These are my assorted scripts/notes used for the Hacking challenges during TheZZAZZGlitch's April Fools 2026 event.
c1/translate.py- script for applying the substitution performed on the completion state. The actual table in the romhack contains user-specific data (which is how completion passwords are user-bound, I think?), so you probably won't be able to use this unless you adjust the table in the script..c1/util.py- adhoc implementation of the XOR operations performed on the completion state array, mainly for experimentsc2/bruteforce-keystream.py- the solution script for c2. It derives all keystream bytes required to encrypt theTYPE=Goldstring, then performs performs some final sanity checks to verify that the keystream bytes are actually correct. Once it's found everything, it encrypts the string and performs a request to the server to validate the input and get the flag.c2/send-and-time.py- send a raw hex input to the server and measure the time taken for the server to respondc2/send-and-time-plaintext.py- encrypt a plaintext using known keystream bytes, then send the ciphertext to the server for validationc2/responses.txt- file containing<input> <time-taken> <response>for some basic inputs I was testingc3/algo.py- implementation of the weird machine used for validating the passwordc3/magicbox.bin- initial state of the machine, dumped from the savefilec3/check.py- check if a given password is validc3/guided-bruteforce.py- script used for obtaining the solutionc3/bad-*- initial experiments for C3 where I was attempting to hash the state and use that as a guide for whether a character is correct or not; significantly overcomplicated and led to nowhere
