1、 题目的样子,要输入密码
2、 随便输了下,回车后
3、 直接F12看看源码先
function dechiffre(pass_enc) { var pass = "70,65,85,88,32,80,65,83,83,87,79,82,68,32,72,65,72,65"; var tab = pass_enc.split(','); var tab2 = pass.split(','); var i, j, k, l = 0, m, n, o, p = ""; i = 0; j = tab.length; k = j + (l) + (n = 0); n = tab2.length; for (i = (o = 0); i < (k = j = n); i++) { o = tab[i - l]; p += String.fromCharCode((o = tab2[i])); if (i == 5) break; } for (i = (o = 0); i < (k = j = n); i++) { o = tab[i - l]; if (i > 5 && i < k - 1) p += String.fromCharCode((o = tab2[i])); } p += String.fromCharCode(tab2[17]); pass = p; return pass; } String["fromCharCode"](("x35x35x2cx35x36x2cx35x34x2cx37x39x2cx31x31x35x2cx36x39x2cx31x31x34x2cx31x31x36x2cx31x30x37x2cx34x39x2cx35x30")); h = window.prompt('Enter password'); alert(dechiffre(h));
4、 JS代码审计啊,脑子要炸
5、 不过看到这里有个点,可以看看
String["fromCharCode"](dechiffre("x35x35x2cx35x36x2cx35x34x2cx37x39x2cx31x31x35x2cx36x39x2cx31x31x34x2cx31x31x36x2cx31x30x37x2cx34x39x2cx35x30"));
6、 放到16进制解码网站看看
7、 大致看了下js代码
放在js代码运行网站上,删除部分pass变量运行看看
感觉弹框的字符跟pass变量的数字有点对应,有点像ascii码
遂找到ASCII码对照表,果然
再联系到前面6的部分,搞不好也是ascii码,等于说String.fromCharCode函数功能就是把数字解析为ascii码?故有了下面的测试
至于具体的中间部分js代码逻辑,找到这篇博客写的不错,厉害了
8、 flag也就是Cyberpeace{786OsErtk12}
PS:题目描述也貌似提示了flag比较特殊,不是正常那种!!