Hackexercise #1

Problem Statement
The function check_password(password) is used by a safe with 4-digits passwords, and is susceptible to timing attacks. More specifically, it takes it around 0.1 seconds to check one digit – so brute-forcing all the possible combinations will take around 1,500 hours. Can you implement a way to crack its password in less than a minute?


import time
import sys # ignore
sys.path.insert(0,'.') # ignore
from Root.pswd import real_password

def check_password(password): # Don't change it
    if len(password) != len(real_password):
        return False
    for x, y in zip(password, real_password):
        time.sleep(0.1) # Simulates the wait time of the safe's mechanism
        if int(x) != int(y):
            return False
    return True

def crack_password():
    password=[0,0,0,0]
    result=''
    
    for a in range(0,9):
        password[0] = a
        starti= time.time()
        check_password(password)
        end= time.time()
        if(end - starti >= 0.2):
            result += str(a)
            break
     
    for b in range(0,9):
        password[1] = b
        starti= time.time()
        check_password(password)
        end= time.time()
        if(end - starti >= 0.3):
            result += str(b)
            break
        
    for c in range(0,9):
        password[2] = c
        starti= time.time()
        check_password(password)
        end= time.time()
        if(end - starti >= 0.4):
            result += str(c)
            break
    
    for d in range(0,9):
        password[3] = d
        check_password(password)
        if(check_password(password)):
            result += str(d)
            break
        
    return(result)
        
print(crack_password())