iCTF 2011 challenge 15 writeup (150 points)

20 Dec 2011

One of my iCTF challenges was a simple JavaScript obfuscation, a backup of the code is available here. What happens is obvious, window.alert is triggered with the message “why?”. “Why” is less obvious since the code was encoded with jjencode. There are no other visible hints.

To further look into window.alert, we can overwrite the function:

window.alert = function(e) { console.log(JSON.stringify(e)); };

After re-running the code we see that window.alert is not being called with a String as argument, but with an object which contains the attribute:

{"secret":"Angelina Jolie's only good movie, in leet speak, reverse is the key"}

The solution is obviously: Hackers.

FYI: Before the obfuscation the code looked like this:

var obj = { };
obj.secret = "Angelina Jolie's only good movie, in leet speak, reverse is the key";
obj.toString = function(e) { return "why?"; };
obj.toSource = function(e) { return "function toSource() {\n" +
"    [native code]\n" +
"}\n"
};
window.alert(obj);

Michael Weissbacher

iCTF 2011 challenge 15 writeup (150 points)

Related Posts

Stripping URL query parameters with an iOS shortcut to reduce tracking 25 Jun 2023

Go or No Go: Differential Fuzzing of Native and C Libraries 25 May 2023

Connecting Block Business Units with AWS API Gateway 19 May 2023