Objective 10: Defeat Fingerprint Sensor

Bypass the Santavator fingerprint sensor. Enter Santa's office without Santa's fingerprint

This was a cool challenge as it involved directly modifying javascript directly from the browser. But before I go about messing with any of that, I'd first like to show how I was able to power all conduits within the Santavator. After I found the red and blue portals, all the light bulbs, the marbles, nuts and candycane, I somehow created this monstrosity which somehow worked. This is one of those "don't blow on it or it'll break" kinda things, but if the shoe fits...

Putting the cover back on and choosing to go to Floor 3 slides down a little door that gives me access to the fingerprint reader.

Since I'm currently Santa in the physical sense (and maybe kinda even the metaphysical sense, but that's for another writeup), I can simply use the fingerprint sensor and gain access to the 3rd floor.

Going there as Santa is no difficult task. Just click the fingerprint sensor and I'm there. I do however have access to the blockchain.dat file sitting on the table (or you can just click here). Beyond that however there isn't really much do to here.

Going into the santavator as myself however proves to be a bit more difficult. However upon looking at the source code of the fingerprint sensor itself, I noticed a pretty easy bypass, made especially easier considering client authentication was done on the client side:

You can see there that there's a simple if statement with two conditions: One, button 4 needs to be powered. and Two, we have to have the besanta token. Instead of generating the token myself, I can simply edit the code inline:

Now if I hit Ctrl-S to save my changes, then click the fingerprint sensor...

I'm in! ahem, I mean... hacker voice "I'm in."

And pretty naughty for doing that, if you ask any of the elves here. But come on, ends justify the means man!