Solving a JavaScript crackme: JS SAFE 2.0 (web) – Google CTF 2018




Solving a crackme implemented in JavaScript that attempts to obfuscate the algorithm through some anti-debugging.

Solution Script / HTML: https://gist.github.com/LiveOverflow/bbdffe3777ce0f008b452e0a789cef65
John Hammond: https://www.youtube.com/user/RootOfTheNull

-=[ πŸ”΄ Stuff I use ]=-

β†’ Microphone:* https://amzn.to/2LW6ldx
β†’ Graphics tablet:* https://amzn.to/2C8djYj
β†’ Camera#1 for streaming:* https://amzn.to/2SJ66VM
β†’ Lens for streaming:* https://amzn.to/2CdG31I
β†’ Connect Camera#1 to PC:* https://amzn.to/2VDRhWj
β†’ Camera#2 for electronics:* https://amzn.to/2LWxehv
β†’ Lens for macro shots:* https://amzn.to/2C5tXrw
β†’ Keyboard:* https://amzn.to/2LZgCFD
β†’ Headphones:* https://amzn.to/2M2KhxW

-=[ ❀️ Support ]=-

β†’ per Video: https://www.patreon.com/join/liveoverflow
β†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ πŸ• Social ]=-

β†’ Twitter: https://twitter.com/LiveOverflow/
β†’ Website: https://liveoverflow.com/
β†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
β†’ Facebook: https://www.facebook.com/LiveOverflow/

-=[ πŸ“„ P.S. ]=-

All links with “*” are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CTF

Original source


42 responses to “Solving a JavaScript crackme: JS SAFE 2.0 (web) – Google CTF 2018”

  1. The confusion with the x's isn't cuz of the with statement. The parameter Ρ… (U+0445 or 1093) isn't the x from the English alphabet. It is a Cyrillic alphabet which only looks like it. And this input variable was never used in the code except for the last eval() which dynamically generated 'Ρ…==c(weird_string,h(Ρ…))' referring to our input Ρ…. THAT was the beauty of the challenge πŸ˜›

  2. I'm an outsider looking in. I tried to figure it out, but as far as I can tell "x" provides the password in hidden and obscured fashion. That of course being the main difficulty. Me having little knowledge of JS I know I would be incapable of solving for "x" assuming my assessment here is correct.

  3. Love you videos, i'm gradually learning more and more thanks to you ! Your explainations helps me understand the mindset behind these CTF, hopefully with more knowledge and time i'll be able to clear some CTF one day πŸ™‚ Cheers !

  4. I'm a long-time computer enthusiast with 'okay' coding skills (intermediate skill perhaps?) and I'm starting my compsci course at uni this year. Thanks for the cool videos. I hope I can practice and get to the point where my style of thinking makes these kinds of problems a matter of 'intuition' like it seems to be for you and definitely others who do CTFs.

  5. Great video!
    Are there any similiar websites where you can practice JS by solving similiar tasks (I still feel I’m not ready to join CTF) ?
    Any recommendations are welcome.

Leave a Reply