Some Assembly Required 1

PreviousScavenger Hunt NextSome Assembly Required 2

Last updated 2 years ago

Was this helpful?

Some Assembly Required 1

Problem

Solution

The website loads an obfuscated javascript file. I spent a lot of time analyzing this file and realized that it performs an HTTP request and downloads the following string: AGFzbQEAAAABEwRgAABgAn9/AX9gAAF/YAJ/fwADBQQAAQIDBAUBcAEBAQUDAQACBjEIfwFBsIoEC38AQbAIC38AQYAIC38AQbAKC38AQYAIC38AQbCKBAt/AEEAC38AQQELB6EBDAZtZW1vcnkCABFfX3dhc21fY2FsbF9jdG9ycwAABnN0cmNtcAABCmNoZWNrX2ZsYWcAAgVpbnB1dAMBCWNvcHlfY2hhcgADDF9fZHNvX2hhbmRsZQMCCl9fZGF0YV9lbmQDAw1fX2dsb2JhbF9iYXNlAwQLX19oZWFwX2Jhc2UDBQ1fX21lbW9yeV9iYXNlAwYMX190YWJsZV9iYXNlAwcK+gMEAgAL5wIBKn8jgICAgAAhAkEgIQMgAiADayEEIAQgADYCGCAEIAE2AhQgBCgCGCEFIAQgBTYCECAEKAIUIQYgBCAGNgIMAkADQCAEKAIQIQdBASEIIAcgCGohCSAEIAk2AhAgBy0AACEKIAQgCjoACyAEKAIMIQtBASEMIAsgDGohDSAEIA02AgwgCy0AACEOIAQgDjoACiAELQALIQ9B/wEhECAPIBBxIRECQCARDQAgBC0ACyESQf8BIRMgEiATcSEUIAQtAAohFUH/ASEWIBUgFnEhFyAUIBdrIRggBCAYNgIcDAILIAQtAAshGUH/ASEaIBkgGnEhGyAELQAKIRxB/wEhHSAcIB1xIR4gGyEfIB4hICAfICBGISFBASEiICEgInEhIyAjDQALIAQtAAshJEH/ASElICQgJXEhJiAELQAKISdB/wEhKCAnIChxISkgJiApayEqIAQgKjYCHAsgBCgCHCErICsPC0wBC39BACEAQbCIgIAAIQFBgIiAgAAhAiACIAEQgYCAgAAhAyADIQQgACEFIAQgBUchBkF/IQcgBiAHcyEIQQEhCSAIIAlxIQogCg8LPwEFfyOAgICAACECQRAhAyACIANrIQQgBCAANgIMIAQgATYCCCAEKAIMIQUgBCgCCCEGIAYgBToAsIiAgAAPCwsyAQBBgAgLK3BpY29DVEZ7ODg1NzQ2MmY5ZTMwZmFhZTRkMDM3ZTVlMjVmZWUxY2V9AAA=.
Decoding this string from base64 shows the flag at the end. This string is compiled WebAssembly. I researched decompiling WebAssembly, which can be done with wasm-decompile in . I also reversed a lot of the JavaScript unnecessarily. This might come in handy for the next challenge in this series.
The compiled wasm file can be found at . This was created using write_wasm.py from ../Some Assembly Required 2.

Flag

picoCTF{8857462f9e30faae4d037e5e25fee1ce}

PreviousScavenger Hunt NextSome Assembly Required 2

Last updated 2 years ago

Was this helpful?