Don't Look At Me!!!

# Don't Look At Me!!! Javascript Deobfuscation CTF Challenge (YBN CTF 2024) ### Challenge Details > Title: Don't Look At Me!!! \ > Description: This description has been censored to make this challenge more PG13. There is absolutely nothing suspicious about this website. Just your everyday normal website. Don't mind me. \ > Attachments: - \ > Instance: https://dont-look-at-me-dontlookatme-chall.ybn.sg/ Looking at the website under Chrome devtools, we see a file named `decrypt.js`: ![image](https://hackmd.io/_uploads/B1BeF5jQkx.png) I copy-pasted that into a Javascript Deobfuscator like https://deobfuscate.io/ and received: ```js function _0x3ca409(_0x50cea5, _0x1e126b) { let _0xdce022 = ''; for (let _0x2eb5b4 = 0; _0x2eb5b4 < _0x50cea5.length; _0x2eb5b4++) { let _0x128b0a = _0x50cea5.charCodeAt(_0x2eb5b4) ^ _0x1e126b.charCodeAt(_0x2eb5b4 % _0x1e126b.length); _0x128b0a = _0x128b0a ^ 7; _0xdce022 += String.fromCharCode(_0x128b0a); } return _0xdce022; } async function _0x1dc557() { const _0x5f3d96 = await fetch("encryptedFlag.txt"); return await _0x5f3d96.text(); } async function _0x2c43cf() { const _0x1d2082 = await _0x1dc557(); const _0x3b9633 = _0x3ca409(_0x1d2082, 'IAMINSOMUCHPAIN'); const _0x3196bc = document.getElementById("secret"); _0x3196bc.innerHTML = _0x3b9633; window._0x5cd0b7 = () => {}; } ``` Now, I could sort of guess what this did but you can go ahead and rename the variables for clarity. The code does the following: - The first function takes in two strings: - for each character in str1, it xors that character with the corresponding character from str2 - it then xors THAT with 7 - and appends it to the final output - The second function `GETS` https://dont-look-at-me-dontlookatme-chall.ybn.sg/encryptedFlag.txt - The third function calls the second function and then xors encryptedFlag.txt with the key "IAMINSOMUCHPAIN" I wrote this Python script to recover the flag: ```py def xor(data, key): return bytearray(a^b for a, b in zip(*map(bytearray, [data, key]))) with open("encryptedFlag.txt", "rb") as f: ciphertext = f.read() secret = ("IAMINSOMUCHPAIN" * 10).encode() decrypted = xor(ciphertext, secret) plaintext = "" for c in decrypted: plaintext += chr(c ^ 7) print(plaintext) ``` You can get encryptedFlag.txt from running ```sh wget https://dont-look-at-me-dontlookatme-chall.ybn.sg/encryptedFlag.txt ``` Anyways, running the script gives: :::spoiler Flag `YBN24{I_To1d_y0u_not_T0_Peek!}` ::: \ \ \ Main Writeups Page: https://hackmd.io/@ctf-lol/ybnctf2024