Tags: video
Rating: 0
For a better view check our [githubpage](https://bsempir0x65.github.io/CTF_Writeups/AngstromCTF_2022/#the-flash) or [github](https://github.com/bsempir0x65/CTF_Writeups/tree/main/AngstromCTF_2022#the-flash) out
![https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/theflash.png](https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/theflash.png)
Next we moved on and tried next a web challenge. For this challenge we got a website which shows us already the flag format with according to the text is not the right one. But we don't fall for such simple tricks and tried it on the angstrom website. Yeah it was wrong but you never know in times like this with all the misinformation's.
After a closer look we could see that a javascript file is responsible for quickly changing the context of the site and the hint in the exercise also suggest to watch a certain DOM object to get notified when it gets changed and you then can just print out the flag. Too easy.
So first lets have a look on this nice javascript:
```js
const _0x15c166 = _0x43fe;
(function (_0x20ab81, _0xdea176) {
const _0x3bb316 = _0x43fe,
_0x25fbaf = _0x20ab81();
while (!![]) {
try {
const _0x58137d = - parseInt(_0x3bb316(212, 'H3tY')) / 1 + - parseInt(_0x3bb316(215, 'nwZz')) / 2 + parseInt(_0x3bb316(225, '%[Nl')) / 3 + parseInt(_0x3bb316(214, 'ub7C')) / 4 * ( - parseInt(_0x3bb316(231, '3RP4')) / 5) + parseInt(_0x3bb316(217, '9V4u')) / 6 + parseInt(_0x3bb316(223, 't*r!')) / 7 * (parseInt(_0x3bb316(207, 'SMMO')) / 8) + parseInt(_0x3bb316(226, '6%rI')) / 9 * (parseInt(_0x3bb316(230, '3RP4')) / 10);
if (_0x58137d === _0xdea176) break;
else _0x25fbaf['push'](_0x25fbaf['shift']());
} catch (_0xa016d7) {
_0x25fbaf['push'](_0x25fbaf['shift']());
}
}
}(_0x4733, 708077));
const x = document['getElementById'](_0x15c166(229, 'q!!U'));
setInterval(() =>{
const _0x24a935 = _0x15c166;
Math[_0x24a935(209, '&EwH')]() < 0.05 && (x[_0x24a935(220, '1WY2')] = [
115,
113,
128,
110,
137,
129,
132,
65,
65,
112,
139,
101,
120,
67,
121,
111,
101,
128,
124,
65,
101,
110,
120,
64,
129,
124,
135
][_0x24a935(219, 'H3tY')](_0x4cabe2=>String[_0x24a935(216, 'Ceiy')](_0x4cabe2 - 13 ^ 7)) [_0x24a935(224, '1WY2')](''), setTimeout(() =>x[_0x24a935(227, '5HF&')] = _0x24a935(222, '($xo'), 10));
}, 100);
function _0x43fe(_0x297222, _0x4c5119) {
const _0x47338c = _0x4733();
return _0x43fe = function (_0x43fe0d, _0x2873da) {
_0x43fe0d = _0x43fe0d - 207;
let _0x3df1f6 = _0x47338c[_0x43fe0d];
if (_0x43fe['jYleOi'] === undefined) {
var _0x484b33 = function (_0x406fee) {
const _0x292a9c = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
let _0x2734de = '',
_0x46bc7d = '';
for (let _0x89c327 = 0, _0x3d5185, _0x35bd82, _0x15d96e = 0; _0x35bd82 = _0x406fee['charAt'](_0x15d96e++); ~_0x35bd82 && (_0x3d5185 = _0x89c327 % 4 ? _0x3d5185 * 64 + _0x35bd82 : _0x35bd82, _0x89c327++ % 4) ? _0x2734de += String['fromCharCode'](255 & _0x3d5185 >> ( - 2 * _0x89c327 & 6)) : 0) {
_0x35bd82 = _0x292a9c['indexOf'](_0x35bd82);
}
for (let _0x4f3ab1 = 0, _0x2b4484 = _0x2734de['length']; _0x4f3ab1 < _0x2b4484; _0x4f3ab1++) {
_0x46bc7d += '%' + ('00' + _0x2734de['charCodeAt'](_0x4f3ab1) ['toString'](16)) ['slice']( - 2);
}
return decodeURIComponent(_0x46bc7d);
};
const _0x4cabe2 = function (_0x302eb2, _0x32783d) {
let _0x1fbce8 = [
],
_0x4d57b4 = 0,
_0x3fd440,
_0x49491b = '';
_0x302eb2 = _0x484b33(_0x302eb2);
let _0x582ee5;
for (_0x582ee5 = 0; _0x582ee5 < 256; _0x582ee5++) {
_0x1fbce8[_0x582ee5] = _0x582ee5;
}
for (_0x582ee5 = 0; _0x582ee5 < 256; _0x582ee5++) {
_0x4d57b4 = (_0x4d57b4 + _0x1fbce8[_0x582ee5] + _0x32783d['charCodeAt'](_0x582ee5 % _0x32783d['length'])) % 256,
_0x3fd440 = _0x1fbce8[_0x582ee5],
_0x1fbce8[_0x582ee5] = _0x1fbce8[_0x4d57b4],
_0x1fbce8[_0x4d57b4] = _0x3fd440;
}
_0x582ee5 = 0,
_0x4d57b4 = 0;
for (let _0xbf0a0b = 0; _0xbf0a0b < _0x302eb2['length']; _0xbf0a0b++) {
_0x582ee5 = (_0x582ee5 + 1) % 256,
_0x4d57b4 = (_0x4d57b4 + _0x1fbce8[_0x582ee5]) % 256,
_0x3fd440 = _0x1fbce8[_0x582ee5],
_0x1fbce8[_0x582ee5] = _0x1fbce8[_0x4d57b4],
_0x1fbce8[_0x4d57b4] = _0x3fd440,
_0x49491b += String['fromCharCode'](_0x302eb2['charCodeAt'](_0xbf0a0b) ^ _0x1fbce8[(_0x1fbce8[_0x582ee5] + _0x1fbce8[_0x4d57b4]) % 256]);
}
return _0x49491b;
};
_0x43fe['aheYsv'] = _0x4cabe2,
_0x297222 = arguments,
_0x43fe['jYleOi'] = !![];
}
const _0x2eb7bc = _0x47338c[0],
_0xc73dee = _0x43fe0d + _0x2eb7bc,
_0x2f959a = _0x297222[_0xc73dee];
return !_0x2f959a ? (_0x43fe['nusGzU'] === undefined && (_0x43fe['nusGzU'] = !![]), _0x3df1f6 = _0x43fe['aheYsv'](_0x3df1f6, _0x2873da), _0x297222[_0xc73dee] = _0x3df1f6) : _0x3df1f6 = _0x2f959a,
_0x3df1f6;
},
_0x43fe(_0x297222, _0x4c5119);
}
function _0x4733() {
const _0x562851 = [
'j2nrWRvPfbn7',
'rKDEx8oeW6m',
'gSk4WQlcVCkOteCxq8kaiCo8',
'WPDTt8oVWPxcHNHdq8oWW5RcISob',
'W5z6vfL8Emk2fKyqh0S',
'ACobWQHmW63cTCksDrldUu7dSbm',
'ASofW6OnWQddTSoYFq',
'WPXcixtdT0PpW6fnbKLx',
'cSoyW41jW7bYWRrkW6BcGmoUWQm',
'Fe0yy2ZcQqFdHmoNe8oIAHe',
'W4zFo1iOuZVcMqXmW7Hu',
'WOOIfW',
'W63cLSobW5pcUYGnWP/cGW',
'FGhdPdFcVCk7aCkucmoIewi',
'FXD/WR0/lCk3WOhdPuuLnZVdOYjEo8k6CderudKhnZHw',
'lqdcImkwW5JcTCoi',
'W67cL8ogW5G',
'tSoTjd1mdSoXyfT7DKDq',
'WOpcSCo0WOtdJmkngSoPBNdcUfq',
'WPVcOHtdQ8oHWPaAxta',
'tttcLCkuWPZcPGxcJmkcWRxdTqZdHq',
'pSooW7hdGqu',
'WRxcUmkFgJpdVCoMW7Oo',
'WRBcVmkzxLtcISkDW6aujqdcUmke',
'gCktWR3dV8kaW7/dPrHCoCkLqmo9'
];
_0x4733 = function () {
return _0x562851;
};
return _0x4733();
}
```
Yeah way to complex to deobfuscate it for an easy challenge. So based on the fact that i have bad Screen with some delays in the framerate why not just use that to make a video to see what the value would be ♡^▽^♡.
[https://user-images.githubusercontent.com/87261585/167305971-ffec2fc2-eb18-4455-8d00-22c2f328d910.mp4](https://user-images.githubusercontent.com/87261585/167305971-ffec2fc2-eb18-4455-8d00-22c2f328d910.mp4http://)
Just to make it easy for everyone we caught it right at 5 seconds so for mplayer it would be:
![https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/theflash2.png](https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/theflash2.png)
And for everyone who does not want to type it out: actf{sp33dy_l1ke_th3_fl4sh} . That's not the intended way but way funnier.