 extra bytes at beginning or within zipfile
      (attempting to process anyway)
       creating: META-INF/
      inflating: META-INF/MANIFEST.MF    
      inflating: 1                       
      inflating: ZT.class                

    $ jad ZT.class
    Parsing ZT.class… Generating ZT.jad
    $ vi ZT.jad
    $ java ZT > output.txt
    $ vi output.txt
    $ jad output.txt
    Parsing output.txt… Generating ZTChallenge.jad
    Overlapped try statements detected. Not all exception handlers will be resolved in the method main
    Couldn’t fully decompile method main
    $
    $
    $ vi ZTChallenge.jad
    $
    Ok, emergency issue at work. Back to optimizing SQL performance issue :D.

  38. Avatar  

    Andres Kalle

    September 13, 2011 @ 6:24 pm

    Typed the ASCII in with % signs and let the browser URL decode it.
    Got sidetracked by parsing the PNG data and didn’t notice the actual hidden content for a while.
    The META-INF/MANIFEST.MF was a clear clue that it’s a JAR.
    Used BeyondCompare to view the source of ZTChallenge (it has a standard plugin for comparing .class files by first decompiling them using jad). It was unable to decompile everything, but I got enough code to extract the bytecode for the next class.
    At that point, the “this_is_what_you_re_looking_for” part was staring me in the face, but for some reason I decided to ignore it and spend several hours trying to fix the bytecode and get a class out of it.
    Eventually returned to the hex string, measured its length and was distracted by 64 being a “round” number. Thought it might be an IPv6 address, but realised it has 256 bits instead of 128. Then looked at the actual bytes and spotted the familiar 0x60-70 range and the double 2F and realised it’s another URL :)

  39. Avatar  

    Tim Eck

    September 13, 2011 @ 6:32 pm

    Did the ascii converstion by hand using asciitable.com :-)

    A little jad and ASM from there. Took a little while to notice that the output from the PNG was .class. Thought I had some terminal emulation problem with all that garbage on my screen. Once I piped it to od -x it was a little more obvious.

  40. Avatar  

    Matti Jagula

    September 13, 2011 @ 7:03 pm

    Damn, you completely nerd-sniped me :) Spent two hours fixing the concurrency problem, which I managed to rewrite to not deadlock anymore. And then I figured out the answer had been staring back at me all that time :)

    Used vim, python, jad, and of course a hex editor.

  41. Avatar  

    bsl_zcs

    September 13, 2011 @ 7:11 pm

    well, I’m disappointed by such ending.  it’s clear that you guys are lacking some culture of ‘crackme’ creation.  good crackme is more like chess etude. it’s meaning – to demonstrate clever and non-obvious way of solving specific problem.  there’s no place for cheap trickery in good crackme.  ;-)

    spend 1.5 hours (mostly ‘debugging concurrency’), have used hiew, jad, dirtyjoe, perl.

  42. Avatar  

    bsl_zcs

    September 13, 2011 @ 7:11 pm

    well, I’m disappointed by such ending.  it’s clear that you guys are lacking some culture of ‘crackme’ creation.  good crackme is more like chess etude. it’s meaning – to demonstrate clever and non-obvious way of solving specific problem.  there’s no place for cheap trickery in good crackme.  ;-)

    spend 1.5 hours (mostly ‘debugging concurrency’), have used hiew, jad, dirtyjoe, perl.

  43. Avatar  

    Andrei Tkachyov

    September 13, 2011 @ 7:18 pm

    ~3h in total w/o breaks.
    Hex Fiend & SynalizeIt.
    jad & javap.

  44. Avatar  

    bedla.czech

    September 13, 2011 @ 7:22 pm

    Got it in 2,5 hours (mostly trying tools but finally ended up with good old JAD).
    Tools: pspad, idea, java-decompiler, jad, jbe)

  45. Avatar  

    Andres Kalle

    September 13, 2011 @ 7:28 pm

    I can’t believe noone’s posted the nerd sniping XKCD comic yet: http://xkcd.com/356/

  46. Avatar  

    fish

    September 13, 2011 @ 7:30 pm

    About half an hour using jad/java/javac and an online hex/asci converter..

    Nice creation, kudos!

  47. Avatar  

    Andres Kalle

    September 13, 2011 @ 7:38 pm

    Ah, this explains it. I also used JD-GUI to try and decompile ZTChallenge and used the array definition code from there, but apparently for indexes between 128 and 255, instead of integer indices, it used character literals:

    arrayOfByte[‘ä’] = 96;

    arrayOfByte[‘å’] = 76;

    And when I copied this to Eclipse, the encoding got messed up, so I got partially corrupted bytecode for AlmostThere.class and thought part of the puzzle was analyzing and repairing it :D

    On the other hand, this helped me find the actual solution before I had to deal with any threading or concurrency issues.

  48. Avatar  

    Bjarni

    September 13, 2011 @ 8:18 pm

    Took 50 minutes, plus the 30-40 min spent on the “concurrency problem”. >:(
    Used hex2string converter, jad, text editor, calculator and of course java/javac

  49. Avatar  

    Vassili

    September 13, 2011 @ 8:32 pm

    Luckily, didn’t start fixing concurrency problem :)

  50. Avatar  

    Alex Snaps

    September 13, 2011 @ 9:08 pm

    Same here… Why would I ever care about a method name :P
    Good clean fun using idea, javap & asm to adapt the classes.

  51. Avatar  

    Bruno Canettieri

    September 13, 2011 @ 9:20 pm

    Little under 2 hours…used asciitable, jad and eclipse.

    I am mainly a .Net programmer so I discover some new things about Java =D Thanks

  52. Avatar  

    Oleg Shelajev

    September 13, 2011 @ 9:31 pm

    Well, I hope you enjoyed it until the end :)
    But thanks for the feedback, when we prepare another puzzle, we’ll make it more etude-ish and try to deny all simple workarounds.

  53. Avatar  

    Murka

    September 14, 2011 @ 7:12 am

    Took about 3 hours to complete. I fixed the 42!=100 part, but the rest seemed to require more than hex editing. Looked for some decompilers but none could spew out code that would recompile so i took a shortcut and just wrote code to xor the array and give me the next file. Upon reading it i instantly found the this_is_what_you_are_looking_for and familiar range of hex codes.
    Probably would have been easier if i had touched java before.

  54. Avatar  

    Harro

    September 14, 2011 @ 9:17 am

    It took me about 2 hours yesterday to get to the challenge class. I was stuck because I could not convert that twisted array to proper bytecode. The problem was the JD decompiler. Thanks to comments in this thread, I tried this morning with JAD and was able to get a valid class. Almost there. Using the same trick to solve the puzzle url I found the solution URL. I may now apply for a job with ZeroTurnaround? :)

    Thanks for the challenge! Now let’s get back to work ;)

    Tools used: IntelliJ, Java, JAD, WinHex (and JD decompiler, but let’s forget that)

  55. Avatar  

    Heinz Kabutz

    September 14, 2011 @ 9:31 am

     Ah, so we were not supposed to fix the concurrency bug after all?  I grabbed the lock array using reflection and made both locks the same object.  That way we would not have the deadlock.  No output, of course.  I eventually just grabbed the method name and used that.  Was that what I was supposed to do?

  56. Avatar  

    Toomas Römer

    September 14, 2011 @ 12:10 pm

    Yeah, the idea was to spot it from the thread dump.

  57. Avatar  

    Yonatan

    September 15, 2011 @ 9:13 pm

    Took me almost an hour. 
    I used a frhed hex editor, jd decompiler, jbe, jdb, and Google Chrome for the final step. It was lots of fun!

  58. Avatar  

    Ivar Mällas

    September 16, 2011 @ 11:55 am

    Link was sent to me at 9:55. You solved the puzzle was replied 11:36 (same day :) ).
    Used eclipse, jad and google. I cheated though because I read comments and got clues about the tools to use. Never used a decompiler before so learned something new today. Thanks!

  59. Avatar  

    Anonymous

    September 18, 2011 @ 8:02 pm

    agrrr… wanna laugh? Go ahead… At first I used stand-alone JD-GUI
    (neither eclipse plugin nor command line) and the result didn’t look at
    that moment as surprising for me as it is probably for rest of You guys,
    who used solved the puzzle using jad… What I saw was a main method
    containing only bytecode instructions in form of comments like that:

      public static void main(String[] paramArrayOfString)

        throws java.lang.Exception

      {

        // Byte code:

        //   0: iconst_0

        //   1: istore_3

        //   2: goto +140 -> 142

        //   5: iload_3

        //   6: ifne +12 -> 18

        //   145: goto -140 -> 5

        //

        // Exception table:

        //   from    to    target    type

        //   5    15    5    java/lang/Exception

      }

    But as far as I understand JRebel is a lot about modifying bytecode(with
    some kind of higher level tools, but still), then I thought that the
    challenge might require me to actually study and understand each
    bytecode instruction and decode it to Java source – in my mind I
    congratulated Römer for such a interesting challenge (I though that
    probably he is the mastermind behind the challenge and based on final
    URL I guess I was right)… Well, I did it – it just took me a lot of
    time ;)

    Even though at the moment I feel a bit embarrassed for playing
    translator from bytecode to java I’m slightly proud as well. I should
    have tried other decompilers as well and make my life easier, but then I
    wouldn’t have learned anything about bytecode – at least now I
    understand how JVM interpreters each of those bytecode instructions ;)

    Obviously I was very surprised at first when I read comments from here that some guys have solved it in one or two hours :D

    My toolkit:

    1) eclipse

    2) code to convert from hex to string – at the moment not as proud as Super Mario with his single-liner

    3) Avira antivirus – tnx for the hint ;)

    4) 7zip

    5) JD-GUI – should have used jad

    6) few web pages regarding bytecode. Biggest thanx to Anton – I almost
    read this article 3 times to squeeze most out of this article:
    http://arhipov.blogspot.com/2011/01/java-bytecode-fundamentals.html

  60. Avatar  

    Maciej M

    September 22, 2011 @ 12:29 am

    About 2h used jad, online hex editor, and the best java ide – idea :)
    Really nice fun, thx 

  61. Avatar  

    Daniel Travin

    September 22, 2011 @ 8:05 am

    I used our domestic product http://www.cs.ioc.ee/~ando/jbe/ for fixing fixMe method and utilities jps and jstack from JDK to locate deadlock.

  62. Avatar  

    Toomas Tamm

    September 22, 2011 @ 2:55 pm

    Took about two hours. I first had to photograph the ad (the huge banner at Akadeemia tee in Tallinn) and then used hexdump, emacs, java, jdc, and I tried to re-compile the java code with gjc, but that failed. I had found this thread by the time and did not waste time on the concurrency issue. Instead, I wrote a piece in C (so I also used gcc) to decode the last part and again, thanks to this page, immediately proceeded to decoding the final URL.

    This was my first contact ever with java, and I do not think I wrote any piece in C in the last ten years or so… I am not a programmer at all, although I did a lot of programming in my previous life.

  63. Avatar  

    Mark

    December 13, 2011 @ 10:23 am

    1,5h. Found it late, but a very cool test. Used Eclipse, Unix tools (dd) and Apache BCEL. It was a huge fun.

  64. Avatar  

    Paulius

    January 28, 2012 @ 8:56 pm

    Old, but nice one. ~15min; XCode, unzip, JAD, online tool for HEX2ASCII

  65. Avatar  

    Ryan Schipper

    February 18, 2012 @ 3:12 pm

    A little over an hour. I’m on OSX, so I used 0xED, JD-GUI and jad.
    Probably wasted half an hour because JD-GUI couldn’t decompile that first one.

    Nice red herrings.

  66. Avatar  

    Ryan Schipper

    February 18, 2012 @ 3:15 pm

    I had the same issue with JD-GUI. Wasted five minutes hand-modifying the indexes only to find that it also couldn’t decompile the main. Jad to the rescue!

  67. Avatar  

    Ryan Schipper

    February 18, 2012 @ 3:18 pm

    Importantly, no clues. =)

  68. Avatar  

    Rafael Weingartner

    August 1, 2012 @ 6:35 pm

    after 3 hours I did it.
    Nice challenge.
    I just hope that I could get an interview now … =)
    Just a tip, I tried out some java decompilers, but I was not getting the whole decompiled class, until I found jode.

  69. Avatar  

    Guest

    February 20, 2013 @ 5:33 pm

    2 minutes: window’s charmap and notepad -_-u

  70. Avatar  

    Toomas Römer

    February 21, 2013 @ 8:44 am

    I think you only got the first step done!

RSS feed for comments on this post.

Leave a comment