1. 개요
난독화 해석 문제
https://play.picoctf.org/practice?category=1&page=1&search=Client-side-again
2. 분석
https://beautifier.io/ 에서 코드 예쁘게 만들긴 했지만, 그래도 분석이 필요합니다.
var _0x4b5b=function(_0x2d8f05,_0x4b81bb){_0x2d8f05=_0x2d8f05-0x0;var _0x4d74cb=_0x5a46[_0x2d8f05];return _0x4d74cb;};
function verify() {
checkpass = document[_0x4b5b('0x0')]('pass')[_0x4b5b('0x1')];
const split = 0x4;
if (checkpass[_0x4b5b('0x2')](0x0, split * 0x2) == _0x4b5b('0x3')) {
if (checkpass[_0x4b5b('0x2')](0x7, 0x9) == '{n') {
if (checkpass[_0x4b5b('0x2')](split * 0x2, split * 0x2 * 0x2) == _0x4b5b('0x4')) {
if (checkpass[_0x4b5b('0x2')](0x3, 0x6) == 'oCT') {
if (checkpass[_0x4b5b('0x2')](split * 0x3 * 0x2, split * 0x4 * 0x2) == _0x4b5b('0x5')) {
if (checkpass['substring'](0x6, 0xb) == 'F{not') {
if (checkpass[_0x4b5b('0x2')](split * 0x2 * 0x2, split * 0x3 * 0x2) == _0x4b5b('0x6')) {
if (checkpass[_0x4b5b('0x2')](0xc, 0x10) == _0x4b5b('0x7')) {
alert(_0x4b5b('0x8'));
}
}
}
}
}
}
}
} else {
alert(_0x4b5b('0x9'));
}
}
3. exploit
0 ~ 6 - picoCTF
6 ~ 11 - F{not
12 ~ 16 - this
16 ~ 24 - _again_e
24 ~ 32 - f49bf}
picoCTF{not_this_again_ef49bf}'pico CTF' 카테고리의 다른 글
| [pico CTF] information (0) | 2022.06.04 |
|---|---|
| [pico CTF] Forbidden Paths (0) | 2022.06.04 |
| [pico CTF] Search source (0) | 2022.06.04 |
| [pico CTF] login (0) | 2022.06.04 |
| [pico CTF] Who are you? (0) | 2022.06.04 |
