search

What The Hell

hashtag
Description

Level: 2 Score 30 Category coding

All hell is breaking loose. Once again a frontend developer went completely nuts and left us with a JavaScript project that nobody understands anymore...typical, these frontend developers...surely you can help us, right? Find the flag!

Link: http://pwnme.org:8666arrow-up-right

hashtag
Analysis

  1. When visiting website we have a simple input which requires a key.

  2. Viewing source code of website (Ctrl+U or Right Click) we find hell.jsarrow-up-right

  3. hell.js is obfuscated program. Cmd variable contains hex values which is XOR-ed with key 0x0A

    • Using CyberChef we can take this hex values, decode and XOR with key 0x0A

    • Due to this line if (window.hell_key == "666") if we enter the code 666 this process is done automatically by website.

  4. After entering 666 we get message_from_hell.txt

// used algo -  can you reverse it?
const a = "???"
let out = ""
for(let i = 0; i < a.length; i++) {
    let temp = a.charCodeAt(i) & 0xFF
    let l = temp & 0x0F
    let h = (temp >> 4) & 0xFF;

    if ((i+1) == a.length) {
        out += l +":"+ h
    } else {
        out += l +":"+ h+"-"
    }
}

  1. Going back to cmd variable, if we decode second hex value we get

== At the end indicates that this is a Base64arrow-up-right encoded text. 6. Decoding this value (using CyberChefarrow-up-right) returns weird text. Text seems to be constructed from message_from_hell.txt Algorithm.

hashtag
Solution

To solve the challenge we must reverse the encryption process of flag.

PreviousWeird CodeNextXOR Pain

Last updated