This video title is clickbait and not clickbait at the same time.

Perfect intro to a problem that many of us theoretically can solve but no one has the guts of tackling

Next week: *This is how i got a DMCA from nintendo.*

"but I am lazy..." The source for all my solutions. And half my problems

Never clicked so fast, but that was because I miss read the title I thought it was "Nintendo Hired me!!!!!" Love the vids! keep em up

FireMe.cpp

Hahahah I watched till 9:00 , and then thought it was easy so I paused the video and tried it out. I got some breakthrough but not enough to decode everything and then I went back here, and turns out you won't let me give up ! Thank you ! This challenge is amazing, I'll make sure to suggest it to people in the future

I really love how you showed your thought process in this video. Also the constant reminders that saying the stuff out loud, doesn't mean you know how to do it made me feel less alone and lost 🤣

This is a hidden message. He's stuck working as a hacker in North Korea.

A few observations regarding that "diffusion array": 1. The for-k loop is computing a "sum" (mathematicians think of bitwise-xor as a special kind of addition, since it's just addition without carry, and it has many of the same properties) of multiplication pairs. That makes it a dot product! 2. The for-j loop is computing different items in the output array, changing only the constant vector and not the input vector. So it's really doing a bunch of parallel dot products - or a matrix transform. So that "diffusion array" is *really* a "diffusion matrix" - 32x32 with binary entries. :D The inverse of a matrix transform is a transform using the inverse matrix, so you need to find that inverse matrix. First see if the matrix is orthogonal: it must be square (32x32 - yep), its rows must be normal to each other (dot product of every row against every other row is 0 - remember, you must use XOR instead of ADD in your dot products), and its rows must be unitary (all rows' dot product against themselves is 1). If it's orthogonal, the inverse is simply the transpose. If not, it may still have an inverse, but you'll have to try something else. Hope this helps!

I would just change the code in //change only this: to print(“hire me”) and enjoy the job

It's people like this, giving clues but not answers, that helps make the career path of security a better place.

What we're taught in school:- *"Inp stands for input and out stands for output"* What comes in exams:-

Hey, awesome video! I really like how it's not just about the challenge, but also about how you approached this problem. And it's reassuring to hear that it took even you a while to solve this, and that it's ok to just take a break sometimes :)

Me : cout

If I had time to solve this, I would definitely try. But I have to work on my school projects and learn for exams so even if I would love to dig deeper, I can't. And I am afraid if I did start, I wouldn't make it until next week. But I am thrilled for the solution, and I can only guess what it could be. As someone already stated, linear algebra is the way to go. I really wish I had the time to do it.

I remember tackling this problem 6 years ago and I felt back then that I wasn't even near to the solution, but after watching this now I'm thinking that maybe I should have kept trying

Michael Cera applies for a job at Nintendo (2020, colourised)

6:03 "...Shannon's property of Confusion." would have been nice to hear, considering it's the Confusion array

Great job explaining your thought process of how you approach the problem.

2:54 What i'm wondering is why you're printing variables to the consoles instead of using the VS Code debugger...?

Can I just say that your problem solving techniques are so gooood!

I actually found this challenge recently when I looked up NERD when reading about how Nintendo used emulation for Mario 3D All-Stars. I actually considered solving it, but I was too busy. Very cool to see this one explained in a video.

This stuff is way beyond me but I really like the fact that you gave the viewers the diffucult route and won't spoil them with your answer right away. Can't wait for the second Video.

Woooow so cool It's amazing how many puzzles could people make with programming and the best thing is everyone has his own way to solve it And i really love the C# Language

I think videos like this are important. In the beginning it feels like every other skilled programmer KNOWS what to do from the get go. But every project requires figuring out. The more complex the problem the more figuring out.

Without diving too deep into it, I'd first deobfuscate the (diff[j]>>k)&1 . Since it is constant, we can replace it with a bool array. I think having that clear array would help a bit. Then I'd take note of the indexes that result in 1, and maybe find a pattern. But again, that's just at first glance. I'll try it tomorrow!

I don't have the mental fortitude to watch the video to the end, let alone solve this problem myself.

I like solving problems that have many dead ends, it makes solving the problem so much more satisfying and you learn things along the way. Could just be me but I've found watching what the stack is doing to be a nice visual aid. There's been a few albeit light encryption schemes I've gotten around just by looking at the stack and related chunks of memory.

0:00 I've spent four days trying to figure this out and finally decided I'd rather learn what I don't understand than stubbornly stare at it.

It is my furst time hearing someone say key-gun-me, I always say key-Gen-me as it is key generate me

I might be wrong but the way you described the xor-chaining at 15:30 it sounds to me it should be solvable by using backtrack. Same concept used to create a sudoku solver.

Your videos are very enlightening!

the diffusion is a 32x32 matrix, the code is doing matrix multiplication output=input*(diffusion^256) over abel group of {2^8, xor}, it will can be cracked by finding the reverse matrix of the diffusion, input=output*(reverse(diffusion)^256)

Me pretending to know anything that is happening

Das ist der beste und gleich schlechteste Clickbait den ich je gesehen habe xD Aber trotzdem echt geiles Video wie immer halt :D

"nothing in my brain clicked" - if conf[inp[i]] is odd, xor, otherwise skip it? no?

Hey @LiveOverflow, At around 1:31 the code you are showing at the end of the "main" function reads: Forward(...); return 0; return memcmp(..); After you execute the code and nothing happens, at 2:11 you show the code but it is missing this return function.. I assume there is an error here :) Thank you for your videos, I love watching them!

You can draw dependent relationships for all the bits in the diffusion that equal 1. The bits that equal zero cannot affect the input[j]. You can represent this as a 32x32 matrix and if this matrix is triangular, or close to it the problem can be reduced and brute forced

"CTF but it's actually a competitive programming lecture"

This is way over my head, but very interesting. #subscribed

You had me in the first half, not gonna lie

Hi, at 5:42, the last line / last part is inp[i*2+1]+256]; but a few moments later (6:02), it is changed to inpc[i*2+1]+256];? What was the reason?

The "diffusion" step is just a linear transform (think of a 32x32 matrix over GF(2)) that you might be able to simply reverse by computing the inverse matrix. As a side note: I wouldn't take a job with these sorts of "challenges." For starters, they condescending and produced by the sort of people you don't want to work for. Second, if you want to do real DRM (ugh why?) use public key crypto with embedded root of trust certs/etc. You don't need some gibberish off-spec algorithm like this.

What you described in the last section was a linear code. Giving a linear decryption function would be equivalent to computing the left inverse of a Boolean matrix. There are various fast algorithms for doing so.

I love how you have a similar approach than I do when it comes to decluttering and simplifying code to reverse engineer it. I don't know what kind of God programmers can just read this and wrap their head around it.

We are very happy for you. You are living the dream man. Stay Healthy.

Notice a line in bits in diffusion (from least 1 to greatest 8). If you align it as a 31 bit array, there are visible lines by which bytes are carried over xorring input in the first cycle. It doesn't look random Confusion array effectively makes a 8 bit input 16 bit and then in the last cycle it's back to 8 bit

Amazing work. 👏🏻

Best part, I got a ad about a company hiring people on this video

After about 10 hours, I finally managed to solve this puzzle with minimum hints from others. It was a lot of fun! TLDR warning! spoiler warning! You probably don't want to read if you want to solve it by yourself. 1. The puzzle consists of 3 parts, confusion (lookup table replacement), diffusion (double for-loop), and compression (the last step, compress 32 bytes to 16 bytes). The output can be written as compression(diffusion(confusion(...diffusion(confusion(input)))...))). There are 256 alternating rounds of confusion and diffusion. And my idea at a high level is to undo all these operations one-by-one and thus compute the input from a given output. 2. Diffusion is the easiest part as it's essentially a matrix multiplication (32x32 binary matrix) (thanks to the comment here that made me realized that), and that matrix happens to be invertible. So I write an algorithm to find the inverse matrix (using Gaussian-Jordan elimination, basically how you find inverse by hand, except replacing all addition with xor). 3. The confusion array is actually 2 tables, the confusion part uses only the first half, and the compression part uses both. 4. Compression is also pretty straight-forward. However, since it is a 32-byte to 16-byte function, a particular output can have many possible inputs, 2^128 to be exact. To find a particular 32-byte input for a given output, you can just loop over the first table, xor the byte in output with that value, then try to find the result in the second table. Because compression is an element-wise operation, turning 2 bytes to 1 byte, I end up generating a lookup table for each output byte, and there are exactly 256 pairs of values from the 2 tables for each byte. 5. The confusion part is the most difficult part of the entire puzzle. I first assumed it's invertible just as diffusion part. The puzzle would be trivial if it is invertible. Unfortunately, it's not a one-to-one function, which means for a particular byte output, you cannot find a unique input (or even worst, an input). At this point, I was stuck, as I know most symmetrical encryption algorithms either use Feistel structure and one-way-function or reversible S-P (confusion-diffusion) network, which this cipher did neither. I tried to explore some internal properties of the cipher (such as whether commuting the diffusion and confusion operation produce the same output) but get no result. 6. In the end, I decided to brute force it. In each attempt of undoing confusion, although it's possible that it cannot proceed (i.e. no input mapped to a particular output), it's also possible that there are more than 1 possibilities (i.e. more than 1 input mapped to a particular output). Therefore, for a given valid input for the first round of undoing confusion, I use a recursive-backtracking algorithm to iterate through all possibilities and stop either when it reaches the end (i.e. after 256 rounds) or get stuck in every possible path. In the case it gets stuck, I just change an input (remember there is 2^128 possible input that produces a particular 16-byte output at compression). 7. Honestly, I did not expect this to work, as the recursive backtracking algorithm has an exponential worst-case complexity, which may take forever to run. But surprisingly, it's able to find a random input after about 1-2 minutes on average. So I give it a try, and after about 5 minutes, it produced the correct output! Warning spoiler: my answer is the following (base64 encoded, do not decode it if you want to attempt it yourself): Mzc1NWQ2ZmFiMjNlNTI1OWVmOTU3NmJhMDdiZjM0YWUwYzFlMzc5ZTI4MDkwZGQ3NzJmYmM5MDcxODA3MzgzOA== 8. I am pretty sure this is nowhere near the best solution, as it takes a pretty long time. But on the bright side, given enough time, this algorithm can find all possible inputs for a given output possibly more efficiently than brute-force the entire input space (2^256). And more importantly, it makes almost no assumption about the confusion array, which makes it generalizable. I think a more efficient algorithm (constant time) might involve exploiting some internal properties of this particular confusion array. I am too tired (and lazy) to explore that, but I am happy to hear that if anyone which to tell me. Happy coding! PS: I might release my source code (in Python) if anyone needs it, but we will see.

HIRE THIS MAN

Mildly math literate person here, the thing you described in your video where you used linear algebra works here too, but instead of it being about linear dependence, it's about linear maps. If you look at the data the same way, then the part where all the XORing happens just implements a linear operator on the space, with diffusion essentially being the matrix that specifies which linear operator it is. If it's invertible, then that means that another value for diffusion would cause the same process to reverse itself. I'm not sure how viable it is to make the computations necessary, I don't think checking if the operator is invertible would be computationally difficult, but I don't know how good our algorithms our for the process of actually inverting it (computing the new value of diffusion). I'm severely sleep deprived right now, so what I said may not be very well put together (though the essential idea I had is true, I'm sure about that one, but it's only helpful if the operator turns out to be invertible), but I'll keep looking into it after I sleep when I can think better.

Oh Boy! You tricked me! I don't even understand one third of what you said, just wanted to see the answer! LOL great video

LiveOverflow: leaves only 0x41at 13:19 Me: Understandable have a great day

u made it! remember the time in 2012 when u teached our class of business information science fools (ibm class 2011) to develope "moorhuhn" in böblingen - big shoutout

I understand propabely 5% of the progrmming-stuff and even less of the procedure how to solve such a puzzle. I still like your videos because i feel more inteligent after watching them :D Love your videos

I work for a major tech company. I just make REST services. Spring. Flask. Etc. My team make lot of money just doing CRUD stuff that is, for the most part, handled with just annotations in the code. My coworker just wires Java beans together in XML. He only codes the unit tests related to his wiring up. Just takes the precoded beans and wires them into a batch processer class. Seeing this makes me feel so guilty. There are programmers who tackle more advance stuff like this daily and probably make the same as me and my team who just type in @entity, @table, @id, OK done.

*NINTENDO! HIRE THIS MAN! NINTENDO! HIRE THIS MAN!* *HE IS USING UNREAL ENGINE IN ANY WAY HE CAN!...* *NITENDO HIRE THIS MAN! NITENDO HIRE THIS MAN!*

Its funny how just a couple for loops can contain so much complexity with figuring out what exactly it is doing. Of course, an S-box and encryption algorithms are meant to be confusing, and hard to figure out.

Hell yeah, that's sounds great. I will try it at the weekend :D

Serious Question: Should I quit coding because I haven't even started yet?

1:46 that memcmp is unreachable code or am i overseeing anything

Me being lazy just throwing a genetic algorithm at it and letting it do the job

What sort of topics do I need to learn to even attempt this problem? Im only a first year computer science student but I want to try dipping my feet into deep waters; got a lot of free time right now...

12:20 yeah you're right. I don't understand that ^^ interesting video anyways! stay healthy man, greetings from hannover ;)

I dont understand a word of this but i still love your videos for some reason

So, the first j-loop is a substitution cypher, and the following j-k-loop is, as pointed out by others in the comments, a vector point product between the above input and the diffusion vector, and then the last i-loop adds extra diffusion with it's self (sort of). And all of these is done 256 times in order to add more confusion, I think. So, the backward function will have to break these three cyphers backwards, 256 times. The most interesting one is the j-k-loop one, as pointed out by others, you'll have to find an inverse matrix, but my guess is that this matrix is actually (out matrix)(diffusion matrix), and that these matrices products are reflective.

In 0:44 inside of the for loops looks like gibberish

8:49 Wouldn't you be able to do it in 256*16 iters instead? I mean, to be honest, you really only need to figure out one byte once, not the correct combo, which is way way faster

Me watching the video: "yes.".

Hmm.. so what is the toughest CTF you have ever solved? And can you make a video about that? :)

My laundromat attendant used to work at Nintendo until one day he was fired. In general Nintendo has a pretty lousy HR track record.

"...and in the second video..." Now this is early Christmas for me!

Amazing! Hope nintendo actually hires you

Have you ever tried to convert the problem into a SAT instance?

"But I am lazy" This, or "I should make this part better, but I will improve it later" are actually common coding steps. Prioritizing what code to work on is important, and some things will change based on how other things end up being implemented, so may not be good to fully flesh out at the start.

Ahhh, dot matrix, my favourite type of notebook paper

If for a job interview, they asked you to show how you would defend against bear attack, you know that, at a point or another, your job will involve running away from bloodthirtsy bear... runaway from that codebase

This is surprisingly awesome as a coding student.

You are the only one we can forgive for a clickbait title ^^

I thought he had found a bug in the Nintendo Switch and wanted to make Nintendo aware of it: Hire me!

I instantly spotted the SP cipher network and within about half an hour had a super-readable python implementation of the network and its inverse (including inverting the p-box by computing the GF(2) matrix inverse - the p-box is just GF(2) matrix multiplication across each bitplane). It was only once I ran a few encrypt-decrypt test vectors that I realized the s-boxes weren't invertible. Guess the thing to do now is go back through and make sure my code is object-safe (I used some numpy stuff to implement the p-box), figure out a good way to flag when the partial inverse s-box goes outside its domain, and then see if there's a way to reverse it a step at a time? Or maybe z3 can find a solution.

I would like to highlight that walking the dog and sleeping well are key for this kind of problem solving (and the deep-thinking and knowledge database is obviously a plus)

If I understand this correctly feel like this a hash function that gives 32 bits of output for your 32 bits of input

woah woah woah woah woah how did you make it change all variables in the function at once?

I think that the function shouldn't actually change any of arguments, because arguments aren't passed by reference.

I just started coding so ill try my beginners luck

I'm a recent graduate trying to find a job, and this just kinda intimidates me...

I cracked this last year! I'd live to discuss it with you and we can compare our solutions!

liked this format. I will try it later...

I thought him explaining the code would be helpful and that's why I kept watching, but I literally had no idea what he was talking about when breaking down the code. Guess I'll look into a different hobby.

I thought I was decent at programming xD and then I watch these and am humbly grounded

Here I am, taking Programming II at my local community college, not knowing a damn thing what is going on in this video. I don't think I will ever find a job at this point. =(

6:12 very useful intro to encryption!!

Reverse-ing the function is probably what they want since they named it forward but I wish you tried reverse-ing the input array just to see if there's another clue

need to check it out like 1 to 2 years later when I understand more about coding

Change the pointed line to };int memcmp (const void *__s1, const void *__s2, size_t __n){return 0;}int x[]={ then what's wrong?

I wonder why reading cpp language is very familar to me... its syntax is so similar to the language that I currently use. Java.

I wonder whether z3 be used to solve this?