👾
Elijah's CTF Blog
  • 👋Home
  • 🇲🇾Wargames.MY CTF 2024
    • Credentials (crypto)
    • Stones (rev)
    • Rick'S Algorithm (crypto)
    • Rick'S Algorithm 2 (crypto)
    • Hohoho 3 continue (crypto)
  • 🎄Advent of CTF 2024
    • Jingle Bell ROP (pwn)
    • help (pwn)
  • Backdoor CTF 24
    • [rev] Ratatouille
  • 🇭🇰HKCERT CTF 24
    • Shellcode Runner 3 + Revenge (pwn)
    • ISH (1) (pwn)
    • Cyp.ress (rev)
    • Void (rev)
  • 🇮🇹ECSC 2024
    • ➕OffTopic (crypto)
  • 🎩Greyhats WelcomeCTF 24
    • EE2026 (misc)
  • 🚆UIUCTF 24
    • Syscalls (pwn)
    • Summarize (rev)
    • X Marked the Spot (crypto)
    • Without a Trace (crypto)
    • Determined (crypto)
    • Naptime (crypto)
    • Snore Signatures (crypto)
  • 🪼Jelly CTF 24
    • Cherry (crypto)
    • the_brewing_secrets (crypto)
  • 👨‍🦯vsCTF 24
    • Dream (crypto)
    • Cosmic Ray V3 (pwn)
  • 😎AKASEC CTF 24
    • Warmup (pwn)
    • Good_trip (pwn)
    • Sperm Rev (rev)
    • Paranoia (rev)
    • Grip (rev)
    • Risks (rev)
    • Lost (crypto)
  • 😁L3AK CTF 24
    • oorrww (pwn)
    • angry (rev)
    • Related (crypto)
    • BatBot (web-misc)
    • Matrix Magic (crypto)
  • 🥹CDDC Qualifiers 2024
    • WASM (rev)
    • crashMe (pwn)
Powered by GitBook
On this page
  1. HKCERT CTF 24

Void (rev)

I made a simple webpage that checks whether the flag is correct... Wait, where are the flag-checking functions?

Last updated 6 months ago

As the name suggests, this challenge requires us to reverse engineer some front-end javascript code. However, upon viewing the code via inspector, the script appears to have many blank lines and ends with a weird function.

As you can see, there are approximately 800 lines of seemingly invisible javascript. On copy-pasting into Visual Studio Code, however, we are warned that there are invisible unicode characters.

Following the URL linked in the code, we see aemkei's post on invisible.js, which is a method of encoding used to make javascript scripts invisible.

On closer inspection of the script, it first accumulates all the human-readable code inside a variable f, then when the code is ready it does eval(f).

To reverse engineer and obtain the human-readable code, we can simply add console.log into the javascript function to make it print the code before running it. Below is my modified \u3164 function:

function \u3164(){
    return f="",p=[],new Proxy({},{
        has:(t,n)=>(p.push(n.length-1),2==p.length&&(p[0]||p[1]||
            (console.log(f) && eval(f)),
            f+=String.fromCharCode(p[0]<<4|p[1]),p=[]),!0)})}

This prints the javascript code just before it is executed (I ran the code on programiz.com)

Which gives us the flag!

🇭🇰