Skip to content

Instantly share code, notes, and snippets.

@aadityapurani

aadityapurani/actual.js

Created April 8, 2018 14:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save aadityapurani/b29a8524f4885d3bb1d8602029e39021 to your computer and use it in GitHub Desktop.
Save aadityapurani/b29a8524f4885d3bb1d8602029e39021 to your computer and use it in GitHub Desktop.
Download ZIP
laz3y (web 350) - BBCTF 2018
Raw
actual.js
// Step 1: De-obfuscate `obfuscated.js` and prettify
// De-obfuscated version
var _0x3879 = [
'GfKdJ',
'pgMYh',
'fhRJI',
'pKpLY',
'JRvAt',
'igFeE',
'gIFmj',
'ehpbU',
'ypaow',
'function *\\( *\\)',
'init',
'test',
'chain',
'tvytj',
'\\+\\+ *(?:_0x(?:[a-f0-9]){4,6}|(?:\\b|\\d)[a-z0-9]{1,4}(?:\\b|\\d))',
'iQIEU',
'CJMng',
'constructor',
'while (true) {}',
'apply',
'counter',
'length',
'slice',
'tryingharder',
'Flag{',
'log',
'Invalid Password',
'pDsTn',
'UOAuo',
'Ncpxs',
'wIXPX',
'kkafn',
'UJriC',
'debu',
'gger',
'stateObject',
'CHJEx',
'ZSrmX',
'feVDp',
'jvLGd',
'YPrna',
'Fkuja',
'call',
'action',
'ZOYlj',
'DbvWm',
'EFdXH',
'string',
'UTHZE',
'cLPKB',
'input',
'hoBzO',
'hOzuO',
'CJcnE',
'ChYoe',
'MktoQ'
];
(function (_0x21c962, _0xeced7d) {
var _0x282df0 = function (_0x16accd) {
while (--_0x16accd) {
_0x21c962.push(_0x21c962.shift());
}
};
_0x282df0(++_0xeced7d);
}(_0x3879, 342));
var _0x15c2 = function (_0x36027a, _0x48794c) {
_0x36027a = _0x36027a - 0;
var _0x31cdcd = _0x3879[_0x36027a];
return _0x31cdcd;
};
var _0x13c3dd = function () {
var _0x117520 = !![];
return function (_0xfe546e, _0x216f3b) {
if (_0x15c2('0x0') === 'gIFmj') {
var _0x2fa80b = _0x117520 ? function () {
if (_0x15c2('0x1') === _0x15c2('0x1')) {
if (_0x216f3b) {
if (_0x15c2('0x2') === 'XFsIN') {
if (_0x190ex2[_0xd1e9[3]](9) + _0x190ex2[_0xd1e9[3]](6) - _0x190ex2[_0xd1e9[3]](1) == 58) {
return !![];
}
;
return ![];
} else {
var _0x19c24e = _0x216f3b.apply(_0xfe546e, arguments);
_0x216f3b = null;
return _0x19c24e;
}
}
} else {
if (_0x190ex2[12] == _0x190ex2[15] && _0x190ex2[11] == _0xd1e9[6] && _0x190ex2[12] == _0xd1e9[7] && _0x190ex2[13] == _0xd1e9[8] && _0x190ex2[0] == _0x190ex2[13]) {
return !![];
}
;
return ![];
}
} : function () {
};
_0x117520 = ![];
return _0x2fa80b;
} else {
var _0x5bc5fa = new RegExp(_0x15c2('0x3'));
var _0xd0c9d3 = new RegExp('\\+\\+ *(?:_0x(?:[a-f0-9]){4,6}|(?:\\b|\\d)[a-z0-9]{1,4}(?:\\b|\\d))', 'i');
var _0x179f47 = _0x4f7527(_0x15c2('0x4'));
if (!_0x5bc5fa[_0x15c2('0x5')](_0x179f47 + _0x15c2('0x6')) || !_0xd0c9d3[_0x15c2('0x5')](_0x179f47 + 'input')) {
_0x179f47('0');
} else {
_0x4f7527();
}
}
};
}();
(function () {
_0x13c3dd(this, function () {
if (_0x15c2('0x7') === _0x15c2('0x7')) {
var _0x42483f = new RegExp('function *\\( *\\)');
var _0x43babc = new RegExp(_0x15c2('0x8'), 'i');
var _0x53dbc9 = _0x4f7527(_0x15c2('0x4'));
if (!_0x42483f[_0x15c2('0x5')](_0x53dbc9 + _0x15c2('0x6')) || !_0x43babc[_0x15c2('0x5')](_0x53dbc9 + 'input')) {
if (_0x15c2('0x9') === _0x15c2('0x9')) {
_0x53dbc9('0');
} else {
return !![];
}
} else {
if ('CJMng' === _0x15c2('0xa')) {
_0x4f7527();
} else {
return !![];
}
}
} else {
return function (_0x256bf0) {
}[_0x15c2('0xb')](_0x15c2('0xc'))[_0x15c2('0xd')](_0x15c2('0xe'));
}
})();
}());
var _0xd1e9 = [
_0x15c2('0xf'),
_0x15c2('0x10'),
'',
'charCodeAt',
'fromCharCode',
_0x15c2('0x11'),
'l',
'0',
'T',
_0x15c2('0x5'),
'!',
'_',
_0x15c2('0x12'),
'}',
_0x15c2('0x13'),
_0x15c2('0x14')
];
function leng(_0xf9642b) {
if (_0xf9642b[_0xd1e9[0]] == 30) {
if (_0x15c2('0x15') === _0x15c2('0x15')) {
return !![];
} else {
console[_0xd1e9[14]](_0xd1e9[15]);
}
}
;
return ![];
}
function crypto(_0x4a79be) {
var _0x13abee = _0x4a79be[_0xd1e9[1]](18, 29);
var _0x560044 = [
68,
16,
31,
28,
29,
4,
9,
21,
27,
84,
11,
114
];
var _0x3a7c3b = _0xd1e9[2];
for (var _0x528d0c = 0; _0x528d0c <= _0x13abee[_0xd1e9[0]]; _0x528d0c++) {
if (_0x15c2('0x16') !== _0x15c2('0x17')) {
_0x3a7c3b += String[_0xd1e9[4]](_0x13abee[_0xd1e9[3]](_0x528d0c) ^ _0x560044[_0x528d0c]);
} else {
debuggerProtection(0);
}
}
;
if (_0x3a7c3b == _0xd1e9[5]) {
if ('rTCeW' === _0x15c2('0x18')) {
return !![];
} else {
return !![];
}
}
;
return ![];
}
function a(_0x93a94a) {
if (_0x93a94a[_0xd1e9[3]](3) - _0x93a94a[_0xd1e9[3]](0) == 32 && _0x93a94a[_0xd1e9[3]](5) - _0x93a94a[_0xd1e9[3]](12) == 71) {
if (_0x15c2('0x19') === _0x15c2('0x19')) {
return !![];
} else {
if (_0x93a94a[_0xd1e9[0]] == 30) {
return !![];
}
;
return ![];
}
}
;
return ![];
}
function b(_0x2a296a) {
if (_0x2a296a[12] == _0x2a296a[15] && _0x2a296a[11] == _0xd1e9[6] && _0x2a296a[12] == _0xd1e9[7] && _0x2a296a[13] == _0xd1e9[8] && _0x2a296a[0] == _0x2a296a[13]) {
if (_0x15c2('0x1a') === 'UJriC') {
return !![];
} else {
(function () {
return ![];
}[_0x15c2('0xb')](_0x15c2('0x1b') + _0x15c2('0x1c')).apply(_0x15c2('0x1d')));
}
}
;
return ![];
}
function c(_0x32a24e) {
if (_0x32a24e[_0xd1e9[3]](9) + _0x32a24e[_0xd1e9[3]](6) - _0x32a24e[_0xd1e9[3]](1) == 58) {
if (_0x15c2('0x1e') !== _0x15c2('0x1f')) {
return !![];
} else {
var _0x2b3339 = _0x32a24e[_0xd1e9[1]](18, 29);
var _0x5917fb = [
68,
16,
31,
28,
29,
4,
9,
21,
27,
84,
11,
114
];
var _0x46b059 = _0xd1e9[2];
for (var _0x2879e8 = 0; _0x2879e8 <= _0x2b3339[_0xd1e9[0]]; _0x2879e8++) {
_0x46b059 += String[_0xd1e9[4]](_0x2b3339[_0xd1e9[3]](_0x2879e8) ^ _0x5917fb[_0x2879e8]);
}
;
if (_0x46b059 == _0xd1e9[5]) {
return !![];
}
;
return ![];
}
}
;
return ![];
}
function d(_0x55fee1) {
var _0x4089dc = _0x55fee1[_0xd1e9[3]](0) * _0x55fee1[_0xd1e9[3]](1) * _0x55fee1[_0xd1e9[3]](2) * _0x55fee1[_0xd1e9[3]](3);
_0x4089dc = _0x4089dc / 128;
if (_0x4089dc == 767949) {
if (_0x15c2('0x20') !== _0x15c2('0x21')) {
return !![];
} else {
_0x4f7527();
}
}
;
return ![];
}
function f(_0x370de5) {
var _0x539c1f = _0x370de5[_0xd1e9[3]](5) * _0x370de5[_0xd1e9[3]](6) * _0x370de5[_0xd1e9[3]](7);
_0x539c1f = _0x539c1f / 25;
if (_0x539c1f == 35581) {
if (_0x15c2('0x22') === _0x15c2('0x23')) {
(function () {
return !![];
}.constructor(_0x15c2('0x1b') + _0x15c2('0x1c'))[_0x15c2('0x24')](_0x15c2('0x25')));
} else {
return !![];
}
}
;
return ![];
}
function solver(_0x2cc2cf) {
if (!/[^nfTzhb_0FAiuctxlswa!]/[_0xd1e9[9]](_0x2cc2cf) && _0x2cc2cf[29] == _0xd1e9[10] && _0x2cc2cf[4] == _0x2cc2cf[8] && _0x2cc2cf[10] == _0x2cc2cf[14] && _0x2cc2cf[17] == _0xd1e9[11] && _0x2cc2cf[4] == _0xd1e9[11] && leng(_0x2cc2cf) && crypto(_0x2cc2cf) && a(_0x2cc2cf) && b(_0x2cc2cf) && c(_0x2cc2cf) && d(_0x2cc2cf) && f(_0x2cc2cf)) {
if (_0x15c2('0x26') === _0x15c2('0x26')) {
console[_0xd1e9[14]](_0xd1e9[12] + _0x2cc2cf + _0xd1e9[13]);
} else {
return !![];
}
} else {
if (_0x15c2('0x27') !== 'DbvWm') {
var _0x207989 = firstCall ? function () {
if (fn) {
var _0x3694e9 = fn[_0x15c2('0xd')](context, arguments);
fn = null;
return _0x3694e9;
}
} : function () {
};
firstCall = ![];
return _0x207989;
} else {
console[_0xd1e9[14]](_0xd1e9[15]);
}
}
}
function _0x4f7527(_0x2f029c) {
function _0x4bca2d(_0x2cb447) {
if (_0x15c2('0x28') !== _0x15c2('0x28')) {
return ![];
} else {
if (typeof _0x2cb447 === _0x15c2('0x29')) {
if (_0x15c2('0x2a') !== _0x15c2('0x2b')) {
return function (_0x2ea1d3) {
}[_0x15c2('0xb')](_0x15c2('0xc'))[_0x15c2('0xd')](_0x15c2('0xe'));
} else {
_0x13c3dd(this, function () {
var _0x504e35 = new RegExp(_0x15c2('0x3'));
var _0xf3f6f5 = new RegExp('\\+\\+ *(?:_0x(?:[a-f0-9]){4,6}|(?:\\b|\\d)[a-z0-9]{1,4}(?:\\b|\\d))', 'i');
var _0x7aa7f9 = _0x4f7527(_0x15c2('0x4'));
if (!_0x504e35[_0x15c2('0x5')](_0x7aa7f9 + 'chain') || !_0xf3f6f5.test(_0x7aa7f9 + _0x15c2('0x2c'))) {
_0x7aa7f9('0');
} else {
_0x4f7527();
}
})();
}
} else {
if (_0x15c2('0x2d') === _0x15c2('0x2d')) {
if (('' + _0x2cb447 / _0x2cb447)[_0x15c2('0xf')] !== 1 || _0x2cb447 % 20 === 0) {
if (_0x15c2('0x2e') !== 'hOzuO') {
console[_0xd1e9[14]](_0xd1e9[12] + _0x190ex2 + _0xd1e9[13]);
} else {
(function () {
if ('UcXhS' === _0x15c2('0x2f')) {
if (!/[^nfTzhb_0FAiuctxlswa!]/[_0xd1e9[9]](_0x190ex2) && _0x190ex2[29] == _0xd1e9[10] && _0x190ex2[4] == _0x190ex2[8] && _0x190ex2[10] == _0x190ex2[14] && _0x190ex2[17] == _0xd1e9[11] && _0x190ex2[4] == _0xd1e9[11] && leng(_0x190ex2) && crypto(_0x190ex2) && a(_0x190ex2) && b(_0x190ex2) && c(_0x190ex2) && d(_0x190ex2) && f(_0x190ex2)) {
console[_0xd1e9[14]](_0xd1e9[12] + _0x190ex2 + _0xd1e9[13]);
} else {
console[_0xd1e9[14]](_0xd1e9[15]);
}
} else {
return !![];
}
}[_0x15c2('0xb')](_0x15c2('0x1b') + 'gger')[_0x15c2('0x24')]('action'));
}
} else {
if (_0x15c2('0x30') !== _0x15c2('0x31')) {
(function () {
if (_0x15c2('0x32') === _0x15c2('0x33')) {
if (fn) {
var _0xf75b23 = fn.apply(context, arguments);
fn = null;
return _0xf75b23;
}
} else {
return ![];
}
}[_0x15c2('0xb')](_0x15c2('0x1b') + _0x15c2('0x1c'))[_0x15c2('0xd')](_0x15c2('0x1d')));
} else {
return !![];
}
}
} else {
if (_0x2f029c) {
return _0x4bca2d;
} else {
_0x4bca2d(0);
}
}
}
_0x4bca2d(++_0x2cb447);
}
}
try {
if (_0x15c2('0x34') === _0x15c2('0x34')) {
if (_0x2f029c) {
if (_0x15c2('0x35') === 'pKpLY') {
return _0x4bca2d;
} else {
return _0x4bca2d;
}
} else {
if (_0x15c2('0x36') !== _0x15c2('0x37')) {
_0x4bca2d(0);
} else {
_0x190ex6 += String[_0xd1e9[4]](_0x190ex4[_0xd1e9[3]](_0x190ex7) ^ _0x190ex5[_0x190ex7]);
}
}
} else {
var _0x4cdd4d = _0x190ex2[_0xd1e9[3]](5) * _0x190ex2[_0xd1e9[3]](6) * _0x190ex2[_0xd1e9[3]](7);
_0x4cdd4d = _0x4cdd4d / 25;
if (_0x4cdd4d == 35581) {
return !![];
}
;
return ![];
}
} catch (_0x5aa216) {
}
}
Raw
dc.js
// Step 2: Renaming variable to make it more reader friendly after analyzing the code from top to bottom manually.
var array1 = [
'GfKdJ',
'pgMYh',
'fhRJI',
'pKpLY',
'JRvAt',
'igFeE',
'gIFmj',
'ehpbU',
'ypaow',
'function *\\( *\\)',
'init',
'test',
'chain',
'tvytj',
'\\+\\+ *(?:_0x(?:[a-f0-9]){4,6}|(?:\\b|\\d)[a-z0-9]{1,4}(?:\\b|\\d))',
'iQIEU',
'CJMng',
'constructor',
'while (true) {}',
'apply',
'counter',
'length',
'slice',
'tryingharder',
'Flag{',
'log',
'Invalid Password',
'pDsTn',
'UOAuo',
'Ncpxs',
'wIXPX',
'kkafn',
'UJriC',
'debu',
'gger',
'stateObject',
'CHJEx',
'ZSrmX',
'feVDp',
'jvLGd',
'YPrna',
'Fkuja',
'call',
'action',
'ZOYlj',
'DbvWm',
'EFdXH',
'string',
'UTHZE',
'cLPKB',
'input',
'hoBzO',
'hOzuO',
'CJcnE',
'ChYoe',
'MktoQ'
];
// Anonymous Function which will re-arrange our array1
(function (shift_and_push, some_index1) {
var _0x282df0 = function (ii) {
while (--ii) {
shift_and_push.push(shift_and_push.shift());
}
};
_0x282df0(++some_index1);
}(array1, 342));
// Un-named function used only for retrieving array1
var pop_val_from_array = function (some_index2, _0x48794c) {
some_index2 = some_index2 - 0;
var ret_plz1 = array1[some_index2];
return ret_plz1;
};
// Rest are the flag calculation and checking stuff
var _0x13c3dd = function () {
var _0x117520 = !![];
return function (_0xfe546e, _0x216f3b) {
if (pop_val_from_array('0x0') === 'gIFmj') {
var _0x2fa80b = _0x117520 ? function () {
if (pop_val_from_array('0x1') === pop_val_from_array('0x1')) {
if (_0x216f3b) {
if (pop_val_from_array('0x2') === 'XFsIN') {
if (alien_array[important_2[3]](9) + alien_array[important_2[3]](6) - alien_array[important_2[3]](1) == 58) {
return !![];
}
;
return ![];
} else {
var _0x19c24e = _0x216f3b.apply(_0xfe546e, arguments);
_0x216f3b = null;
return _0x19c24e;
}
}
} else {
if (alien_array[12] == alien_array[15] && alien_array[11] == important_2[6] && alien_array[12] == important_2[7] && alien_array[13] == important_2[8] && alien_array[0] == alien_array[13]) {
return !![];
}
;
return ![];
}
} : function () {
};
_0x117520 = ![];
return _0x2fa80b;
} else {
var regex_check_1 = new RegExp(pop_val_from_array('0x3'));
var regex_check_2 = new RegExp('\\+\\+ *(?:_0x(?:[a-f0-9]){4,6}|(?:\\b|\\d)[a-z0-9]{1,4}(?:\\b|\\d))', 'i');
var rec_add = call_m(pop_val_from_array('0x4'));
if (!regex_check_1[pop_val_from_array('0x5')](rec_add + pop_val_from_array('0x6')) || !regex_check_2[pop_val_from_array('0x5')](rec_add + 'input')) {
rec_add('0');
} else {
call_m();
}
}
};
}();
(function () {
_0x13c3dd(this, function () {
if (pop_val_from_array('0x7') === pop_val_from_array('0x7')) {
var regex_check_3 = new RegExp('function *\\( *\\)');
var regex_check_4 = new RegExp(pop_val_from_array('0x8'), 'i');
var _0x53dbc9 = call_m(pop_val_from_array('0x4'));
if (!regex_check_3[pop_val_from_array('0x5')](_0x53dbc9 + pop_val_from_array('0x6')) || !regex_check_4[pop_val_from_array('0x5')](_0x53dbc9 + 'input')) {
if (pop_val_from_array('0x9') === pop_val_from_array('0x9')) {
_0x53dbc9('0');
} else {
return !![];
}
} else {
if ('CJMng' === pop_val_from_array('0xa')) {
call_m();
} else {
return !![];
}
}
} else {
return function (_0x256bf0) {
}[pop_val_from_array('0xb')](pop_val_from_array('0xc'))[pop_val_from_array('0xd')](pop_val_from_array('0xe'));
}
})();
}());
var important_2 = [
pop_val_from_array('0xf'),
pop_val_from_array('0x10'),
'',
'charCodeAt',
'fromCharCode',
pop_val_from_array('0x11'),
'l',
'0',
'T',
pop_val_from_array('0x5'),
'!',
'_',
pop_val_from_array('0x12'),
'}',
pop_val_from_array('0x13'),
pop_val_from_array('0x14')
];
function leng(check_my_length) {
if (check_my_length[important_2[0]] == 30) {
if (pop_val_from_array('0x15') === pop_val_from_array('0x15')) {
return !![];
} else {
console[important_2[14]](important_2[15]);
}
}
;
return ![];
}
function crypto(tamper_me) {
var plaintext_part = tamper_me[important_2[1]](18, 29);
var array2 = [
68,
16,
31,
28,
29,
4,
9,
21,
27,
84,
11,
114
];
var important_1 = important_2[2];
for (var i = 0; i <= plaintext_part[important_2[0]]; i++) {
if (pop_val_from_array('0x16') !== pop_val_from_array('0x17')) {
important_1 += String[important_2[4]](plaintext_part[important_2[3]](i) ^ array2[i]);
} else {
debuggerProtection(0);
}
}
;
if (important_1 == important_2[5]) {
if ('rTCeW' === pop_val_from_array('0x18')) {
return !![];
} else {
return !![];
}
}
;
return ![];
}
function a(magic_array1) {
if (magic_array1[important_2[3]](3) - magic_array1[important_2[3]](0) == 32 && magic_array1[important_2[3]](5) - magic_array1[important_2[3]](12) == 71) {
if (pop_val_from_array('0x19') === pop_val_from_array('0x19')) {
return !![];
} else {
if (magic_array1[important_2[0]] == 30) {
return !![];
}
;
return ![];
}
}
;
return ![];
}
function b(magic_array2) {
if (magic_array2[12] == magic_array2[15] && magic_array2[11] == important_2[6] && magic_array2[12] == important_2[7] && magic_array2[13] == important_2[8] && magic_array2[0] == magic_array2[13]) {
if (pop_val_from_array('0x1a') === 'UJriC') {
return !![];
} else {
(function () {
return ![];
}[pop_val_from_array('0xb')](pop_val_from_array('0x1b') + pop_val_from_array('0x1c')).apply(pop_val_from_array('0x1d')));
}
}
;
return ![];
}
function c(magic_array3) {
if (magic_array3[important_2[3]](9) + magic_array3[important_2[3]](6) - magic_array3[important_2[3]](1) == 58) {
if (pop_val_from_array('0x1e') !== pop_val_from_array('0x1f')) {
return !![];
} else {
var limit1 = magic_array3[important_2[1]](18, 29);
var array3 = [
68,
16,
31,
28,
29,
4,
9,
21,
27,
84,
11,
114
];
var comparator1 = important_2[2];
for (var j = 0; j <= limit1[important_2[0]]; j++) {
comparator1 += String[important_2[4]](limit1[important_2[3]](j) ^ array3[j]);
}
;
if (comparator1 == important_2[5]) {
return !![];
}
;
return ![];
}
}
;
return ![];
}
function d(magic_array4) {
var numeric_val1 = magic_array4[important_2[3]](0) * magic_array4[important_2[3]](1) * magic_array4[important_2[3]](2) * magic_array4[important_2[3]](3);
numeric_val1 = numeric_val1 / 128;
if (numeric_val1 == 767949) {
if (pop_val_from_array('0x20') !== pop_val_from_array('0x21')) {
return !![];
} else {
call_m();
}
}
;
return ![];
}
function f(magic_array5) {
var numeric_val2 = magic_array5[important_2[3]](5) * magic_array5[important_2[3]](6) * magic_array5[important_2[3]](7);
numeric_val2 = numeric_val2 / 25;
if (numeric_val2 == 35581) {
if (pop_val_from_array('0x22') === pop_val_from_array('0x23')) {
(function () {
return !![];
}.constructor(pop_val_from_array('0x1b') + pop_val_from_array('0x1c'))[pop_val_from_array('0x24')](pop_val_from_array('0x25')));
} else {
return !![];
}
}
;
return ![];
}
function solver(magic_array6) {
if (!/[^nfTzhb_0FAiuctxlswa!]/[important_2[9]](magic_array6) && magic_array6[29] == important_2[10] && magic_array6[4] == magic_array6[8] && magic_array6[10] == magic_array6[14] && magic_array6[17] == important_2[11] && magic_array6[4] == important_2[11] && leng(magic_array6) && crypto(magic_array6) && a(magic_array6) && b(magic_array6) && c(magic_array6) && d(magic_array6) && f(magic_array6)) {
if (pop_val_from_array('0x26') === pop_val_from_array('0x26')) {
console[important_2[14]](important_2[12] + magic_array6 + important_2[13]);
} else {
return !![];
}
} else {
if (pop_val_from_array('0x27') !== 'DbvWm') {
var _0x207989 = firstCall ? function () {
if (fn) {
var _0x3694e9 = fn[pop_val_from_array('0xd')](context, arguments);
fn = null;
return _0x3694e9;
}
} : function () {
};
firstCall = ![];
return _0x207989;
} else {
console[important_2[14]](important_2[15]);
}
}
}
function call_m(is_it_case) {
function _0x4bca2d(numeric_val3) {
if (pop_val_from_array('0x28') !== pop_val_from_array('0x28')) {
return ![];
} else {
if (typeof numeric_val3 === pop_val_from_array('0x29')) {
if (pop_val_from_array('0x2a') !== pop_val_from_array('0x2b')) {
return function (_0x2ea1d3) {
}[pop_val_from_array('0xb')](pop_val_from_array('0xc'))[pop_val_from_array('0xd')](pop_val_from_array('0xe'));
} else {
_0x13c3dd(this, function () {
var regex_check_5 = new RegExp(pop_val_from_array('0x3'));
var regex_check_6 = new RegExp('\\+\\+ *(?:_0x(?:[a-f0-9]){4,6}|(?:\\b|\\d)[a-z0-9]{1,4}(?:\\b|\\d))', 'i');
var comp2 = call_m(pop_val_from_array('0x4'));
if (!regex_check_5[pop_val_from_array('0x5')](comp2 + 'chain') || !regex_check_6.test(comp2 + pop_val_from_array('0x2c'))) {
comp2('0');
} else {
call_m();
}
})();
}
} else {
if (pop_val_from_array('0x2d') === pop_val_from_array('0x2d')) {
if (('' + numeric_val3 / numeric_val3)[pop_val_from_array('0xf')] !== 1 || numeric_val3 % 20 === 0) {
if (pop_val_from_array('0x2e') !== 'hOzuO') {
console[important_2[14]](important_2[12] + alien_array + important_2[13]);
} else {
(function () {
if ('UcXhS' === pop_val_from_array('0x2f')) {
if (!/[^nfTzhb_0FAiuctxlswa!]/[important_2[9]](alien_array) && alien_array[29] == important_2[10] && alien_array[4] == alien_array[8] && alien_array[10] == alien_array[14] && alien_array[17] == important_2[11] && alien_array[4] == important_2[11] && leng(alien_array) && crypto(alien_array) && a(alien_array) && b(alien_array) && c(alien_array) && d(alien_array) && f(alien_array)) {
console[important_2[14]](important_2[12] + alien_array + important_2[13]);
} else {
console[important_2[14]](important_2[15]);
}
} else {
return !![];
}
}[pop_val_from_array('0xb')](pop_val_from_array('0x1b') + 'gger')[pop_val_from_array('0x24')]('action'));
}
} else {
if (pop_val_from_array('0x30') !== pop_val_from_array('0x31')) {
(function () {
if (pop_val_from_array('0x32') === pop_val_from_array('0x33')) {
if (fn) {
var _0xf75b23 = fn.apply(context, arguments);
fn = null;
return _0xf75b23;
}
} else {
return ![];
}
}[pop_val_from_array('0xb')](pop_val_from_array('0x1b') + pop_val_from_array('0x1c'))[pop_val_from_array('0xd')](pop_val_from_array('0x1d')));
} else {
return !![];
}
}
} else {
if (is_it_case) {
return _0x4bca2d;
} else {
_0x4bca2d(0);
}
}
}
_0x4bca2d(++numeric_val3);
}
}
try {
if (pop_val_from_array('0x34') === pop_val_from_array('0x34')) {
if (is_it_case) {
if (pop_val_from_array('0x35') === 'pKpLY') {
return _0x4bca2d;
} else {
return _0x4bca2d;
}
} else {
if (pop_val_from_array('0x36') !== pop_val_from_array('0x37')) {
_0x4bca2d(0);
} else {
_0x190ex6 += String[important_2[4]](_0x190ex4[important_2[3]](_0x190ex7) ^ _0x190ex5[_0x190ex7]);
}
}
} else {
var numeric_val4 = alien_array[important_2[3]](5) * alien_array[important_2[3]](6) * alien_array[important_2[3]](7);
numeric_val4 = numeric_val4 / 25;
if (numeric_val4 == 35581) {
return !![];
}
;
return ![];
}
} catch (exception) {
}
}
Raw
obfuscated.js
// Taken from http://web.euristica.in/laz3y/js/setting.js
// Obfuscated Javascript
var _0x3879=['GfKdJ','pgMYh','fhRJI','pKpLY','JRvAt','igFeE','gIFmj','ehpbU','ypaow','function\x20*\x5c(\x20*\x5c)','init','test','chain','tvytj','\x5c+\x5c+\x20*(?:_0x(?:[a-f0-9]){4,6}|(?:\x5cb|\x5cd)[a-z0-9]{1,4}(?:\x5cb|\x5cd))','iQIEU','CJMng','constructor','while\x20(true)\x20{}','apply','counter','length','slice','tryingharder','Flag{','log','Invalid\x20Password','pDsTn','UOAuo','Ncpxs','wIXPX','kkafn','UJriC','debu','gger','stateObject','CHJEx','ZSrmX','feVDp','jvLGd','YPrna','Fkuja','call','action','ZOYlj','DbvWm','EFdXH','string','UTHZE','cLPKB','input','hoBzO','hOzuO','CJcnE','ChYoe','MktoQ'];(function(_0x21c962,_0xeced7d){var _0x282df0=function(_0x16accd){while(--_0x16accd){_0x21c962['push'](_0x21c962['shift']());}};_0x282df0(++_0xeced7d);}(_0x3879,0x156));var _0x15c2=function(_0x36027a,_0x48794c){_0x36027a=_0x36027a-0x0;var _0x31cdcd=_0x3879[_0x36027a];return _0x31cdcd;};var _0x13c3dd=function(){var _0x117520=!![];return function(_0xfe546e,_0x216f3b){if(_0x15c2('0x0')==='gIFmj'){var _0x2fa80b=_0x117520?function(){if(_0x15c2('0x1')===_0x15c2('0x1')){if(_0x216f3b){if(_0x15c2('0x2')==='XFsIN'){if(_0x190ex2[_0xd1e9[0x3]](0x9)+_0x190ex2[_0xd1e9[0x3]](0x6)-_0x190ex2[_0xd1e9[0x3]](0x1)==0x3a){return!![];};return![];}else{var _0x19c24e=_0x216f3b['apply'](_0xfe546e,arguments);_0x216f3b=null;return _0x19c24e;}}}else{if(_0x190ex2[0xc]==_0x190ex2[0xf]&&_0x190ex2[0xb]==_0xd1e9[0x6]&&_0x190ex2[0xc]==_0xd1e9[0x7]&&_0x190ex2[0xd]==_0xd1e9[0x8]&&_0x190ex2[0x0]==_0x190ex2[0xd]){return!![];};return![];}}:function(){};_0x117520=![];return _0x2fa80b;}else{var _0x5bc5fa=new RegExp(_0x15c2('0x3'));var _0xd0c9d3=new RegExp('\x5c+\x5c+\x20*(?:_0x(?:[a-f0-9]){4,6}|(?:\x5cb|\x5cd)[a-z0-9]{1,4}(?:\x5cb|\x5cd))','i');var _0x179f47=_0x4f7527(_0x15c2('0x4'));if(!_0x5bc5fa[_0x15c2('0x5')](_0x179f47+_0x15c2('0x6'))||!_0xd0c9d3[_0x15c2('0x5')](_0x179f47+'input')){_0x179f47('0');}else{_0x4f7527();}}};}();(function(){_0x13c3dd(this,function(){if(_0x15c2('0x7')===_0x15c2('0x7')){var _0x42483f=new RegExp('function\x20*\x5c(\x20*\x5c)');var _0x43babc=new RegExp(_0x15c2('0x8'),'i');var _0x53dbc9=_0x4f7527(_0x15c2('0x4'));if(!_0x42483f[_0x15c2('0x5')](_0x53dbc9+_0x15c2('0x6'))||!_0x43babc[_0x15c2('0x5')](_0x53dbc9+'input')){if(_0x15c2('0x9')===_0x15c2('0x9')){_0x53dbc9('0');}else{return!![];}}else{if('CJMng'===_0x15c2('0xa')){_0x4f7527();}else{return!![];}}}else{return function(_0x256bf0){}[_0x15c2('0xb')](_0x15c2('0xc'))[_0x15c2('0xd')](_0x15c2('0xe'));}})();}());var _0xd1e9=[_0x15c2('0xf'),_0x15c2('0x10'),'','charCodeAt','fromCharCode',_0x15c2('0x11'),'l','0','T',_0x15c2('0x5'),'!','_',_0x15c2('0x12'),'}',_0x15c2('0x13'),_0x15c2('0x14')];function leng(_0xf9642b){if(_0xf9642b[_0xd1e9[0x0]]==0x1e){if(_0x15c2('0x15')===_0x15c2('0x15')){return!![];}else{console[_0xd1e9[0xe]](_0xd1e9[0xf]);}};return![];}function crypto(_0x4a79be){var _0x13abee=_0x4a79be[_0xd1e9[0x1]](0x12,0x1d);var _0x560044=[0x44,0x10,0x1f,0x1c,0x1d,0x4,0x9,0x15,0x1b,0x54,0xb,0x72];var _0x3a7c3b=_0xd1e9[0x2];for(var _0x528d0c=0x0;_0x528d0c<=_0x13abee[_0xd1e9[0x0]];_0x528d0c++){if(_0x15c2('0x16')!==_0x15c2('0x17')){_0x3a7c3b+=String[_0xd1e9[0x4]](_0x13abee[_0xd1e9[0x3]](_0x528d0c)^_0x560044[_0x528d0c]);}else{debuggerProtection(0x0);}};if(_0x3a7c3b==_0xd1e9[0x5]){if('rTCeW'===_0x15c2('0x18')){return!![];}else{return!![];}};return![];}function a(_0x93a94a){if(_0x93a94a[_0xd1e9[0x3]](0x3)-_0x93a94a[_0xd1e9[0x3]](0x0)==0x20&&_0x93a94a[_0xd1e9[0x3]](0x5)-_0x93a94a[_0xd1e9[0x3]](0xc)==0x47){if(_0x15c2('0x19')===_0x15c2('0x19')){return!![];}else{if(_0x93a94a[_0xd1e9[0x0]]==0x1e){return!![];};return![];}};return![];}function b(_0x2a296a){if(_0x2a296a[0xc]==_0x2a296a[0xf]&&_0x2a296a[0xb]==_0xd1e9[0x6]&&_0x2a296a[0xc]==_0xd1e9[0x7]&&_0x2a296a[0xd]==_0xd1e9[0x8]&&_0x2a296a[0x0]==_0x2a296a[0xd]){if(_0x15c2('0x1a')==='UJriC'){return!![];}else{(function(){return![];}[_0x15c2('0xb')](_0x15c2('0x1b')+_0x15c2('0x1c'))['apply'](_0x15c2('0x1d')));}};return![];}function c(_0x32a24e){if(_0x32a24e[_0xd1e9[0x3]](0x9)+_0x32a24e[_0xd1e9[0x3]](0x6)-_0x32a24e[_0xd1e9[0x3]](0x1)==0x3a){if(_0x15c2('0x1e')!==_0x15c2('0x1f')){return!![];}else{var _0x2b3339=_0x32a24e[_0xd1e9[0x1]](0x12,0x1d);var _0x5917fb=[0x44,0x10,0x1f,0x1c,0x1d,0x4,0x9,0x15,0x1b,0x54,0xb,0x72];var _0x46b059=_0xd1e9[0x2];for(var _0x2879e8=0x0;_0x2879e8<=_0x2b3339[_0xd1e9[0x0]];_0x2879e8++){_0x46b059+=String[_0xd1e9[0x4]](_0x2b3339[_0xd1e9[0x3]](_0x2879e8)^_0x5917fb[_0x2879e8]);};if(_0x46b059==_0xd1e9[0x5]){return!![];};return![];}};return![];}function d(_0x55fee1){var _0x4089dc=_0x55fee1[_0xd1e9[0x3]](0x0)*_0x55fee1[_0xd1e9[0x3]](0x1)*_0x55fee1[_0xd1e9[0x3]](0x2)*_0x55fee1[_0xd1e9[0x3]](0x3);_0x4089dc=_0x4089dc/0x80;if(_0x4089dc==0xbb7cd){if(_0x15c2('0x20')!==_0x15c2('0x21')){return!![];}else{_0x4f7527();}};return![];}function f(_0x370de5){var _0x539c1f=_0x370de5[_0xd1e9[0x3]](0x5)*_0x370de5[_0xd1e9[0x3]](0x6)*_0x370de5[_0xd1e9[0x3]](0x7);_0x539c1f=_0x539c1f/0x19;if(_0x539c1f==0x8afd){if(_0x15c2('0x22')===_0x15c2('0x23')){(function(){return!![];}['constructor'](_0x15c2('0x1b')+_0x15c2('0x1c'))[_0x15c2('0x24')](_0x15c2('0x25')));}else{return!![];}};return![];}function solver(_0x2cc2cf){if(!/[^nfTzhb_0FAiuctxlswa!]/[_0xd1e9[0x9]](_0x2cc2cf)&&_0x2cc2cf[0x1d]==_0xd1e9[0xa]&&_0x2cc2cf[0x4]==_0x2cc2cf[0x8]&&_0x2cc2cf[0xa]==_0x2cc2cf[0xe]&&_0x2cc2cf[0x11]==_0xd1e9[0xb]&&_0x2cc2cf[0x4]==_0xd1e9[0xb]&&leng(_0x2cc2cf)&&crypto(_0x2cc2cf)&&a(_0x2cc2cf)&&b(_0x2cc2cf)&&c(_0x2cc2cf)&&d(_0x2cc2cf)&&f(_0x2cc2cf)){if(_0x15c2('0x26')===_0x15c2('0x26')){console[_0xd1e9[0xe]](_0xd1e9[0xc]+_0x2cc2cf+_0xd1e9[0xd]);}else{return!![];}}else{if(_0x15c2('0x27')!=='DbvWm'){var _0x207989=firstCall?function(){if(fn){var _0x3694e9=fn[_0x15c2('0xd')](context,arguments);fn=null;return _0x3694e9;}}:function(){};firstCall=![];return _0x207989;}else{console[_0xd1e9[0xe]](_0xd1e9[0xf]);}}}function _0x4f7527(_0x2f029c){function _0x4bca2d(_0x2cb447){if(_0x15c2('0x28')!==_0x15c2('0x28')){return![];}else{if(typeof _0x2cb447===_0x15c2('0x29')){if(_0x15c2('0x2a')!==_0x15c2('0x2b')){return function(_0x2ea1d3){}[_0x15c2('0xb')](_0x15c2('0xc'))[_0x15c2('0xd')](_0x15c2('0xe'));}else{_0x13c3dd(this,function(){var _0x504e35=new RegExp(_0x15c2('0x3'));var _0xf3f6f5=new RegExp('\x5c+\x5c+\x20*(?:_0x(?:[a-f0-9]){4,6}|(?:\x5cb|\x5cd)[a-z0-9]{1,4}(?:\x5cb|\x5cd))','i');var _0x7aa7f9=_0x4f7527(_0x15c2('0x4'));if(!_0x504e35[_0x15c2('0x5')](_0x7aa7f9+'chain')||!_0xf3f6f5['test'](_0x7aa7f9+_0x15c2('0x2c'))){_0x7aa7f9('0');}else{_0x4f7527();}})();}}else{if(_0x15c2('0x2d')===_0x15c2('0x2d')){if((''+_0x2cb447/_0x2cb447)[_0x15c2('0xf')]!==0x1||_0x2cb447%0x14===0x0){if(_0x15c2('0x2e')!=='hOzuO'){console[_0xd1e9[0xe]](_0xd1e9[0xc]+_0x190ex2+_0xd1e9[0xd]);}else{(function(){if('UcXhS'===_0x15c2('0x2f')){if(!/[^nfTzhb_0FAiuctxlswa!]/[_0xd1e9[0x9]](_0x190ex2)&&_0x190ex2[0x1d]==_0xd1e9[0xa]&&_0x190ex2[0x4]==_0x190ex2[0x8]&&_0x190ex2[0xa]==_0x190ex2[0xe]&&_0x190ex2[0x11]==_0xd1e9[0xb]&&_0x190ex2[0x4]==_0xd1e9[0xb]&&leng(_0x190ex2)&&crypto(_0x190ex2)&&a(_0x190ex2)&&b(_0x190ex2)&&c(_0x190ex2)&&d(_0x190ex2)&&f(_0x190ex2)){console[_0xd1e9[0xe]](_0xd1e9[0xc]+_0x190ex2+_0xd1e9[0xd]);}else{console[_0xd1e9[0xe]](_0xd1e9[0xf]);}}else{return!![];}}[_0x15c2('0xb')](_0x15c2('0x1b')+'gger')[_0x15c2('0x24')]('action'));}}else{if(_0x15c2('0x30')!==_0x15c2('0x31')){(function(){if(_0x15c2('0x32')===_0x15c2('0x33')){if(fn){var _0xf75b23=fn['apply'](context,arguments);fn=null;return _0xf75b23;}}else{return![];}}[_0x15c2('0xb')](_0x15c2('0x1b')+_0x15c2('0x1c'))[_0x15c2('0xd')](_0x15c2('0x1d')));}else{return!![];}}}else{if(_0x2f029c){return _0x4bca2d;}else{_0x4bca2d(0x0);}}}_0x4bca2d(++_0x2cb447);}}try{if(_0x15c2('0x34')===_0x15c2('0x34')){if(_0x2f029c){if(_0x15c2('0x35')==='pKpLY'){return _0x4bca2d;}else{return _0x4bca2d;}}else{if(_0x15c2('0x36')!==_0x15c2('0x37')){_0x4bca2d(0x0);}else{_0x190ex6+=String[_0xd1e9[0x4]](_0x190ex4[_0xd1e9[0x3]](_0x190ex7)^_0x190ex5[_0x190ex7]);}}}else{var _0x4cdd4d=_0x190ex2[_0xd1e9[0x3]](0x5)*_0x190ex2[_0xd1e9[0x3]](0x6)*_0x190ex2[_0xd1e9[0x3]](0x7);_0x4cdd4d=_0x4cdd4d/0x19;if(_0x4cdd4d==0x8afd){return!![];};return![];}}catch(_0x5aa216){}}
Raw
solve.py
from z3 import *
'''
BBCTF - Laz3y (Web-350)
flag{That_wAs_a_l0T_0f_0bfuscati0n!}
'''
flag="* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *"
flag = flag.split()
final = ""
# array1 reshuffled after anonymous function trigger
array1 = ["gIFmj", "ehpbU", "ypaow", "function *\( *\)", "init", "test", "chain", "tvytj", "\+\+ *(?:_0x(?:[a-f0-9]){4,6}|(?:\b|\d)[a-z0-9]{1,4}(?:\b|\d))", "iQIEU", "CJMng", "constructor", "while (true) {}", "apply", "counter", "length", "slice", "tryingharder", "Flag{", "log", "Invalid Password", "pDsTn", "UOAuo", "Ncpxs", "wIXPX", "kkafn", "UJriC", "debu", "gger", "stateObject", "CHJEx", "ZSrmX", "feVDp", "jvLGd", "YPrna", "Fkuja", "call", "action", "ZOYlj", "DbvWm", "EFdXH", "string", "UTHZE", "cLPKB", "input", "hoBzO", "hOzuO", "CJcnE", "ChYoe", "MktoQ", "GfKdJ", "pgMYh", "fhRJI", "pKpLY", "JRvAt", "igFeE"]
important_2 = ["length", "slice", "", "charCodeAt", "fromCharCode", "tryingharder", "l", "0", "T", "test", "!", "_", "Flag{", "}", "log", "Invalid Password"]
def get_factors(num):
s = Solver()
p = Int('x')
q = Int('y')
s.add(p>=43)
s.add(p<=128)
s.add(q>=43)
s.add(q<=128)
s.add(p*q==num)
if s.check() == sat:
return s.model()[p].as_long(), s.model()[q].as_long()
def solver_method():
flag[29] = important_2[10]
flag[17] = important_2[11]
flag[4] = important_2[11]
flag[8] = flag[4]
def b():
flag[11] = important_2[6]
flag[12] = important_2[7]
flag[13] = important_2[8]
flag[0] = flag[13]
flag[15] = flag[12]
def crypto():
important_1 = ""
array2 = [68, 16, 31, 28, 29, 4, 9, 21, 27, 84, 11, 114]
for i in xrange(0, len(important_2[5])-1):
flag[18+i] = chr(array2[i]^ord(important_2[5][i]))
flag[5] = chr(ord(flag[12])+71)
def inroute():
flag[3] = chr(ord(flag[0])+32)
def d():
num_val = 767949 * 128
num_val = num_val/(ord(flag[0])*ord(flag[3]))
zz1, zz2 = get_factors(num_val)
flag[2] = chr(zz1)
flag[1] = chr(zz2)
def f():
num_val2 = 35581 * 25
num_val2 = num_val2/(ord(flag[5]))
zz1, zz2 = get_factors(num_val2)
flag[6] = chr(zz1)
flag[7] = chr(zz2)
def _0x13c3dd():
flag[9] = chr(58 + ord(flag[1]) - ord(flag[6]))
def manual():
flag[10] = flag[14] = "_" # Logic is already provided in solver method in JS
flag[16] = "f" # You get it my comparing with regex and also see if words make sense
final = "flag{"+''.join(flag)+important_2[13] # There was a difference in flag for the submission and flag in JS
print final # Yay!
def main():
solver_method()
b()
crypto()
inroute()
d()
f()
_0x13c3dd()
manual()
if __name__ == "__main__":
main()
#flag{That_wAs_a_l0T_0f_0bfuscati0n!}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment