JS Safe | Google CTF 2018

Google CTF 2018

Floppy

Well it’s definitely the 90s. Using what was found in the mysterious .ico file, you extract the driver for the Aluminum-Key Hardware password storage device. Let’s see what it has in store.

You can find my all CTF solution in here

First I downloaded the attachment.This include HTMl file when I open this html file I saw the above page.

 

 

When I dive in the html code. I figure out somethings;

  • Secret is hardcoded in source code as a Uint8Array
  • Code used for encryption is AES-CBC which is quite hard to decryption.
  • Password check first following regex: /^CTF{([0-9a-zA-Z_@!?-]+)}$/
  • opensafe() function check the CTF{value} with !password and await x(password[1]) return if both are false start to encoding.

When I printed password[1] for the CTF{value} password, password[1] contains “value” So that, x() function decode inside “CTF{…} ” parameter.

Bellow env dict show when env “g” input given in arguments

lets the follow “g” arguments.

Add some lines to code.

Output of console is

When we track “ѷ” output is

When we track “Ѹ” output is

 

When we track “ѹ” output is

Until “ѿ” you must repeated. After that I realize the SHA256 converted with 32 bit array code .

I add the code for the find this 32 bit array

array of is ;

[230, 104, 96, 84, 111, 24, 205, 187, 205, 134, 179, 94, 24, 181, 37, 191, 252, 103, 247, 114, 198, 80, 206, 223, 227, 255, 122, 0, 38, 250, 29, 238]

We receive Unit8Array(32) this is the secret.

We must to find hash with this array. We can use hashlib in python. I write to code for that

Output of this code is;

e66860546f18cdbbcd86b35e18b525bffc67f772c650cedfe3ff7a0026fa1dee

For the Sha256 this hash code is

We can try to CTF{Passw0rd!}

Also 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *