# NcN CTF 2k13: Algeria (Base - 900 pts)

# echo -n '425a6839314159265359d77d47c600ca357b84e810004070edfd1a082a7fffff2b0000800860083deaf9428555294ad51a5512b4c5365ef11200000000000003410a8cca604668004600000261800068000c9a00000d008554432680d00680034000009a95289ea651a6046d09b4098200c4c01494a6a6940007a806806400007b7b65fec32018b455437f94574ce0c6e89aa40860733f66a6430f6393e3b9dd7cfcbb7d5d7d1cba38eae3a82257a278eb6d36b6b28894a68696858a96a82a95b028c2e26db6844d60d3359ab6b69ad8d95c5ca5aa71a6138a63566da9031018a2d34d929b52b6663260db6aada6cb30cd0438b1049b5559f0299840c94ca9b2ca6ad121a2c26aacd0acc451b4954d343480cb6a9acc622b8ec413d4efdfbff7bbc52354d0a17286a4abf2db616465828b89b10187a3f6f2a9d9bd3a191caa1e2ef2e101cc8b534a8e25354754d491e1f8fa3b97878d4e5324e34bfcf36e240bb2ad09d66db136ccad904b652862d0952ccae96e1616b0b8a5ac8d36d444d81b3656c0352b232b22cd2ad5b6b012b2b22b6d4a62336ab29b0d52c62cc593068b65616b48b26db6d56a9b66d59b5b034b2526616c555caab394495db006d990aeccb0b4a25c615c7358e01cd85b2d956d4660a198a16c50da27246900e2ca90b8c9473556d0a2ada2bb95288c24985cf60d6b32d6a9a594dac406436b6ac11954a30b4c834cab699298db4a564c4dad6b588da9b26a018a6aa985b199a992d531294932d44910814b304c80d02936564866881acda0c6698a81294a02cc44030af363c9b3eb97ab8f8c1cfb83aeb75e7ebae9e7faf77ebeade3ce77edbc7cdeef967acf65d787c20f0536454b36c0d998ab35503686ccd84795550e50f22034b0b5511cd49aa33446c09a8d66a24ca321598596cb535880d890d95b4226cdac8a971252c9153c38054b06a6aab416b22a58a29ad121d2a34924728aae0918ba701570495855cd785550e2205c06a5266ab9491ca1c35550d5017800ec6da6c98aa5649a24334a3166a84b96d8a970256d22534c852cdadac284b5052b56a922d0c4a596a36998c46a98ad98d532d25acb2ad1416916a98165491a14856aa942205002a61668566162d69534ad0c2d16295aca455b0616126c36141929ab5325986832159223101859252c2329b42c9332a8d0834daab4b02c84ad858b16d3584ac8d6b55a180655a86d5546b150655894d2d06d294c90306696ca505050c2b2a349144a4c440aa56ac064d16cb62b2daa1a2d628c5915ad5604cacc952d9828955408519500071631e1f7c1f867f11d2f076331f1821e0db0604cc0a51e54cd10fe906c2531dc02045520201c25547cd09fa1369c5c29564c3d13b3241deef406acc8c633fe8d450b21c001007e2ee48a70a121aefa8f8c' | xxd -p -r | tar xvjf -
main.js
# grep 'var loginScript' main.js | sed 's/var /exports./' > variable.js
# nodejs
> ls = require('./variable.js');
> eval(ls.loginScript.slice(2,-2));
[ 'if (document.getElementById(\'user_pass\').value === "0f97972a0efd34ebb3111ac8ec6976740529df531e94df14d0ee8614a07d153b") { alert(\'win\'); } else { alert(\'try again\'); }' ]

# W0PR wargame

# curl --silent --output wargame.html http://w0pr.net
# sed -n 's/.*<script>\(.*\)<\/script>.*/\1/p' wargame.html > source.js
# cat dehieroglyphy
#!/bin/bash

ifile="$1"
ofile="$ifile.decoded"

cp $ifile $ofile

function escape(){
        echo $* | sed -e "s/\[/\\\[/g" -e "s/\]/\\\]/g" -e "s/ /\\\ /g"
}

number_0='+[]'
number_1='+!![]'
number_2='!+[]+!![]'
number_3='!+[]+!![]+!![]'
number_4='!+[]+!![]+!![]+!![]'
number_5='!+[]+!![]+!![]+!![]+!![]'
number_6='!+[]+!![]+!![]+!![]+!![]+!![]'
number_7='!+[]+!![]+!![]+!![]+!![]+!![]+!![]'
number_8='!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]'
number_9='!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]'

character_0="($number_0+[])"
character_1="($number_1+[])"
character_2="($number_2+[])"
character_3="($number_3+[])"
character_4="($number_4+[])"
character_5="($number_5+[])"
character_6="($number_6+[])"
character_7="($number_7+[])"
character_8="($number_8+[])"
character_9="($number_9+[])"

_object_Object='[]+{}'
_NaN='+{}+[]'
_true='!![]+[]'
_false='![]+[]'
_undefined='[][[]]+[]'

character_blank="($_object_Object)[$number_7]"
character_leftsquarebracket="($_object_Object)[$number_0]"
character_rightsquarebracket="($_object_Object)[$character_1+$character_4]"
character_a="($_NaN)[$number_1]"
character_b="($_object_Object)[$number_2]"
character_c="($_object_Object)[$number_5]"
character_d="($_undefined)[$number_2]"
character_e="($_undefined)[$number_3]"
character_f="($_undefined)[$number_4]"
character_i="($_undefined)[$number_5]"
character_j="($_object_Object)[$number_3]"
character_l="($_false)[$number_2]"
character_n="($_undefined)[$number_1]"
character_o="($_object_Object)[$number_1]"
character_r="($_true)[$number_1]"
character_s="($_false)[$number_3]"
character_t="($_true)[$number_0]"
character_u="($_undefined)[$number_0]"
character_N="($_NaN)[$number_0]"
character_O="($_object_Object)[$number_8]"

_Infinity="+($number_1+$character_e+$character_1+$character_0+$character_0+$character_0)+[]"

character_y="($_Infinity)[$number_7]"
character_I="($_Infinity)[$number_0]"

_1e100="+($number_1+$character_e+$character_1+$character_0+$character_0)+[]"
character_plus="($_1e100)[$number_2]"

sed -i "s/`escape $character_plus`/+/g" $ofile
sed -i "s/`escape $character_I`/I/g" $ofile
sed -i "s/`escape $character_y`/y/g" $ofile
sed -i "s/`escape $character_O`/O/g" $ofile
sed -i "s/`escape $character_N`/N/g" $ofile
sed -i "s/`escape $character_u`/u/g" $ofile
sed -i "s/`escape $character_t`/t/g" $ofile
sed -i "s/`escape $character_s`/s/g" $ofile
sed -i "s/`escape $character_r`/r/g" $ofile
sed -i "s/`escape $character_o`/o/g" $ofile
sed -i "s/`escape $character_n`/n/g" $ofile
sed -i "s/`escape $character_l`/l/g" $ofile
sed -i "s/`escape $character_j`/j/g" $ofile
sed -i "s/`escape $character_i`/i/g" $ofile
sed -i "s/`escape $character_f`/f/g" $ofile
sed -i "s/`escape $character_e`/e/g" $ofile
sed -i "s/`escape $character_d`/d/g" $ofile
sed -i "s/`escape $character_c`/c/g" $ofile
sed -i "s/`escape $character_b`/b/g" $ofile
sed -i "s/`escape $character_a`/a/g" $ofile
sed -i "s/`escape $character_rightsquarebracket`/]/g" $ofile
sed -i "s/`escape $character_leftsquarebracket`/[/g" $ofile
sed -i "s/`escape $character_blank`/ /g" $ofile
sed -i "s/`escape $character_9`/9/g" $ofile
sed -i "s/`escape $character_8`/8/g" $ofile
sed -i "s/`escape $character_7`/7/g" $ofile
sed -i "s/`escape $character_6`/6/g" $ofile
sed -i "s/`escape $character_5`/5/g" $ofile
sed -i "s/`escape $character_4`/4/g" $ofile
sed -i "s/`escape $character_3`/3/g" $ofile
sed -i "s/`escape $character_2`/2/g" $ofile
sed -i "s/`escape $character_1`/1/g" $ofile
sed -i "s/`escape $character_0`/0/g" $ofile
sed -i "s/`escape $number_9`/9/g" $ofile
sed -i "s/`escape $number_8`/8/g" $ofile
sed -i "s/`escape $number_7`/7/g" $ofile
sed -i "s/`escape $number_6`/6/g" $ofile
sed -i "s/`escape $number_5`/5/g" $ofile
sed -i "s/`escape $number_4`/4/g" $ofile
sed -i "s/`escape $number_3`/3/g" $ofile
sed -i "s/`escape $number_2`/2/g" $ofile
sed -i "s/`escape $number_1`/1/g" $ofile

functionConstructor="[][s+o+r+t][c+o+n+s+t+r+u+c+t+o+r]"
returnLocation="([]+$functionConstructor(r+e+t+u+r+n+ +l+o+c+a+t+i+o+n)())"
character_h="$returnLocation[0]"
character_p="$returnLocation[3]"
character_slash="$returnLocation[6]"

sed -i "s/`escape $character_h`/h/g" $ofile
sed -i "s/`escape $character_p`/p/g" $ofile
sed -i "s/`escape $character_slash`/\//g" $ofile

_unescape="$functionConstructor(r+e+t+u+r+n+ +u+n+e+s+c+a+p+e)()"
_escape="$functionConstructor(r+e+t+u+r+n+ +e+s+c+a+p+e)()"

character_percentage="$_escape([)[+[]]"
sed -i "s/`escape $character_percentage`/%/g" $ofile

for i in {2..7}; do
        for j in {0..9} {a..e}; do
                char=`printf "\x$i$j\n"`
                if [ "$char" == '\' ]; then char='\\'; fi
                match="$_unescape(%+$i+$j)"
                sed -i "s/`escape $match`/$char/g" $ofile
        done
done

sed -i "s/`escape $functionConstructor`/Function/" $ofile
sed -i "s/+//g" $ofile

cat $ofile
# ./dehieroglyphy source.js
Function(setInterval(function(){var a = document.getElementById('blinking');if (a.style.display == 'none') a.style.display = 'inline';else a.style.display = 'none';}, 500 );)()

References

https://github.com/alcuadrado/hieroglyphy/blob/master/hieroglyphy.js

# Codecademy: JavaScript

1. Introduction

"text";
"text".length;
3 + 4;
4 / 2;
14 % 3;
//comment
confirm("I feel awesome");
prompt("What is your name?");
["I'm coding like a champ!".length] > 10
console.log("Hello");
console.log(15 > 4);
console.log("Xiao Hui".length < 122);
console.log("Goody Donaldson".length != 8);
console.log(8*2 === 16);
console.log(true !== true);
if ( 1 > 2 ) {
 alert("I am right");
} else {
 console.log("I am wrong");
}
"wonderful day".substring(3,7);
var myName = "Leng";
var myAge = 30;
var isOdd = true;
myName.length;
var age = prompt("What's your age?");

2. Functions

var divideByThree = function (number) {
 var val = number / 3;
 console.log("Result = " + val);
};
divideByThree(6);

var timesTwo = function(number) {
 return number * 2;
};
var newNumber = timesTwo(2);
console.log(newNumber);

var perimeterBox  = function(length, width) {
 return length*2 + width*2;
};
perimeterBox(2,2);

var multiplied = 5; // Global
var timesTwo = function(number) {
 var multiplied = number * 2; // Local
};
timesTwo(4);
console.log(multiplied);

3. 'For' Loops

for (var counter = 1; counter < 11; counter++) {
 console.log(counter);
}

for (var i = 5; i <= 50; i+=5) {
 console.log(i);
}

for (var i = 10; i >= 0; i--) {
 console.log(i);
}

for (var i = 100; i >= 1; i-=5) {
 console.log(i);
}

var junk = ["Mao","Gandhi",1,2];
console.log(junk);
console.log(junk[0]);
console.log(junk.length);

4. 'While' Loops

var understand = true;
while( understand ){
 console.log("I'm learning while loops!");
 understand = false;
}

loopCondition = false;
do {
 console.log("I'm gonna stop looping 'cause my condition is " + String(loopCondition) + "!");
} while (loopCondition);

5. More on Control Flow

var lunch = prompt("What do you want for lunch?","Type your lunch choice here");
switch(lunch){
 case 'sandwich':
  console.log("Sure thing! One sandwich, coming up.");
  break;
 case 'soup':
  console.log("Got it! Tomato's my favorite.");
  break;
 case 'salad':
  console.log("Sounds good! How about a caesar salad?");
  break;
 case 'pie':
  console.log("Pie's not a meal!");
  break;
 default:
  console.log("Huh! I'm not sure what " + lunch + " is. How does a sandwich sound?");
}

true && true // => true
false || false // => false
!true // => false
!false // => true

6. Data Structures

var newArray = [[11,12,13], [21,22,23], [31,32,33]];
var jagged = [[11,12,13], [21], [31,32]];
var phonebookEntry = {};
phonebookEntry.name = 'Oxnard Montalvo';
phonebookEntry.number = '(555) 555-5555';
phonebookEntry.phone = function() {
 console.log('Calling ' + this.name + ' at ' + this.number + '...');
};
phonebookEntry.phone();

var myObj = new Object();
myObj["name"] = "Charlie";
myObj.name = "Charlie";

7. Objects I

var bob = {};
var bob = {
 name: "Bob Smith",
 age: 30
};
var name = bob.name;
var age = bob.age;

var dog = {
 species: "greyhound",
 weight: 60,
 age: 4
};
var species = dog["species"];
var weight = dog["weight"];
var age = dog["age"];

var bob = new Object();
bob.name = "Bob Smith";
bob.age = 30;
bob.setAge = function (newAge){
 this.age = newAge;
};
bob.setAge(40);

function Person(name,age) {
 this.name = name;
 this.age = age;
}
var bob = new Person("Bob Smith", 30);

var family = new Array();
family[0] = new Person("alice", 40);
family[1] = new Person("bob", 42);

var ageDifference = function(person1, person2) {
  return person1.age - person2.age;
}
var alice = new Person("Alice", 30);
var billy = new Person("Billy", 25);
var diff = ageDifference(alice,billy);

8. Objects II

var myObj = { job: "I'm an object!" };
console.log( typeof myObj ); // => object
console.log( myObj.hasOwnProperty('job') ); // => true

var nyc = {
 fullName: "New York City",
 mayor: "Michael Bloomberg",
 population: 8000000,
 boroughs: 5
};
for (var property in nyc){
 console.log(property);
}
for (var i in nyc){
 console.log(nyc[i]);
}

function Dog (breed) {
 this.breed = breed;
};
var buddy = new Dog("golden Retriever");
Dog.prototype.bark = function() {
 console.log("Woof");
};

function Animal(name, numLegs) {
 this.name = name;
 this.numLegs = numLegs;
}
Animal.prototype.sayName = function() {
 console.log("Hi my name is " + this.name);
};
function Penguin(name){
 this.name = name;
 this.numLegs = 2;
}
Penguin.prototype = new Animal();

function Person(first,last,age) {
 this.firstname = first;
 this.lastname = last;
 this.age = age;
 var bankBalance = 7500; // Private var
 this.getBalance = function() {
  return bankBalance;
 };
 var returnBalance = function() { // Private function
  return bankBalance;
 };     
 this.askTeller = function() {
   return returnBalance;
 }
}