0

OK so I'm doing this wargame challenge and I'm pretty much clueless about HTML and JS. I found this function in the source code stating

"your flag is:"

and then a bunch of gibberish. I assume this function is supposed to make sense in this long string, but I can't understand how it's supposed to do it or how to execute this function independently (if even needed). I do know it's not supposed to be really hard.

this is the function:

function r(){for(var r=0,e=0,a="",l=0;l<n.length;l++)if(n[l].toLowerCase()!=n[l]&&(r+=1),8==++e){if(!t)return;a+=String.fromCharCode(r),r=0,e=0}else r<<=1;return a}var e=!1,t=!1,a=setInterval(function(){e&&(t=!0,alert("Your flag is: "+r()),clearInterval(a));t=!1},1e3),n="xVJvyNQdcLEqIUwenRNdnawBhSNqcVABvERRGlQOiVKlnlwJdINtSRfrxZJnYDsntIzKBOFQzMTBXioIbKGkDJZYoTFWqCzSbWIKsvPxlHaPHEVRiTIiltXqtKEjwzkDkGHEbnMPnFNrnWyLcOlBOVSWtOZxmjdIhRFXugEotQRmyHwZpGnKSDSRaZCrniYgcQVkiFaIgFScWAevgWDkQZALgSWwQDFkkDWlaYOKkDcRGUNSxJlLlRnnfROzNFGSrNcEECFDxZEVeAeVwSEQvxMOxBRGLKlS";

and this is the whole web page:

please help me help myself :)

MatanyaP
  • 306
  • 3
  • 15
  • Try breaking the line up by semi colon and go from there. Not sure this is a good question for SO. – TankorSmash Jun 12 '17 at 16:34
  • Usually it's some self-made encryption + ciphertext + eval. Evaluate step by step on the console, put a `debugger;` statement here and there and step through... http://jsbeautifier.org/ helps, too. – le_m Jun 12 '17 at 16:35
  • Did not try it but change `return a` --> to --> `console.log(a)` probably will give you what you are after – epascarello Jun 12 '17 at 16:39
  • The 'decrypted' ciphertext reads `"flag{all_your_base_are_belong_To_us}";`. The minified code exploits the comma operator to chain statements, uses the shorter `0!` instead of `true` and `!1` instead of `false` and bitwise shift `<<= 1` instead of multiplication `*= 2`. – le_m Jun 12 '17 at 16:43
  • Hey, thanks a lot! it worked, but could you elaborate a little so I'll get educated as well? :) – MatanyaP Jun 12 '17 at 16:48
  • @MatanyaP Do you have any specific questions? If not, the general approach is as follows: beautify the JS code and rename variables - e.g. `for(var r=0,e=0,a="",l=0;l – le_m Jun 12 '17 at 16:56

2 Answers2

2

The js code you are looking into is minified/compressed code That means the actual code is converted by replacing all the real variable names to (a, b, c,...) making it hard to copy for others and to load it faster on the website.

Albi
  • 1,705
  • 1
  • 17
  • 28
-1

When expanded the minified function looks like this...

function r() {
    for (var r = 0, e = 0, a = '', l = 0; l < n.length; l++) if (n[l].toLowerCase() != n[l] && (r += 1), 8 == ++e) {
        if (!t) return;
        a += String.fromCharCode(r),
        r = 0,
        e = 0
    } else r <<= 1;
    return a
}
var e = !1,
t = !1,
a = setInterval(function () {
    e && (t = !0, alert('Your flag is: ' + r()), clearInterval(a));
    t = !1
}, 1000),
n = 'xVJvyNQdcLEqIUwen...etc...';

Although minified code loads faster this nonetheless goes to show the utility of giving one's variables and functions useful, descriptive names when developing our own applications.

Brian Peacock
  • 1,801
  • 16
  • 24