JS Safe 3.0 - Google CTF

1
We've found this JS Safe on the internet, and want to know the password it was created with. Can you help?

Ek

Sayfayı incelemeye başlayalım

1
2
3
4
5
6
7
8
9
10
11
12
13
function open_safe() {
keyhole.disabled = true;
password = /^CTF{([0-9a-zA-Z_@!?-]+)}$/.exec(keyhole.value);
if (!password || !x(password[1])) return document.body.className = 'denied';
document.body.className = 'granted';
password = Array.from(password[1]).map(c => c.charCodeAt());
encrypted = JSON.parse(localStorage.content || '');
content.value = encrypted.map((c,i) => c ^ password[i % password.length]).map(String.fromCharCode).join('')
}
function save() {
plaintext = Array.from(content.value).map(c => c.charCodeAt());
localStorage.content = JSON.stringify(plaintext.map((c,i) => c ^ password[i % password.length]));
}

Bayrağımızın elemelerdeki JS Safe 2.0 ‘da olduğu gibi /^CTF{([0-9a-zA-Z_@!?-]+)}$/ formatında olduğunu görüyoruz. Bu regexe uygun karakter dizisini kaydetmekte fayda var.

1
acceptable_chars = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '_', '@', '!', '?', '-'];

Gelelim soruya

1
eval(String.fromCharCode(102, 117, 110, 99, 116, 105, 111, 110, 32, 120, 40, 121, 41, 123, 111, 114, 100, 61, 70, 117, 110, 99, 116, 105, 111, 110, 46, 112, 114, 111, 116, 111, 116, 121, 112, 101, 46, 99, 97, 108, 108, 46, 98, 105, 110, 100, 40, 39, 39, 46, 99, 104, 97, 114, 67, 111, 100, 101, 65, 116, 41, 59, 99, 104, 114, 61, 83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 59, 102, 117, 110, 99, 116, 105, 111, 110, 32, 100, 40, 97, 44, 98, 44, 99, 41, 123, 102, 117, 110, 99, 116, 105, 111, 110, 32, 98, 121, 116, 101, 108, 105, 115, 116, 40, 120, 41, 123, 105, 102, 40, 116, 121, 112, 101, 111, 102, 32, 120, 61, 61, 39, 102, 117, 110, 99, 116, 105, 111, 110, 39, 41, 123, 120, 61, 120, 46, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 59, 120, 61, 120, 46, 115, 108, 105, 99, 101, 40, 120, 46, 105, 110, 100, 101, 120, 79, 102, 40, 39, 47, 42, 39, 41, 43, 50, 44, 120, 46, 108, 97, 115, 116, 73, 110, 100, 101, 120, 79, 102, 40, 39, 42, 47, 39, 41, 41, 125, 105, 102, 40, 116, 121, 112, 101, 111, 102, 32, 120, 61, 61, 39, 115, 116, 114, 105, 110, 103, 39, 41, 114, 101, 116, 117, 114, 110, 32, 120, 46, 115, 112, 108, 105, 116, 40, 39, 39, 41, 46, 109, 97, 112, 40, 120, 61, 62, 111, 114, 100, 40, 120, 41, 41, 59, 105, 102, 40, 116, 121, 112, 101, 111, 102, 32, 120, 61, 61, 39, 111, 98, 106, 101, 99, 116, 39, 41, 114, 101, 116, 117, 114, 110, 32, 120, 125, 97, 61, 98, 121, 116, 101, 108, 105, 115, 116, 40, 97, 41, 59, 98, 61, 98, 121, 116, 101, 108, 105, 115, 116, 40, 98, 41, 59, 102, 111, 114, 40, 118, 97, 114, 32, 105, 61, 48, 59, 105, 33, 61, 97, 46, 108, 101, 110, 103, 116, 104, 59, 105, 43, 43, 41, 123, 100, 101, 98, 117, 103, 103, 101, 114, 59, 99, 61, 40, 99, 124, 124, 39, 39, 41, 43, 99, 104, 114, 40, 97, 91, 105, 93, 94, 98, 91, 105, 37, 98, 46, 108, 101, 110, 103, 116, 104, 93, 41, 125, 114, 101, 116, 117, 114, 110, 32, 101, 118, 97, 108, 40, 39, 101, 118, 97, 108, 40, 99, 41, 39, 41, 125, 118, 97, 114, 32, 100, 97, 116, 97, 61, 120, 61, 62, 47, 42, 28, 1, 78, 15, 18, 89, 21, 87, 95, 95, 88, 1, 4, 11, 105, 91, 2, 13, 84, 72, 77, 2, 79, 65, 19, 16, 83, 64, 30, 76, 19, 84, 7, 12, 83, 67, 21, 76, 11, 6, 65, 25, 1, 76, 31, 10, 73, 64, 28, 1, 20, 67, 31, 3, 18, 8, 87, 72, 88, 6, 75, 75, 16, 71, 25, 0, 95, 5, 95, 0, 18, 87, 77, 90, 21, 5, 123, 91, 101, 6, 126, 107, 84, 70, 126, 121, 83, 6, 84, 108, 97, 43, 91, 123, 77, 37, 99, 73, 71, 46, 111, 31, 28, 123, 61, 66, 20, 53, 53, 87, 24, 45, 97, 10, 82, 32, 108, 84, 85, 41, 120, 85, 27, 5, 101, 79, 95, 63, 103, 87, 65, 121, 96, 85, 122, 98, 97, 90, 108, 40, 127, 82, 68, 51, 47, 68, 30, 108, 41, 92, 23, 113, 58, 23, 31, 105, 56, 68, 64, 107, 100, 90, 25, 120, 17, 12, 12, 118, 61, 100, 80, 34, 250, 18, 11, 60, 114, 68, 27, 99, 111, 31, 80, 125, 115, 22, 93, 35, 127, 78, 100, 44, 121, 68, 69, 62, 122, 89, 73, 55, 68, 14, 88, 251, 46, 75, 77, 67, 99, 20, 7, 58, 3, 119, 90, 90, 63, 48, 79, 66, 112, 109, 120, 16, 109, 8, 103, 60, 101, 15, 20, 70, 105, 14, 55, 98, 88, 8, 109, 115, 122, 31, 205, 48, 106, 81, 95, 119, 109, 2, 88, 125, 116, 65, 71, 47, 111, 102, 24, 97, 54, 57, 5, 97, 119, 72, 25, 62, 97, 15, 64, 52, 42, 86, 71, 34, 102, 1, 7, 121, 55, 13, 22, 123, 42, 85, 11, 63, 103, 68, 83, 44, 32, 88, 6, 122, 124, 13, 74, 34, 61, 95, 31, 106, 109, 23, 76, 115, 36, 1, 89, 57, 48, 2, 70, 116, 48, 11, 12, 36, 103, 29, 20, 37, 40, 71, 14, 97, 36, 20, 75, 50, 97, 13, 94, 99, 103, 82, 25, 43, 33, 83, 86, 34, 59, 79, 66, 124, 42, 79, 94, 76, 108, 17, 71, 38, 98, 115, 89, 56, 32, 74, 117, 13, 126, 57, 86, 14, 126, 53, 83, 9, 125, 49, 63, 2, 93, 113, 112, 13, 10, 78, 21, 30, 92, 28, 7, 17, 95, 78, 72, 45, 18, 111, 72, 26, 51, 36, 72, 8, 52, 100, 98, 29, 6, 73, 109, 10, 42, 71, 85, 56, 32, 76, 89, 110, 123, 25, 11, 51, 115, 87, 3, 38, 127, 79, 87, 123, 53, 66, 90, 37, 50, 75, 78, 36, 124, 103, 83, 62, 56, 93, 81, 38, 38, 27, 86, 36, 29, 0, 87, 43, 11, 74, 73, 35, 35, 81, 25, 53, 121, 14, 31, 45, 112, 19, 12, 102, 120, 11, 14, 53, 39, 9, 82, 43, 126, 26, 39, 125, 107, 20, 11, 21, 55, 64, 204, 99, 108, 94, 68, 53, 124, 1, 89, 110, 55, 31, 69, 103, 58, 65, 73, 63, 3, 78, 79, 53, 34, 92, 76, 40, 46, 85, 114, 127, 63, 153, 24, 58, 42, 33, 85, 101, 96, 88, 53, 6, 61, 56, 9, 65, 40, 32, 70, 28, 31, 114, 91, 121, 0, 94, 83, 126, 115, 36, 95, 127, 80, 0, 110, 121, 10, 17, 76, 110, 170, 82, 92, 32, 56, 21, 91, 115, 63, 31, 66, 48, 32, 77, 89, 23, 127, 3, 0, 72, 98, 3, 65, 57, 126, 92, 87, 126, 39, 86, 28, 39, 32, 64, 80, 112, 96, 27, 1, 124, 113, 25, 28, 36, 108, 93, 81, 53, 52, 78, 22, 41, 97, 24, 74, 124, 45, 64, 11, 46, 120, 8, 91, 102, 43, 17, 18, 112, 62, 91, 6, 115, 33, 22, 6, 122, 107, 70, 81, 108, 115, 71, 30, 54, 105, 3, 18, 101, 44, 80, 87, 124, 57, 1, 81, 35, 126, 73, 23, 34, 49, 64, 13, 62, 37, 30, 28, 62, 57, 46, 90, 96, 32, 68, 84, 2, 62, 90, 22, 59, 18, 111, 72, 72, 49, 108, 72, 68, 52, 107, 75, 64, 88, 96, 107, 0, 23, 111, 98, 5, 95, 85, 19, 42, 47, 49, 59, 118, 97, 114, 32, 107, 49, 61, 121, 46, 99, 104, 97, 114, 67, 111, 100, 101, 65, 116, 40, 48, 41, 59, 118, 97, 114, 32, 107, 50, 61, 121, 46, 99, 104, 97, 114, 67, 111, 100, 101, 65, 116, 40, 49, 41, 59, 102, 111, 114, 40, 118, 97, 114, 32, 107, 51, 61, 48, 59, 107, 51, 60, 50, 53, 54, 59, 107, 51, 43, 43, 41, 123, 102, 111, 114, 40, 118, 97, 114, 32, 107, 52, 61, 48, 59, 107, 52, 60, 50, 53, 54, 59, 107, 52, 43, 43, 41, 123, 116, 114, 121, 123, 114, 101, 116, 117, 114, 110, 32, 100, 40, 100, 97, 116, 97, 44, 91, 107, 49, 44, 107, 50, 44, 107, 51, 44, 107, 52, 93, 41, 125, 99, 97, 116, 99, 104, 40, 101, 41, 123, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 40, 39, 69, 114, 114, 111, 114, 58, 39, 44, 101, 41, 125, 125, 125, 125));

Stringi olusturup beautify edersek;

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
function x(y) {
ord = Function.prototype.call.bind(''.charCodeAt);
chr = String.fromCharCode;

function d(a, b, c) {
function bytelist(x) {
if (typeof x == 'function') {
x = x.toString();
x = x.slice(x.indexOf('/*') + 2, x.lastIndexOf('*/'))
}
if (typeof x == 'string') return x.split('').map(x => ord(x));
if (typeof x == 'object') return x
}
a = bytelist(a);
b = bytelist(b);
for (var i = 0; i != a.length; i++) {
debugger;
c = (c || '') + chr(a[i] ^ b[i % b.length])
}
return eval('eval(c)')
}
var data = x =>
/*NYW__X i[
THMOAS@LT SCL AL
I@CWHXKKG__WMZ{[e~kTF~ySTla+[{M%cIG.o{=B55W-a
R lTU)xUeO_?gWAy`UzbaZl(RD3/Dl)\q:i8D@kdZx v=dP"ú <rDcoP}s]#Nd,yDE>zYI7DXû.KMCc:wZZ?0OBpmxmg<eFi7bXmszÍ0jQ_wmX}tAG/ofa69awH>a@4*VG"fy7
{*U ?gDS, Xz|
J"=_jmLs$Y90Ft0 $g%(Ga$K2a
^cgR+!SV";OB|*O^LlG&bsY8 Ju
~9V~5S }1?]qp
N\_NH-oH3$H4dbIm
*GU8 LYn{ 3sW&OW{5BZ%2KN$|gS>8]Q&&V$W+ JI##Q5y-p fx 5' R+~'}k 7@Ìcl^D5|Yn7Eg:AI?NO5"\L(.Ur?™:*!Ue`X5=8 A( Fr[y^S~s$_Pny
LnªR\ 8[s?B0 MYHbA9~\W~'V' @Pp`|q$l]Q54N)aJ|-@ .x[f+p>[s!zkFQlsG6ie,PW|9Q#~I"1@
>%>9.Z` DT>Z;oHH1lHD4kK@X`kob_U*/
1;
var k1 = y.charCodeAt(0);
var k2 = y.charCodeAt(1);
for (var k3 = 0; k3 < 256; k3++) {
for (var k4 = 0; k4 < 256; k4++) {
try {
return d(data, [k1, k2, k3, k4])
} catch (e) {
console.log('Error:', e)
}
}
}
}

İncelemeye başlayalım

1
2
3
4
5
6
7
8
9
10
var k1 = y.charCodeAt(0);
var k2 = y.charCodeAt(1);
for (var k3 = 0; k3 < 256; k3++) {
for (var k4 = 0; k4 < 256; k4++) {
try {
return d(data, [k1, k2, k3, k4])
} catch (e) {
console.log('Error:', e)
}
}

Flagin ilk iki karakterini alıp, geri kalan iki karakteri bruteforce atıp d fonksiyonuna yolluyor. d fonksiyonunda ise;

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
function d(a, b, c) {
function bytelist(x) {
if (typeof x == 'function') {
x = x.toString();
x = x.slice(x.indexOf('/*') + 2, x.lastIndexOf('*/'))
}
if (typeof x == 'string') return x.split('').map(x => ord(x));
if (typeof x == 'object') return x
}
a = bytelist(a);
b = bytelist(b);
for (var i = 0; i != a.length; i++) {
debugger;
c = (c || '') + chr(a[i] ^ b[i % b.length])
}
return eval('eval(c)')
}

Eğer gelen veri fonksiyon ise String e donusturup /* */ yorum tokenlerinin arasindaki veriyi ikinci parametre olarak aldığı b dizisi ile XOR‘luyor.

d fonksiyonuna yollanan ilk parametreyi görmek için Developer Console‘u açıp anti-debug için konulmuş debuggerde duruyor. Böyle şifrelenmiş veriyi elde ediyoruz.
devtools

1
encrypted_data = [28, 1, 78, 15, 18, 89, 21, 87, 95, 95, 88, 1, 4, 11, 105, 91, 2, 13, 84, 72, 77, 2, 79, 65, 19, 16, 83, 64, 30, 76, 19, 84, 7, 12, 83, 67, 21, 76, 11, 6, 65, 25, 1, 76, 31, 10, 73, 64, 28, 1, 20, 67, 31, 3, 18, 8, 87, 72, 88, 6, 75, 75, 16, 71, 25, 0, 95, 5, 95, 0, 18, 87, 77, 90, 21, 5, 123, 91, 101, 6, 126, 107, 84, 70, 126, 121, 83, 6, 84, 108, 97, 43, 91, 123, 77, 37, 99, 73, 71, 46, 111, 31, 28, 123, 61, 66, 20, 53, 53, 87, 24, 45, 97, 10, 82, 32, 108, 84, 85, 41, 120, 85, 27, 5, 101, 79, 95, 63, 103, 87, 65, 121, 96, 85, 122, 98, 97, 90, 108, 40, 127, 82, 68, 51, 47, 68, 30, 108, 41, 92, 23, 113, 58, 23, 31, 105, 56, 68, 64, 107, 100, 90, 25, 120, 17, 12, 12, 118, 61, 100, 80, 34, 250, 18, 11, 60, 114, 68, 27, 99, 111, 31, 80, 125, 115, 22, 93, 35, 127, 78, 100, 44, 121, 68, 69, 62, 122, 89, 73, 55, 68, 14, 88, 251, 46, 75, 77, 67, 99, 20, 7, 58, 3, 119, 90, 90, 63, 48, 79, 66, 112, 109, 120, 16, 109, 8, 103, 60, 101, 15, 20, 70, 105, 14, 55, 98, 88, 8, 109, 115, 122, 31, 205, 48, 106, 81, 95, 119, 109, 2, 88, 125, 116, 65, 71, 47, 111, 102, 24, 97, 54, 57, 5, 97, 119, 72, 25, 62, 97, 15, 64, 52, 42, 86, 71, 34, 102, 1, 7, 121, 55, 13, 22, 123, 42, 85, 11, 63, 103, 68, 83, 44, 32, 88, 6, 122, 124, 13, 74, 34, 61, 95, 31, 106, 109, 23, 76, 115, 36, 1, 89, 57, 48, 2, 70, 116, 48, 11, 12, 36, 103, 29, 20, 37, 40, 71, 14, 97, 36, 20, 75, 50, 97, 13, 94, 99, 103, 82, 25, 43, 33, 83, 86, 34, 59, 79, 66, 124, 42, 79, 94, 76, 108, 17, 71, 38, 98, 115, 89, 56, 32, 74, 117, 13, 126, 57, 86, 14, 126, 53, 83, 9, 125, 49, 63, 2, 93, 113, 112, 13, 10, 78, 21, 30, 92, 28, 7, 17, 95, 78, 72, 45, 18, 111, 72, 26, 51, 36, 72, 8, 52, 100, 98, 29, 6, 73, 109, 10, 42, 71, 85, 56, 32, 76, 89, 110, 123, 25, 11, 51, 115, 87, 3, 38, 127, 79, 87, 123, 53, 66, 90, 37, 50, 75, 78, 36, 124, 103, 83, 62, 56, 93, 81, 38, 38, 27, 86, 36, 29, 0, 87, 43, 11, 74, 73, 35, 35, 81, 25, 53, 121, 14, 31, 45, 112, 19, 12, 102, 120, 11, 14, 53, 39, 9, 82, 43, 126, 26, 39, 125, 107, 20, 11, 21, 55, 64, 204, 99, 108, 94, 68, 53, 124, 1, 89, 110, 55, 31, 69, 103, 58, 65, 73, 63, 3, 78, 79, 53, 34, 92, 76, 40, 46, 85, 114, 127, 63, 153, 24, 58, 42, 33, 85, 101, 96, 88, 53, 6, 61, 56, 9, 65, 40, 32, 70, 28, 31, 114, 91, 121, 0, 94, 83, 126, 115, 36, 95, 127, 80, 0, 110, 121, 10, 17, 76, 110, 170, 82, 92, 32, 56, 21, 91, 115, 63, 31, 66, 48, 32, 77, 89, 23, 127, 3, 0, 72, 98, 3, 65, 57, 126, 92, 87, 126, 39, 86, 28, 39, 32, 64, 80, 112, 96, 27, 1, 124, 113, 25, 28, 36, 108, 93, 81, 53, 52, 78, 22, 41, 97, 24, 74, 124, 45, 64, 11, 46, 120, 8, 91, 102, 43, 17, 18, 112, 62, 91, 6, 115, 33, 22, 6, 122, 107, 70, 81, 108, 115, 71, 30, 54, 105, 3, 18, 101, 44, 80, 87, 124, 57, 1, 81, 35, 126, 73, 23, 34, 49, 64, 13, 62, 37, 30, 28, 62, 57, 46, 90, 96, 32, 68, 84, 2, 62, 90, 22, 59, 18, 111, 72, 72, 49, 108, 72, 68, 52, 107, 75, 64, 88, 96, 107, 0, 23, 111, 98, 5, 95, 85, 19]

Eğer bruteforce atmaya kalkarsak O((67*67)*(255*255)*(699)) + eval kullandığımızdan dolayı AST oluşumunuda hesaba katarsak tahminen 12 saat sürecekti -ki, yanlışta olsa bir optimizasyon yoluna gittim.

ES3 ve sornasında unicode değişken desteği olsada destek yokmuşçasına hayal edersek,

  • Değişken ismi unicode karakterler ile başalayamaz

  • Unicode karakterlerden önce [ ` ‘ “ / /* ] ifadeleri olmak zorundadır

  • Bir sayı ile başlayan ifade harf içeremez (x dışında)

ilk iki kosul ve üçüncü koşul için ayrı fonksiyonlar yaratmak performans açısından kolaylık sağlayacaktır

Koşul 1 ve 2 için;
automata1

Koşul 3 için;
automata2

Yarı optimizasyon ve syntax denetleyicisi ile basit bir script yazıyoruz.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
   /*jshint esversion: 6 */
var esprima = require('esprima')

encrypted_data = [28, 1, 78, 15, 18, 89, 21, 87, 95, 95, 88, 1, 4, 11, 105, 91, 2, 13, 84, 72, 77, 2, 79, 65, 19, 16, 83, 64, 30, 76, 19, 84, 7, 12, 83, 67, 21, 76, 11, 6, 65, 25, 1, 76, 31, 10, 73, 64, 28, 1, 20, 67, 31, 3, 18, 8, 87, 72, 88, 6, 75, 75, 16, 71, 25, 0, 95, 5, 95, 0, 18, 87, 77, 90, 21, 5, 123, 91, 101, 6, 126, 107, 84, 70, 126, 121, 83, 6, 84, 108, 97, 43, 91, 123, 77, 37, 99, 73, 71, 46, 111, 31, 28, 123, 61, 66, 20, 53, 53, 87, 24, 45, 97, 10, 82, 32, 108, 84, 85, 41, 120, 85, 27, 5, 101, 79, 95, 63, 103, 87, 65, 121, 96, 85, 122, 98, 97, 90, 108, 40, 127, 82, 68, 51, 47, 68, 30, 108, 41, 92, 23, 113, 58, 23, 31, 105, 56, 68, 64, 107, 100, 90, 25, 120, 17, 12, 12, 118, 61, 100, 80, 34, 250, 18, 11, 60, 114, 68, 27, 99, 111, 31, 80, 125, 115, 22, 93, 35, 127, 78, 100, 44, 121, 68, 69, 62, 122, 89, 73, 55, 68, 14, 88, 251, 46, 75, 77, 67, 99, 20, 7, 58, 3, 119, 90, 90, 63, 48, 79, 66, 112, 109, 120, 16, 109, 8, 103, 60, 101, 15, 20, 70, 105, 14, 55, 98, 88, 8, 109, 115, 122, 31, 205, 48, 106, 81, 95, 119, 109, 2, 88, 125, 116, 65, 71, 47, 111, 102, 24, 97, 54, 57, 5, 97, 119, 72, 25, 62, 97, 15, 64, 52, 42, 86, 71, 34, 102, 1, 7, 121, 55, 13, 22, 123, 42, 85, 11, 63, 103, 68, 83, 44, 32, 88, 6, 122, 124, 13, 74, 34, 61, 95, 31, 106, 109, 23, 76, 115, 36, 1, 89, 57, 48, 2, 70, 116, 48, 11, 12, 36, 103, 29, 20, 37, 40, 71, 14, 97, 36, 20, 75, 50, 97, 13, 94, 99, 103, 82, 25, 43, 33, 83, 86, 34, 59, 79, 66, 124, 42, 79, 94, 76, 108, 17, 71, 38, 98, 115, 89, 56, 32, 74, 117, 13, 126, 57, 86, 14, 126, 53, 83, 9, 125, 49, 63, 2, 93, 113, 112, 13, 10, 78, 21, 30, 92, 28, 7, 17, 95, 78, 72, 45, 18, 111, 72, 26, 51, 36, 72, 8, 52, 100, 98, 29, 6, 73, 109, 10, 42, 71, 85, 56, 32, 76, 89, 110, 123, 25, 11, 51, 115, 87, 3, 38, 127, 79, 87, 123, 53, 66, 90, 37, 50, 75, 78, 36, 124, 103, 83, 62, 56, 93, 81, 38, 38, 27, 86, 36, 29, 0, 87, 43, 11, 74, 73, 35, 35, 81, 25, 53, 121, 14, 31, 45, 112, 19, 12, 102, 120, 11, 14, 53, 39, 9, 82, 43, 126, 26, 39, 125, 107, 20, 11, 21, 55, 64, 204, 99, 108, 94, 68, 53, 124, 1, 89, 110, 55, 31, 69, 103, 58, 65, 73, 63, 3, 78, 79, 53, 34, 92, 76, 40, 46, 85, 114, 127, 63, 153, 24, 58, 42, 33, 85, 101, 96, 88, 53, 6, 61, 56, 9, 65, 40, 32, 70, 28, 31, 114, 91, 121, 0, 94, 83, 126, 115, 36, 95, 127, 80, 0, 110, 121, 10, 17, 76, 110, 170, 82, 92, 32, 56, 21, 91, 115, 63, 31, 66, 48, 32, 77, 89, 23, 127, 3, 0, 72, 98, 3, 65, 57, 126, 92, 87, 126, 39, 86, 28, 39, 32, 64, 80, 112, 96, 27, 1, 124, 113, 25, 28, 36, 108, 93, 81, 53, 52, 78, 22, 41, 97, 24, 74, 124, 45, 64, 11, 46, 120, 8, 91, 102, 43, 17, 18, 112, 62, 91, 6, 115, 33, 22, 6, 122, 107, 70, 81, 108, 115, 71, 30, 54, 105, 3, 18, 101, 44, 80, 87, 124, 57, 1, 81, 35, 126, 73, 23, 34, 49, 64, 13, 62, 37, 30, 28, 62, 57, 46, 90, 96, 32, 68, 84, 2, 62, 90, 22, 59, 18, 111, 72, 72, 49, 108, 72, 68, 52, 107, 75, 64, 88, 96, 107, 0, 23, 111, 98, 5, 95, 85, 19]
acceptable_chars = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '_', '@', '!', '?', '-']

const js_chars = [97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79,
80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 95, 64, 33, 63, 45, 36, 71, 40, 41, 10, 9, 13, 9, 10, 11, 12, 0, 32
];
ord = Function.prototype.call.bind(''.charCodeAt);
chr = String.fromCharCode;

function decrypt(a, b, c) {
for (var i = 0; i != a.length; i++) {
c = (c || '') + chr(a[i] ^ b[i % b.length]);
}
return c;
}

function isValidJs(testString) {
var isValid = true;
try {
esprima.parse(testString);
} catch (e) {
isValid = false;
}
return isValid;
}

function preValid(code) {
let _1 = ord(code[0]);
if (js_chars.indexOf(_1) >= 0) {
let _2 = ord(code[1]);
if (_1 != 34 || _1 != 39 || _1 != 96 || _1 != 47) { // " ' ` /
if (js_chars.indexOf(_2) < 0)
return false;
} else if (_1 == 47) { // /
if (_2 != 42) // *
return false;
} else if (47 < _1 && 58 > _1) { // isit digit
if (47 > _2 || 58 < _2) {
if (_2 != 120) // not x
return false;
}
}
return true;
}
return false;
}

function check_code(code) {
var stack = Array();

var CF = 0,
QF = 0,
Q1F = 0,
Q2F = 0;
var UF = 0;
var CC = 0;

function update_flags() {
UF = CF | QF | Q1F | Q2F;
}

function get_op() {
return [...stack].pop();
}

function del_op() {
stack.pop();
}

for (let index = 0; index < code.length; index++) {
const _1 = ord(code[index]);
if (_1 == 34) { // "
if (get_op() != 34) { // "
stack.push(_1);
QF = 1;
} else {
del_op();
QF = 0;
}
} else if (_1 == 39) { // '
if (get_op() != 39) { // '
stack.push(_1);
Q1F = 1;

} else {
del_op();
Q1F = 0;

}
} else if (_1 == 96) { // `
if (get_op() != 96) { // `
stack.push(_1);
Q2F = 1;
} else {
del_op();
Q2F = 0;
}
} else if (_1 == 47) { // /
if (get_op() == 47) { // /
stack.push(_1);
CF = 1;
} else if (get_op() == 42 && CC == 1) { // *
del_op();
del_op();
del_op();
CC = 0;
CF = 0;
} else if (CF != 1)
stack.push(_1);
} else if (_1 == 42) { // *
if (get_op() == 47) { // /
stack.push(_1);
CF = 1;
} else if (get_op() == 42 && CC == 0) { // *
stack.push(_1);
CC = 1;
} else {
del_op();
CF = 0;
}
} else {
if (get_op() == 47) { // /
del_op();
}
if (js_chars.indexOf(_1) < 0) {
if (UF == 0) {
return false;
}
}
}
update_flags();
}
return true;
}
for (let key0_counter = 11; key0_counter < 67; key0_counter++) {
key0 = ord(acceptable_chars[key0_counter]);

for (let key1_counter = 21; key1_counter < 67; key1_counter++) {
key1 = ord(acceptable_chars[key1_counter]);

var code = decrypt(encrypted_data.slice(0, 20), [key0, key1, 0, 0]);
process.stdout.write(`${key0_counter}, ${key1_counter}\r`);

if (preValid(code))
for (let key2 = 0; key2 < 255; key2++) {
for (let key3 = 0; key3 < 255; key3++) {
code = decrypt(encrypted_data, [key0, key1, key2, key3]);
if (check_code(code))
if (isValidJs(code)) {
console.log('-------');
console.log([key0, key1, key2, key3]);
console.log('-------');
}
}
}
}
}

8 dk sonra çıktımız şöyle oluyor.

1
2
3
4
5
6
-------
[ 75, 57, 32, 68 ]
-------
-------
[ 56, 64, 66, 32 ]
-------

Iki sonuç çıkmasından dolayı elle deneyebiliyoruz, [ 75, 57, 32, 68 ]‘ın false pozitive olduğu kanısına varıyoruz. d fonksiyonuna [ 56, 64, 66, 32 ] dizisini verdiğimiz zaman ise çıktımız

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
$A/*Wwg!<K+{:MhuB
a+P`& Qt?Lc- I&yYCl'J `$AVc'CP(o&s Rg!@%g@PwuW%C'&F+fF9&l,# c;[ W_^[V
Z
YJT @Y%]_YX8BY.G\LUQW]IK\[X)LNV$ÂRIJYCW_]KVG& AB |NÛ c[TE;7zp
bH-:0UH%]OVfQNuB`H/SB_RWUB]LW&ZAyGAO[YO^AEYMT[I_ DZDM]JUWSABTKN_]VLAT YMC_[ \lTQZ3
7-Fy.Fu)Eq}"e12-2W>d\E1g

*/
: d
( $ => /* NCYIKAG[

D'[%@ 3
[AN]
HSNF@KLI FZe]STI5ŽCTDAN_G ;
0_ÙZaEXw&xKa`<'2Y8^Kd_h@,Y2QN’US_
7GCBhZCF^^PX[C\IY^T T YX\I@HFQPPDSVDZSLK\QCPE\AF U O^^n@"T*/
h ,
d + `` ) // %gQ

yani verimiz şuan şu şekilde bir char-array

1
stage1 = [36,65,12,47,42,25,87,119,103,31,26,33,60,75,43,123,58,77,22,104,117,66,13,97,43,80,17,96,38,12,81,116,63,76,17,99,45,12,73,38,121,89,67,108,39,74,11,96,36,65,86,99,39,67,80,40,111,8,26,38,115,11,82,103,33,64,29,37,103,64,80,119,117,26,87,37,67,27,39,38,70,43,22,102,70,57,17,38,108,44,35,11,99,59,15,5,91,9,5,14,87,95,94,91,5,2,86,21,13,23,90,13,89,74,16,0,84,20,23,9,64,21,89,37,93,15,29,31,95,23,3,89,88,21,56,66,89,26,46,8,71,18,6,19,23,4,92,76,17,28,85,81,2,87,93,73,0,4,2,75,92,26,91,88,41,76,78,86,5,36,18,2,194,82,73,28,74,4,89,67,87,95,18,93,75,86,31,3,71,14,38,12,65,4,7,30,66,25,11,23,124,78,26,219,22,11,15,99,91,84,69,26,59,55,24,122,7,112,13,98,72,45,58,48,85,72,37,28,93,79,86,102,81,78,117,66,96,72,47,83,66,95,143,16,82,17,29,87,85,66,26,93,76,1,5,15,87,38,90,65,14,121,71,65,79,8,91,30,89,79,2,20,18,22,5,2,94,65,69,89,15,77,84,91,18,21,73,31,95,4,17,12,24,24,68,90,68,77,8,2,5,31,93,74,85,87,14,83,28,65,27,25,8,66,4,84,8,75,78,4,95,93,86,5,16,7,76,65,28,84,9,18,89,77,28,67,95,18,91,11,25,19,20,2,3,15,0,92,18,15,28,108,84,81,5,6,90,51,27,24,24,10,55,45,70,121,20,46,70,117,17,41,69,113,125,34,101,49,50,45,50,14,87,62,100,92,69,49,103,14,10,13,42,47,10,58,11,100,10,40,12,36,32,61,62,9,47,42,18,7,23,24,24,12,27,78,67,89,73,19,75,23,65,6,71,15,21,91,13,2,24,5,10,11,12,4,68,39,17,30,0,29,19,6,30,91,20,4,37,64,21,11,51,10,11,3,27,17,91,21,65,78,93,13,72,83,78,70,64,75,76,21,31,73,16,11,70,90,101,93,83,84,73,53,15,0,142,67,84,30,6,21,68,65,27,78,15,95,7,71,2,1,11,31,59,14,13,21,26,28,14,8,22,21,48,95,7,217,90,26,18,97,23,69,88,24,119,38,5,120,75,97,16,96,4,60,39,50,25,89,56,30,17,94,75,100,29,95,104,64,44,89,50,81,14,78,146,18,30,0,0,85,25,83,7,95,0,16,24,13,27,55,71,67,66,104,90,67,3,25,70,28,21,94,31,22,94,7,24,0,18,80,88,91,67,92,73,89,94,4,84,29,19,21,12,14,84,9,89,88,8,92,21,0,73,14,64,72,25,70,19,81,80,80,6,27,68,83,25,86,68,90,83,6,19,76,75,7,92,22,81,67,80,69,20,16,21,92,1,65,19,3,70,9,85,2,9,0,79,30,29,94,94,30,1,110,24,64,24,4,22,34,6,26,84,27,42,47,10,104,9,44,10,100,12,43,9,96,96,32,41,32,47,47,32,37,103,21,81]

Decode ederken sıkıntı çıkmasın diye baştaki eval içerisindeki char-array‘i güncelleyelim

1
2
>>> stringutils.string_to_asciiarray("d(data,[56,64,66,32])}")
[116, 114, 121, 123, 114, 101, 116, 117, 114, 110, 32, 100, 40, 100, 97, 116, 97, 44, 91, 53, 54, 44, 54, 52, 44, 54, 54, 44, 51, 50, 93, 41, 125]

Aşağıdaki şekilde güncelleyip Chrome Developer Tools‘tan verimize bakıyoruz

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
eval(String.fromCharCode(102, 117, 110, 99, 116, 105, 111, 110, 32, 120, 40, 121, 41, 123, 111, 114, 100, 61, 70, 117, 110, 99, 116, 105, 111, 110, 46, 112, 114, 111, 116, 111, 116, 121, 112, 101, 46, 99, 97, 108, 108, 46, 98, 105, 110, 100, 40, 39, 39, 46, 99, 104, 97, 114, 67, 111, 100, 101, 65, 116, 41, 59, 99, 104, 114, 61, 83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 59, 102, 117, 110, 99, 116, 105, 111, 110, 32, 100, 40, 97, 44, 98, 44, 99, 41, 123, 102, 117, 110, 99, 116, 105, 111, 110, 32, 98, 121, 116, 101, 108, 105, 115, 116, 40, 120, 41, 123, 105, 102, 40, 116, 121, 112, 101, 111, 102, 32, 120, 61, 61, 39, 102, 117, 110, 99, 116, 105, 111, 110, 39, 41, 123, 120, 61, 120, 46, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 59, 120, 61, 120, 46, 115, 108, 105, 99, 101, 40, 120, 46, 105, 110, 100, 101, 120, 79, 102, 40, 39, 47, 42, 39, 41, 43, 50, 44, 120, 46, 108, 97, 115, 116, 73, 110, 100, 101, 120, 79, 102, 40, 39, 42, 47, 39, 41, 41, 125, 105, 102, 40, 116, 121, 112, 101, 111, 102, 32, 120, 61, 61, 39, 115, 116, 114, 105, 110, 103, 39, 41, 114, 101, 116, 117, 114, 110, 32, 120, 46, 115, 112, 108, 105, 116, 40, 39, 39, 41, 46, 109, 97, 112, 40, 120, 61, 62, 111, 114, 100, 40, 120, 41, 41, 59, 105, 102, 40, 116, 121, 112, 101, 111, 102, 32, 120, 61, 61, 39, 111, 98, 106, 101, 99, 116, 39, 41, 114, 101, 116, 117, 114, 110, 32, 120, 125, 97, 61, 98, 121, 116, 101, 108, 105, 115, 116, 40, 97, 41, 59, 98, 61, 98, 121, 116, 101, 108, 105, 115, 116, 40, 98, 41, 59, 102, 111, 114, 40, 118, 97, 114, 32, 105, 61, 48, 59, 105, 33, 61, 97, 46, 108, 101, 110, 103, 116, 104, 59, 105, 43, 43, 41, 123, 100, 101, 98, 117, 103, 103, 101, 114, 59, 99, 61, 40, 99, 124, 124, 39, 39, 41, 43, 99, 104, 114, 40, 97, 91, 105, 93, 94, 98, 91, 105, 37, 98, 46, 108, 101, 110, 103, 116, 104, 93, 41, 125, 114, 101, 116, 117, 114, 110, 32, 101, 118, 97, 108, 40, 39, 101, 118, 97, 108, 40, 99, 41, 39, 41, 125, 118, 97, 114, 32, 100, 97, 116, 97, 61, 120, 61, 62, 47, 42, 28, 1, 78, 15, 18, 89, 21, 87, 95, 95, 88, 1, 4, 11, 105, 91, 2, 13, 84, 72, 77, 2, 79, 65, 19, 16, 83, 64, 30, 76, 19, 84, 7, 12, 83, 67, 21, 76, 11, 6, 65, 25, 1, 76, 31, 10, 73, 64, 28, 1, 20, 67, 31, 3, 18, 8, 87, 72, 88, 6, 75, 75, 16, 71, 25, 0, 95, 5, 95, 0, 18, 87, 77, 90, 21, 5, 123, 91, 101, 6, 126, 107, 84, 70, 126, 121, 83, 6, 84, 108, 97, 43, 91, 123, 77, 37, 99, 73, 71, 46, 111, 31, 28, 123, 61, 66, 20, 53, 53, 87, 24, 45, 97, 10, 82, 32, 108, 84, 85, 41, 120, 85, 27, 5, 101, 79, 95, 63, 103, 87, 65, 121, 96, 85, 122, 98, 97, 90, 108, 40, 127, 82, 68, 51, 47, 68, 30, 108, 41, 92, 23, 113, 58, 23, 31, 105, 56, 68, 64, 107, 100, 90, 25, 120, 17, 12, 12, 118, 61, 100, 80, 34, 250, 18, 11, 60, 114, 68, 27, 99, 111, 31, 80, 125, 115, 22, 93, 35, 127, 78, 100, 44, 121, 68, 69, 62, 122, 89, 73, 55, 68, 14, 88, 251, 46, 75, 77, 67, 99, 20, 7, 58, 3, 119, 90, 90, 63, 48, 79, 66, 112, 109, 120, 16, 109, 8, 103, 60, 101, 15, 20, 70, 105, 14, 55, 98, 88, 8, 109, 115, 122, 31, 205, 48, 106, 81, 95, 119, 109, 2, 88, 125, 116, 65, 71, 47, 111, 102, 24, 97, 54, 57, 5, 97, 119, 72, 25, 62, 97, 15, 64, 52, 42, 86, 71, 34, 102, 1, 7, 121, 55, 13, 22, 123, 42, 85, 11, 63, 103, 68, 83, 44, 32, 88, 6, 122, 124, 13, 74, 34, 61, 95, 31, 106, 109, 23, 76, 115, 36, 1, 89, 57, 48, 2, 70, 116, 48, 11, 12, 36, 103, 29, 20, 37, 40, 71, 14, 97, 36, 20, 75, 50, 97, 13, 94, 99, 103, 82, 25, 43, 33, 83, 86, 34, 59, 79, 66, 124, 42, 79, 94, 76, 108, 17, 71, 38, 98, 115, 89, 56, 32, 74, 117, 13, 126, 57, 86, 14, 126, 53, 83, 9, 125, 49, 63, 2, 93, 113, 112, 13, 10, 78, 21, 30, 92, 28, 7, 17, 95, 78, 72, 45, 18, 111, 72, 26, 51, 36, 72, 8, 52, 100, 98, 29, 6, 73, 109, 10, 42, 71, 85, 56, 32, 76, 89, 110, 123, 25, 11, 51, 115, 87, 3, 38, 127, 79, 87, 123, 53, 66, 90, 37, 50, 75, 78, 36, 124, 103, 83, 62, 56, 93, 81, 38, 38, 27, 86, 36, 29, 0, 87, 43, 11, 74, 73, 35, 35, 81, 25, 53, 121, 14, 31, 45, 112, 19, 12, 102, 120, 11, 14, 53, 39, 9, 82, 43, 126, 26, 39, 125, 107, 20, 11, 21, 55, 64, 204, 99, 108, 94, 68, 53, 124, 1, 89, 110, 55, 31, 69, 103, 58, 65, 73, 63, 3, 78, 79, 53, 34, 92, 76, 40, 46, 85, 114, 127, 63, 153, 24, 58, 42, 33, 85, 101, 96, 88, 53, 6, 61, 56, 9, 65, 40, 32, 70, 28, 31, 114, 91, 121, 0, 94, 83, 126, 115, 36, 95, 127, 80, 0, 110, 121, 10, 17, 76, 110, 170, 82, 92, 32, 56, 21, 91, 115, 63, 31, 66, 48, 32, 77, 89, 23, 127, 3, 0, 72, 98, 3, 65, 57, 126, 92, 87, 126, 39, 86, 28, 39, 32, 64, 80, 112, 96, 27, 1, 124, 113, 25, 28, 36, 108, 93, 81, 53, 52, 78, 22, 41, 97, 24, 74, 124, 45, 64, 11, 46, 120, 8, 91, 102, 43, 17, 18, 112, 62, 91, 6, 115, 33, 22, 6, 122, 107, 70, 81, 108, 115, 71, 30, 54, 105, 3, 18, 101, 44, 80, 87, 124, 57, 1, 81, 35, 126, 73, 23, 34, 49, 64, 13, 62, 37, 30, 28, 62, 57, 46, 90, 96, 32, 68, 84, 2, 62, 90, 22, 59, 18, 111, 72, 72, 49, 108, 72, 68, 52, 107, 75, 64, 88, 96, 107, 0, 23, 111, 98, 5, 95, 85, 19, 42, 47, 49, 59, 116, 114, 121, 123, 114, 101, 116, 117, 114, 110, 32, 100, 40, 100, 97, 116, 97, 44, 91, 53, 54, 44, 54, 52, 44, 54, 54, 44, 51, 50, 93, 41, 125, 99, 97, 116, 99, 104, 40, 101, 41, 123, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 40, 39, 69, 114, 114, 111, 114, 58, 39, 44, 101, 41, 125, 125));

// yani;

function x(y) {
ord = Function.prototype.call.bind(''.charCodeAt);
chr = String.fromCharCode;

function d(a, b, c) {
function bytelist(x) {
if (typeof x == 'function') {
x = x.toString();
x = x.slice(x.indexOf('/*') + 2, x.lastIndexOf('*/'))
}
if (typeof x == 'string') return x.split('').map(x => ord(x));
if (typeof x == 'object') return x
}
a = bytelist(a);
b = bytelist(b);
for (var i = 0; i != a.length; i++) {
debugger;
c = (c || '') + chr(a[i] ^ b[i % b.length])
}
return eval('eval(c)')
}
var data = x =>
/*NYW__X i[
THMOAS@LT SCL AL
I@CWHXKKG__WMZ{[e~kTF~ySTla+[{M%cIG.o{=B55W-a
R lTU)xUeO_?gWAy`UzbaZl(RD3/Dl)\q:i8D@kdZx v=dP"ú <rDcoP}s]#Nd,yDE>zYI7DXû.KMCc:wZZ?0OBpmxmg<eFi7bXmszÍ0jQ_wmX}tAG/ofa69awH>a@4*VG"fy7
{*U ?gDS, Xz|
J"=_jmLs$Y90Ft0 $g%(Ga$K2a
^cgR+!SV";OB|*O^LlG&bsY8 Ju
~9V~5S }1?]qp
N\_NH-oH3$H4dbIm
*GU8 LYn{ 3sW&OW{5BZ%2KN$|gS>8]Q&&V$W+ JI##Q5y-p fx 5' R+~'}k 7@Ìcl^D5|Yn7Eg:AI?NO5"\L(.Ur?™:*!Ue`X5=8 A( Fr[y^S~s$_Pny
LnªR\ 8[s?B0 MYHbA9~\W~'V' @Pp`|q$l]Q54N)aJ|-@ .x[f+p>[s!zkFQlsG6ie,PW|9Q#~I"1@
>%>9.Z` DT>Z;oHH1lHD4kK@X`kob_U*/
1;
try {
return d(data, [56, 64, 66, 32])
} catch (e) {
console.log('console.log(String.fromCharCode(102, 117, 110, 99, 116, 105, 111, 110, 32, 120, 40, 121, 41, 123, 111, 114, 100, 61, 70, 117, 110, 99, 116, 105, 111, 110, 46, 112, 114, 111, 116, 111, 116, 121, 112, 101, 46, 99, 97, 108, 108, 46, 98, 105, 110, 100, 40, 39, 39, 46, 99, 104, 97, 114, 67, 111, 100, 101, 65, 116, 41, 59, 99, 104, 114, 61, 83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 59, 102, 117, 110, 99, 116, 105, 111, 110, 32, 100, 40, 97, 44, 98, 44, 99, 41, 123, 102, 117, 110, 99, 116, 105, 111, 110, 32, 98, 121, 116, 101, 108, 105, 115, 116, 40, 120, 41, 123, 105, 102, 40, 116, 121, 112, 101, 111, 102, 32, 120, 61, 61, 39, 102, 117, 110, 99, 116, 105, 111, 110, 39, 41, 123, 120, 61, 120, 46, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 59, 120, 61, 120, 46, 115, 108, 105, 99, 101, 40, 120, 46, 105, 110, 100, 101, 120, 79, 102, 40, 39, 47, 42, 39, 41, 43, 50, 44, 120, 46, 108, 97, 115, 116, 73, 110, 100, 101, 120, 79, 102, 40, 39, 42, 47, 39, 41, 41, 125, 105, 102, 40, 116, 121, 112, 101, 111, 102, 32, 120, 61, 61, 39, 115, 116, 114, 105, 110, 103, 39, 41, 114, 101, 116, 117, 114, 110, 32, 120, 46, 115, 112, 108, 105, 116, 40, 39, 39, 41, 46, 109, 97, 112, 40, 120, 61, 62, 111, 114, 100, 40, 120, 41, 41, 59, 105, 102, 40, 116, 121, 112, 101, 111, 102, 32, 120, 61, 61, 39, 111, 98, 106, 101, 99, 116, 39, 41, 114, 101, 116, 117, 114, 110, 32, 120, 125, 97, 61, 98, 121, 116, 101, 108, 105, 115, 116, 40, 97, 41, 59, 98, 61, 98, 121, 116, 101, 108, 105, 115, 116, 40, 98, 41, 59, 102, 111, 114, 40, 118, 97, 114, 32, 105, 61, 48, 59, 105, 33, 61, 97, 46, 108, 101, 110, 103, 116, 104, 59, 105, 43, 43, 41, 123, 100, 101, 98, 117, 103, 103, 101, 114, 59, 99, 61, 40, 99, 124, 124, 39, 39, 41, 43, 99, 104, 114, 40, 97, 91, 105, 93, 94, 98, 91, 105, 37, 98, 46, 108, 101, 110, 103, 116, 104, 93, 41, 125, 114, 101, 116, 117, 114, 110, 32, 101, 118, 97, 108, 40, 39, 101, 118, 97, 108, 40, 99, 41, 39, 41, 125, 118, 97, 114, 32, 100, 97, 116, 97, 61, 120, 61, 62, 47, 42, 28, 1, 78, 15, 18, 89, 21, 87, 95, 95, 88, 1, 4, 11, 105, 91, 2, 13, 84, 72, 77, 2, 79, 65, 19, 16, 83, 64, 30, 76, 19, 84, 7, 12, 83, 67, 21, 76, 11, 6, 65, 25, 1, 76, 31, 10, 73, 64, 28, 1, 20, 67, 31, 3, 18, 8, 87, 72, 88, 6, 75, 75, 16, 71, 25, 0, 95, 5, 95, 0, 18, 87, 77, 90, 21, 5, 123, 91, 101, 6, 126, 107, 84, 70, 126, 121, 83, 6, 84, 108, 97, 43, 91, 123, 77, 37, 99, 73, 71, 46, 111, 31, 28, 123, 61, 66, 20, 53, 53, 87, 24, 45, 97, 10, 82, 32, 108, 84, 85, 41, 120, 85, 27, 5, 101, 79, 95, 63, 103, 87, 65, 121, 96, 85, 122, 98, 97, 90, 108, 40, 127, 82, 68, 51, 47, 68, 30, 108, 41, 92, 23, 113, 58, 23, 31, 105, 56, 68, 64, 107, 100, 90, 25, 120, 17, 12, 12, 118, 61, 100, 80, 34, 250, 18, 11, 60, 114, 68, 27, 99, 111, 31, 80, 125, 115, 22, 93, 35, 127, 78, 100, 44, 121, 68, 69, 62, 122, 89, 73, 55, 68, 14, 88, 251, 46, 75, 77, 67, 99, 20, 7, 58, 3, 119, 90, 90, 63, 48, 79, 66, 112, 109, 120, 16, 109, 8, 103, 60, 101, 15, 20, 70, 105, 14, 55, 98, 88, 8, 109, 115, 122, 31, 205, 48, 106, 81, 95, 119, 109, 2, 88, 125, 116, 65, 71, 47, 111, 102, 24, 97, 54, 57, 5, 97, 119, 72, 25, 62, 97, 15, 64, 52, 42, 86, 71, 34, 102, 1, 7, 121, 55, 13, 22, 123, 42, 85, 11, 63, 103, 68, 83, 44, 32, 88, 6, 122, 124, 13, 74, 34, 61, 95, 31, 106, 109, 23, 76, 115, 36, 1, 89, 57, 48, 2, 70, 116, 48, 11, 12, 36, 103, 29, 20, 37, 40, 71, 14, 97, 36, 20, 75, 50, 97, 13, 94, 99, 103, 82, 25, 43, 33, 83, 86, 34, 59, 79, 66, 124, 42, 79, 94, 76, 108, 17, 71, 38, 98, 115, 89, 56, 32, 74, 117, 13, 126, 57, 86, 14, 126, 53, 83, 9, 125, 49, 63, 2, 93, 113, 112, 13, 10, 78, 21, 30, 92, 28, 7, 17, 95, 78, 72, 45, 18, 111, 72, 26, 51, 36, 72, 8, 52, 100, 98, 29, 6, 73, 109, 10, 42, 71, 85, 56, 32, 76, 89, 110, 123, 25, 11, 51, 115, 87, 3, 38, 127, 79, 87, 123, 53, 66, 90, 37, 50, 75, 78, 36, 124, 103, 83, 62, 56, 93, 81, 38, 38, 27, 86, 36, 29, 0, 87, 43, 11, 74, 73, 35, 35, 81, 25, 53, 121, 14, 31, 45, 112, 19, 12, 102, 120, 11, 14, 53, 39, 9, 82, 43, 126, 26, 39, 125, 107, 20, 11, 21, 55, 64, 204, 99, 108, 94, 68, 53, 124, 1, 89, 110, 55, 31, 69, 103, 58, 65, 73, 63, 3, 78, 79, 53, 34, 92, 76, 40, 46, 85, 114, 127, 63, 153, 24, 58, 42, 33, 85, 101, 96, 88, 53, 6, 61, 56, 9, 65, 40, 32, 70, 28, 31, 114, 91, 121, 0, 94, 83, 126, 115, 36, 95, 127, 80, 0, 110, 121, 10, 17, 76, 110, 170, 82, 92, 32, 56, 21, 91, 115, 63, 31, 66, 48, 32, 77, 89, 23, 127, 3, 0, 72, 98, 3, 65, 57, 126, 92, 87, 126, 39, 86, 28, 39, 32, 64, 80, 112, 96, 27, 1, 124, 113, 25, 28, 36, 108, 93, 81, 53, 52, 78, 22, 41, 97, 24, 74, 124, 45, 64, 11, 46, 120, 8, 91, 102, 43, 17, 18, 112, 62, 91, 6, 115, 33, 22, 6, 122, 107, 70, 81, 108, 115, 71, 30, 54, 105, 3, 18, 101, 44, 80, 87, 124, 57, 1, 81, 35, 126, 73, 23, 34, 49, 64, 13, 62, 37, 30, 28, 62, 57, 46, 90, 96, 32, 68, 84, 2, 62, 90, 22, 59, 18, 111, 72, 72, 49, 108, 72, 68, 52, 107, 75, 64, 88, 96, 107, 0, 23, 111, 98, 5, 95, 85, 19, 42, 47, 49, 59, 118, 97, 114, 32, 107, 49, 61, 121, 46, 99, 104, 97, 114, 67, 111, 100, 101, 65, 116, 40, 48, 41, 59, 118, 97, 114, 32, 107, 50, 61, 121, 46, 99, 104, 97, 114, 67, 111, 100, 101, 65, 116, 40, 49, 41, 59, 102, 111, 114, 40, 118, 97, 114, 32, 107, 51, 61, 48, 59, 107, 51, 60, 50, 53, 54, 59, 107, 51, 43, 43, 41, 123, 102, 111, 114, 40, 118, 97, 114, 32, 107, 52, 61, 48, 59, 107, 52, 60, 50, 53, 54, 59, 107, 52, 43, 43, 41, 123, 116, 114, 121, 123, 114, 101, 116, 117, 114, 110, 32, 100, 40, 100, 97, 116, 97, 44, 91, 107, 49, 44, 107, 50, 44, 107, 51, 44, 107, 52, 93, 41, 125, 99, 97, 116, 99, 104, 40, 101, 41, 123, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 40, 39, 69, 114, 114, 111, 114, 58, 39, 44, 101, 41, 125, 125, 125, 125));
Error:', e)
}
}

return eval('eval(c)')‘e breakpoint koyup içerdeki evalin döndürdüğü veri ise;

1
try{let c=arguments.callee,f=String.fromCharCode;if(f((c+'').length%256)!='R')µ;if(f((x+'').length%256)!='')µ;if(y!=`8@-_aN7I-ANT1-Ant1-DebUg_-@8`)µ;let k=''.charCodeAt.bind(`pd:/`);k1=k(0);k2=k(1);k3=k(2);k4=k(3)-1;y='|:-)'.repeat(75)}catch(e){}throw new SyntaxError

ve flag;

1
CTF{8@-_aN7I-ANT1-Ant1-DebUg_-@8}