PicoCTF-2021 Writeup
Search
⌃K

Some Assembly Required 1

Problem

Solution

  1. 1.
    The website loads an obfuscated javascript file. I spent a lot of time analyzing this file and realized that it performs an HTTP request and downloads the following string: AGFzbQEAAAABEwRgAABgAn9/AX9gAAF/YAJ/fwADBQQAAQIDBAUBcAEBAQUDAQACBjEIfwFBsIoEC38AQbAIC38AQYAIC38AQbAKC38AQYAIC38AQbCKBAt/AEEAC38AQQELB6EBDAZtZW1vcnkCABFfX3dhc21fY2FsbF9jdG9ycwAABnN0cmNtcAABCmNoZWNrX2ZsYWcAAgVpbnB1dAMBCWNvcHlfY2hhcgADDF9fZHNvX2hhbmRsZQMCCl9fZGF0YV9lbmQDAw1fX2dsb2JhbF9iYXNlAwQLX19oZWFwX2Jhc2UDBQ1fX21lbW9yeV9iYXNlAwYMX190YWJsZV9iYXNlAwcK+gMEAgAL5wIBKn8jgICAgAAhAkEgIQMgAiADayEEIAQgADYCGCAEIAE2AhQgBCgCGCEFIAQgBTYCECAEKAIUIQYgBCAGNgIMAkADQCAEKAIQIQdBASEIIAcgCGohCSAEIAk2AhAgBy0AACEKIAQgCjoACyAEKAIMIQtBASEMIAsgDGohDSAEIA02AgwgCy0AACEOIAQgDjoACiAELQALIQ9B/wEhECAPIBBxIRECQCARDQAgBC0ACyESQf8BIRMgEiATcSEUIAQtAAohFUH/ASEWIBUgFnEhFyAUIBdrIRggBCAYNgIcDAILIAQtAAshGUH/ASEaIBkgGnEhGyAELQAKIRxB/wEhHSAcIB1xIR4gGyEfIB4hICAfICBGISFBASEiICEgInEhIyAjDQALIAQtAAshJEH/ASElICQgJXEhJiAELQAKISdB/wEhKCAnIChxISkgJiApayEqIAQgKjYCHAsgBCgCHCErICsPC0wBC39BACEAQbCIgIAAIQFBgIiAgAAhAiACIAEQgYCAgAAhAyADIQQgACEFIAQgBUchBkF/IQcgBiAHcyEIQQEhCSAIIAlxIQogCg8LPwEFfyOAgICAACECQRAhAyACIANrIQQgBCAANgIMIAQgATYCCCAEKAIMIQUgBCgCCCEGIAYgBToAsIiAgAAPCwsyAQBBgAgLK3BpY29DVEZ7ODg1NzQ2MmY5ZTMwZmFhZTRkMDM3ZTVlMjVmZWUxY2V9AAA=.
  2. 2.
    Decoding this string from base64 shows the flag at the end. This string is compiled WebAssembly. I researched decompiling WebAssembly, which can be done with wasm-decompile in WebAssembly/wabt. I also reversed a lot of the JavaScript unnecessarily. This might come in handy for the next challenge in this series.
  3. 3.
    The compiled wasm file can be found at compiled.wasm. This was created using write_wasm.py from ../Some Assembly Required 2.

Flag

picoCTF{8857462f9e30faae4d037e5e25fee1ce}
Web Exploitation - Previous
Scavenger Hunt
Next - Web Exploitation
Some Assembly Required 2
Last modified 9mo ago