题目链接:https://adworld.xctf.org.cn/challenges/details?hash=2e4acf37-f5e9-4c09-8842-9cbb4ce81a50_2
题解
一个找密码的问题,用Chrome打开题目页面直接右键查看源代码
function dechiffre(pass_enc){
var pass = "70,65,85,88,32,80,65,83,83,87,79,82,68,32,72,65,72,65";
var tab = pass_enc.split(',');
var tab2 = pass.split(',');var i,j,k,l=0,m,n,o,p = "";i = 0;j = tab.length;
k = j + (l) + (n=0);
n = tab2.length;
for(i = (o=0); i < (k = j = n); i++ ){o = tab[i-l];p += String.fromCharCode((o = tab2[i]));
if(i == 5)break;}
for(i = (o=0); i < (k = j = n); i++ ){
o = tab[i-l];
if(i > 5 && i < k-1)
p += String.fromCharCode((o = tab2[i]));
}
p += String.fromCharCode(tab2[17]);
pass = p;return pass;
}
String["fromCharCode"](dechiffre("\x35\x35\x2c\x35\x36\x2c\x35\x34\x2c\x37\x39\x2c\x31\x31\x35\x2c\x36\x39\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x30\x37\x2c\x34\x39\x2c\x35\x30"));
h = window.prompt('Enter password');
alert( dechiffre(h) );
代码做了一些简单的混淆,简化下为
function dechiffre(pass_enc){
var pass = "70,65,85,88,32,80,65,83,83,87,79,82,68,32,72,65,72,65";
var tab2 = pass.split(',');
var p = "";
for(i = 0; i < tab2.length; i++ ){
p += String.fromCharCode(tab2[i]);
if(i == 5)break;
}
for(i = 0; i < tab2.length; i++ ){
if(i > 5 && i < tab2.length-1)
p += String.fromCharCode( tab2[i]);
}
p += String.fromCharCode(tab2[17]);
pass = p;
return pass;
}
// 无用代码
String["fromCharCode"](dechiffre("\x35\x35\x2c\x35\x36\x2c\x35\x34\x2c\x37\x39\x2c\x31\x31\x35\x2c\x36\x39\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x30\x37\x2c\x34\x39\x2c\x35\x30"));
h = window.prompt('Enter password');
alert( dechiffre(h) );
其实就是将"70,65,85,88,32,80,65,83,83,87,79,82,68,32,72,65,72,65"转换字符输出,所以不管你输入什么alert提示永远为FAUX PASSWORD HAHA。根据dechiffre逻辑这个函数功能大概是将密文转化为密码,根据源文件密文为:
\x35\x35\x2c\x35\x36\x2c\x35\x34\x2c\x37\x39\x2c\x31\x31\x35\x2c\x36\x39\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x30\x37\x2c\x34\x39\x2c\x35\x30
这是一个Base16编码的字符串,解开后为:786OsErtk12
Ps:Base16编码介绍:https://blog.csdn.net/z_Fuck/article/details/109702625