Category
Reversing
Solution
The attached JavaScript is obfuscated using JSFuck. After deobfuscating we get the following script.
const flag=[50,143,117,32,131,36,108,166,132,10,152,55,119,164,172,197,175,246,119,145,176,18,106,73,17,149,91];
const v=[12,42,124,63,121,51,15,98];
function toCharcodeArray(t){
return Array.from(t).map(x=>x.charCodeAt(0));
};
function s(t){
g();
e();
n=[];
for(j=0;j<t.length;j++) {
var ev = e();
console.log(v[Math.round(ev*v.length)%v.length])
n[j]=t[j]^v[Math.round(ev*v.length)%v.length];
}
return n;
};
function z(t){
g();
e();
n=[];
for(j=0;j<t.length;j++) {
var ev = e();
console.log(Math.round(ev*256))
n[j]=(t[j]+Math.round(ev*256))%256;
console.log(n[j])
}
return n;
};
function shuffle_array(t){
p=t.filter((_,i)=>i%3==0);
q=t.filter((_,i)=>i%3==1);
r=t.filter((_,i)=>i%3==2);
return(p.slice().reverse()).concat(r.slice(0,r.length/2)).concat(q).concat(r.slice(r.length/2).reverse());
};
function toHex(t){
return t.map(t=>{const n=t.toString(16);return 1==n.length?`0${n}`:`${n}`;}).join("");
};
function g(){
e=(function n(_1,_2,_3,_4){
return function(){
var t=_2<<9,r=_1*5;
r=(r<<7|r>>>25)*9;
_3^=_1;
_4^=_2;
_2^=_3;
_1^=_4;
_3^=t;
_4=_4<<11|_4>>>21;
var retval = (r>>>0)/4294967296
return retval;
};
})(33,112,0x3215,0x11121);
};
function t(t){
return (t=toHex(z(s(shuffle_array(toCharcodeArray(t)))))==toHex(flag));
};
const c=(n,e)=>{if(document.getElementById("rGZsYWd7UzFLM30=")&&n.length%3==0){if(t(n)) return e({status:!0,flag:n}),!0}else e({status:!1});return !1;};this[0][0]=c;
Reversing the operations in t we end up with the following script.
#!/usr/bin/env python3
flag = [50, 143, 117, 32, 131, 36, 108, 166, 132, 10, 152, 55, 119,
164, 172, 197, 175, 246, 119, 145, 176, 18, 106, 73, 17, 149, 91]
v = [12, 42, 124, 63, 121, 51, 15, 98]
first_value = 0.00004425644874572754
values = [0.09387731552124023, 0.2755748473573476, 0.27641079970635474, 0.8866242980584502, 0.12806078931316733, 0.9847624378744513, 0.2548397690989077, 0.38421438564546406, 0.09793514595367014, 0.6425877378787845, 0.5836534316185862, 0.8900900192093104, 0.3078392446041107,
0.4757364457473159, 0.47858595638535917, 0.39523703791201115, 0.5360021034721285, 0.7316366590093821, 0.2392133940011263, 0.10912552336230874, 0.4708436983637512, 0.8110235945787281, 0.07276905071921647, 0.0037259350065141916, 0.7020643036812544, 0.5709376367740333, 0.19747407035902143]
xor_values = [42, 124, 124, 98, 42, 12, 124, 63, 42, 51, 51, 98,
124, 121, 121, 63, 121, 15, 124, 42, 121, 15, 42, 12, 15, 51, 124]
def shuffle_array(arr):
new_arr = bytearray()
p = arr[:9][::-1]
q = arr[13:-5]
r = arr[9:13] + arr[-5:][::-1]
for idx in range(len(p)):
new_arr.append(p[idx])
new_arr.append(q[idx])
new_arr.append(r[idx])
return new_arr
def s(arr):
new_arr = bytearray()
for idx in range(len(arr)):
xor_value = v[round(values[idx]*len(v))%len(v)]
value = arr[idx] ^ xor_value
new_arr.append(value)
return new_arr
def z(arr):
new_arr = bytearray()
for idx in range(len(arr)):
add_value = round(values[idx]*256)
value = (arr[idx] - add_value) % 256
new_arr.append(value)
return new_arr
restored = shuffle_array(flag)
xored = s(flag)
subtracted = shuffle_array(s(z(flag)))
print(subtracted)
Running the script gives us the flag.
ASV{H0W_1$_TH4T_F0R_R4ND0M}