Google CTF 2018

Floppy

Well it’s definitely the 90s. Using what was found in the mysterious .ico file, you extract the driver for the Aluminum-Key Hardware password storage device. Let’s see what it has in store.

You can find my all CTF solution in here

First I downloaded the attachment.This include HTMl file when I open this html file I saw the above page.

async function x(password) {

// TODO: check if they can just use Google to get the password once they understand how this works.

var code = 'icffjcifkciilckfmckincmfockkpcofqcoircqfscoktcsfucsivcufwcooxcwfycwiAcyfBcwkCcBfDcBiEcDfFcwoGcFfHcFiIcHfJcFkKcJfLcJiMcLfNcwwOcNNPcOOQcPORcQNScRkTcSiUcONVcUoWcOwXcWkYcVkЀcYiЁcЀfЂcQoЃcЂkЄcЃfЅcPNІcЅwЇcІoЈcЇiЉcЈfЊcPkЋcЊiЌcІiЍcЌfЎcWoЏcЎkАcЏiБcІkВcБfГcNkДcГfЕcЇkЖcЕiЗcЖfИcRwЙcИoКcЙkЛcUkМcЛiНcМfОcИkПcОiРcПfСcUwТcСiУcQkФcУiХcЃiЦcQwЧcЦoШcЧkЩcШiЪcЩfЫcRiЬcЫfЭcКiЮcЭfЯcСoаcЯiбcГiвcЙiгcRoдcгkеcдiжdТaзcЛfиdзaжcжийcСkкdйaжcжклcйfмdлaжcжмнdТaжcжноdЀaжcжопdNaжcжпрcUiсcрfтdсaуdЁaтcтутcтофcТfхdфaтcтхтcтктcтнтcтмцdсaтcтцтcтктcтутcтнчaaтшdЯaщcйiъcщfыdъaьcжыэcVfюdэaьcьюьcьояdЛaьcьяьcьуьcьыѐчшьёѐшшђcOfѓdђaѓcѓнѓcѓнєcUfѕdєaѓcѓѕіcЯfїdіaѓcѓїјaёѓљaaтњcжшћcЎiќcћfѝdќaњcњѝњcњeўcЏfџdўaњcњџѠdАaњcњѠњcњшњcњѝњcњfњcњџѡљшњѢaaтѣcжшѣcѣѝѣcѣeѣcѣџѤcЯkѥdѤaѣcѣѥѣcѣшѣcѣѝѣcѣfѣcѣџѦѢшѣѧcцнѧcѧїѨdСaѧcѧѨѧcѧкѧcѧуѩaёѧѪcхмѫdрaѪcѪѫѪcѪкѬdYaѪcѪѬѪcѪиѭaѩѪѮcяюѯdНaѮcѮѯѮcѮиѮcѮхѮcѮкѰaѭѮѱdVaѲcхѱѲcѲѕѳcNoѴcѳkѵcѴfѶdѵaѲcѲѶѲcѲiѲcѲlѲcѲmѷјѲgѸјѭѷѹbѰѸѺcXfѻdѺaѻcѻюѻcѻоѻcѻкѻcѻoѼdђaѻcѻѼѻcѻнѻcѻнѻcѻѕѻcѻїѽaёѻѾѽѹшѿceeҀceeҁcee҂ceeѿaѾeҀјѿT҂ѡҀшҁјh҂hѦҁшѿaѾfҀјѿV҂ѡҀшҁјh҂hѦҁшѿaѾiҀјѿU҂ѡҀшҁјh҂hѦҁшѿaѾjҀјѿX҂ѡҀшҁјh҂hѦҁшѿaѾkҀјѿЁ҂ѡҀшҁјh҂hѦҁшѿaѾlҀјѿF҂ѡҀшҁјh҂hѦҁшѿaѾmҀјѿЄ҂ѡҀшҁјh҂hѦҁшѿaѾnҀјѿЉ҂ѡҀшҁјh҂hѦҁшѿaѾoҀјѿЄ҂ѡҀшҁјh҂hѦҁшѿaѾpҀјѿЋ҂ѡҀшҁјh҂hѦҁшѿaѾqҀјѿЍ҂ѡҀшҁјh҂hѦҁшѿaѾrҀјѿА҂ѡҀшҁјh҂hѦҁшѿaѾsҀјѿF҂ѡҀшҁјh҂hѦҁшѿaѾtҀјѿВ҂ѡҀшҁјh҂hѦҁшѿaѾuҀјѿД҂ѡҀшҁјh҂hѦҁшѿaѾvҀјѿЗ҂ѡҀшҁјh҂hѦҁшѿaѾwҀјѿК҂ѡҀшҁјh҂hѦҁшѿaѾxҀјѿН҂ѡҀшҁјh҂hѦҁшѿaѾyҀјѿР҂ѡҀшҁјh҂hѦҁшѿaѾAҀјѿТ҂ѡҀшҁјh҂hѦҁшѿaѾBҀјѿФ҂ѡҀшҁјh҂hѦҁшѿaѾCҀјѿW҂ѡҀшҁјh҂hѦҁшѿaѾDҀјѿХ҂ѡҀшҁјh҂hѦҁшѿaѾEҀјѿЪ҂ѡҀшҁјh҂hѦҁшѿaѾFҀјѿЬ҂ѡҀшҁјh҂hѦҁшѿaѾGҀјѿЮ҂ѡҀшҁјh҂hѦҁшѿaѾHҀјѿа҂ѡҀшҁјh҂hѦҁшѿaѾIҀјѿe҂ѡҀшҁјh҂hѦҁшѿaѾJҀјѿб҂ѡҀшҁјh҂hѦҁшѿaѾKҀјѿв҂ѡҀшҁјh҂hѦҁшѿaѾLҀјѿK҂ѡҀшҁјh҂hѦҁшѿaѾMҀјѿе҂ѡҀшҁјh҂hѦҁшѐceeёceeѓceeјceeљceeњceeѡceeѢceeѣceeѦceeѧceeѩceeѪceeѭceeѮceeѰceeѲceeѷceeѸceeѹceeѻceeѽceeѾceeҀceeҁceeжceeтceeчceeьcee'

var env = {

a: (x,y) => x[y],

b: (x,y) => Function.constructor.apply.apply(x, y),

c: (x,y) => x+y,

d: (x) => String.fromCharCode(x),

e: 0,

f: 1,

g: new TextEncoder().encode(password),

h: 0,

};

for (var i = 0; i < code.length; i += 4) {

var [lhs, fn, arg1, arg2] = code.substr(i, 4);

try {

env[lhs] = env[fn](env[arg1], env[arg2]);

} catch(e) {

env[lhs] = new env[fn](env[arg1], env[arg2]);

}

if (env[lhs] instanceof Promise) env[lhs] = await env[lhs];

}

return !env.h;

}

</script>

const alg = { name: 'AES-CBC', iv: Uint8Array.from([211,42,178,197,55,212,108,85,255,21,132,210,209,137,37,24])};

const secret = Uint8Array.from([26,151,171,117,143,168,228,24,197,212,192,15,242,175,113,59,102,57,120,172,50,64,201,73,39,92,100,64,172,223,46,189,65,120,223,15,34,96,132,7,53,63,227,157,15,37,126,106]);

async function open_safe() {

keyhole.disabled = true;

password = /^CTF{([0-9a-zA-Z_@!?-]+)}$/.exec(keyhole.value);

if (!password || !(await x(password[1]))) return document.body.className = 'denied';

document.body.className = 'granted';

const pwHash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password[1]));

const key = await crypto.subtle.importKey('raw', pwHash, alg, false, ['decrypt']);

content.value = new TextDecoder("utf-8").decode(await crypto.subtle.decrypt(alg, key, secret))

}

</script>

When I dive in the html code. I figure out somethings;

Secret is hardcoded in source code as a Uint8Array
Code used for encryption is AES-CBC which is quite hard to decryption.
Password check first following regex: /^CTF{([0-9a-zA-Z_@!?-]+)}$/
opensafe() function check the CTF{value} with !password and await x(password[1]) return if both are false start to encoding.

When I printed password[1] for the CTF{value} password, password[1] contains “value” So that, x() function decode inside “CTF{…} ” parameter.

Bellow env dict show when env “g” input given in arguments

var env = {

a: (x,y) => x[y],

b: (x,y) => Function.constructor.apply.apply(x, y),

c: (x,y) => x+y,

d: (x) => String.fromCharCode(x),

e: 0,

f: 1,

g: new TextEncoder().encode(password),

h: 0,

};

lets the follow “g” arguments.

Add some lines to code.

for (var i = 0; i < code.length; i += 4) {

var [lhs, fn, arg1, arg2] = code.substr(i, 4);

if (arg1 == "g" || arg2 == "g"){

console.log(i);

console.log(lhs, fn, arg1, arg2);

console.log(env[lhs], env[fn], env[arg1], env[arg2]);

console.log(env[fn](env[arg1], env[arg2]));

}

try {

env[lhs] = env[fn](env[arg1], env[arg2]);

} catch(e) {

env[lhs] = new env[fn](env[arg1], env[arg2]);

}

if (env[lhs] instanceof Promise) env[lhs] = await env[lhs];

}

Output of console is

876

ѷ ј Ѳ g

ƒ Array() { [native code] } "sha-256" Uint8Array(4) [65, 65, 65, 65]

["sha-256", Uint8Array(4)]

When we track “ѷ” output is

880

Ѹ ј ѭ ѷ

ƒ Array() { [native code] } SubtleCrypto {} (2) ["sha-256", Uint8Array(4)]

[SubtleCrypto, Array(2)]

When we track “Ѹ” output is

884

ѹ b Ѱ Ѹ

(x,y) => Function.constructor.apply.apply(x, y) ƒ digest() { [native code] } (2) [SubtleCrypto, Array(2)]

Promise {<pending>}

When we track “ѹ” output is

940
Ѿ ѽ ѹ ш
ƒ Uint8Array() { [native code] } ArrayBuffer(32) {} "x"
Uint8Array(32) [237, 2, 69, 123, 92, 65, 217, 100, 219, 210, 242, 166, 9, 214, 63, 225, 187, 117, 40, 219, 229, 94, 26, 191, 91, 82, 194, 73, 205, 115, 87, 151

940

Ѿ ѽ ѹ ш

ƒ Uint8Array() { [native code] } ArrayBuffer(32) {} "x"

Uint8Array(32) [237, 2, 69, 123, 92, 65, 217, 100, 219, 210, 242, 166, 9, 214, 63, 225, 187, 117, 40, 219, 229, 94, 26, 191, 91, 82, 194, 73, 205, 115, 87, 151

Until “ѿ” you must repeated. After that I realize the SHA256 converted with 32 bit array code .

I add the code for the find this 32 bit array

var a = [];

for (var i = 0; i < code.length; i += 4) {

var [lhs, fn, arg1, arg2] = code.substr(i, 4);

if (arg1 == "ѿ"){

a.push(env[fn](env[arg1], env[arg2])[1]);

//console.log(i);

console.log(lhs, fn, arg1, arg2);

console.log(env[lhs], env[fn], env[arg1], env[arg2]);

console.log(env[fn](env[arg1], env[arg2]));

}

try {

env[lhs] = env[fn](env[arg1], env[arg2]);

} catch(e) {

env[lhs] = new env[fn](env[arg1], env[arg2]);

}

if (env[lhs] instanceof Promise) env[lhs] = await env[lhs];

}

console.log(a);

array of is ;

[230, 104, 96, 84, 111, 24, 205, 187, 205, 134, 179, 94, 24, 181, 37, 191, 252, 103, 247, 114, 198, 80, 206, 223, 227, 255, 122, 0, 38, 250, 29, 238]

We receive Unit8Array(32) this is the secret.

We must to find hash with this array. We can use hashlib in python. I write to code for that

import hashlib

print str(bytearray([230, 104, 96, 84, 111, 24, 205, 187, 205, 134, 179,

94, 24, 181, 37, 191, 252, 103, 247, 114, 198,

80, 206, 223, 227, 255, 122, 0, 38, 250, 29, 238])).encode('hex')

Output of this code is;

e66860546f18cdbbcd86b35e18b525bffc67f772c650cedfe3ff7a0026fa1dee

For the Sha256 this hash code is

1	<span id="decodedValue">Passw0rd!</span>

We can try to CTF{Passw0rd!}

Also 🙂

JS Safe | Google CTF 2018

Google CTF 2018

Floppy

Leave a Reply Cancel reply