The first challenge gives us a link (https://cctv-web.2021.ctfcompetition.com/) to a login page.
Putting a random password in here gives us an alert that the password is wrong.
Analysing
Since this is tagged as a reversing challenge, it is always a good idea to look at the underlying code. By pressing Ctrl+U you can view the source code of the page, and scroll down a bit.
Here we see the following JavsScript code:
const checkPassword = () => {
const v = document.getElementById("password").value;
const p = Array.from(v).map(a => 0xCafe + a.charCodeAt(0));
if(p[0] === 52037 &&
p[6] === 52081 &&
p[5] === 52063 &&
p[1] === 52077 &&
p[9] === 52077 &&
p[10] === 52080 &&
p[4] === 52046 &&
p[3] === 52066 &&
p[8] === 52085 &&
p[7] === 52081 &&
p[2] === 52077 &&
p[11] === 52066) {
window.location.replace(v + ".html");
} else {
alert("Wrong password!");
}
}
Looking at this code it seems the password is being checked with the condition in the if
statement. It alerts us when the password is wrong and changes the URL to the inputted password if we get it right.
Our inputted password doesn't go raw into the condition, it first gets mapped by the
const p = Array.from(v).map(a => 0xCafe + a.charCodeAt(0));
function. This code just adds the hexidecimal value 0xcafe
to every individual character's ascii value. Then it places them all in the array p
.
Solution
Now we need to create a password the passes all these checks.
We can just do the reverse of these steps, to end up with the password. By subtracting 0xcafe
instead of adding it we can get the original value. Then we need to just place the letters in the correct order to get the password.
We can easily get all the p
values from the condition in an array like this:
p = []
p[0] = 52037
p[6] = 52081
p[5] = 52063
p[1] = 52077
p[9] = 52077
p[10] = 52080
p[4] = 52046
p[3] = 52066
p[8] = 52085
p[7] = 52081
p[2] = 52077
p[11] = 52066
Then we need to map these values in reverse, back to the original value. By just subtracting the 0xcafe
we get that value.
o = p.map(a => String.fromCharCode(a - 0xCafe)); // Map values back in reverse
console.log(o.join('')) // Log output as string instead of array
This logs GoodPassword
to the console, and trying to input this as a password to the login page redirects us to a page with four CCTV cameras, with the flag on the bottom!
CTF{IJustHopeThisIsNotOnShodan}