Rating:
# SECCON 2020 Online CTF - Capsule & Beginner's Capsule - Author's Writeup
## Author
@hakatashi
## Challenge Summary
The task is quite obvious from the appearence of the given website.
You can arbitrarily change the code below the given header and the task is to get the value stored in ESNext's [Private Class Field](https://v8.dev/features/class-fields#private-class-fields). *Decapsulation.*
```typescript
import * as fs from 'fs';
// @ts-ignore
import {enableSeccompFilter} from './lib.js';
class Flag {
#flag: string;
constructor(flag: string) {
this.#flag = flag;
}
}
const flag = new Flag(fs.readFileSync('flag.txt').toString());
fs.unlinkSync('flag.txt');
enableSeccompFilter();
// input goes here
```
## Beginner's Capsule
The private field in TypeScript is [implemented with WeakMap](https://github.com/Microsoft/TypeScript/pull/30829). If you transpiled the given code to JavaScript, [the result](https://www.typescriptlang.org/play?#code/MYGwhgzhAEBi4HNoG8BQ1oGIBmiBc0EALgE4CWAdggNzrTAD2FxJArsEQyQBS5gIEWlBAEoUdDEQAWZCADociaAF5ofGnQC+qTUA) will be like the following.
```js
var _flag;
class Flag {
constructor(flag) {
_flag.set(this, void 0);
__classPrivateFieldSet(this, _flag, flag);
}
}
_flag = new WeakMap();
```
`_flag` is easily accessible from the same scope, so you can get the flag by `console.log(eval('_flag.get(flag)'))`;
