Void (rev)

I made a simple webpage that checks whether the flag is correct... Wait, where are the flag-checking functions?

As the name suggests, this challenge requires us to reverse engineer some front-end javascript code. However, upon viewing the code via inspector, the script appears to have many blank lines and ends with a weird function.

As you can see, there are approximately 800 lines of seemingly invisible javascript. On copy-pasting into Visual Studio Code, however, we are warned that there are invisible unicode characters.

Following the URL linked in the code, we see aemkei's post on invisible.js, which is a method of encoding used to make javascript scripts invisible.

On closer inspection of the script, it first accumulates all the human-readable code inside a variable f, then when the code is ready it does eval(f).

To reverse engineer and obtain the human-readable code, we can simply add console.log into the javascript function to make it print the code before running it. Below is my modified \u3164 function:

function \u3164(){
    return f="",p=[],new Proxy({},{
        has:(t,n)=>(p.push(n.length-1),2==p.length&&(p[0]||p[1]||
            (console.log(f) && eval(f)),
            f+=String.fromCharCode(p[0]<<4|p[1]),p=[]),!0)})}

This prints the javascript code just before it is executed (I ran the code on programiz.com)

Which gives us the flag!

Last updated 8 months ago