DASCTF[Minesweepe]
Title: Minesweepe
Author: Hopeace
Shooting range address: 183.129.189.60:10005
0x01 Analysis question
Game questions generally have two ideas:
The first is to play the game, which is of course more difficult. The third level of Minesweeper is really difficult. I tried it twice but had no luck and couldn’t solve it.
The second is to modify the js code
0x02 Modify js code
Use chrome’s own developer tools
When I went in, I found that the right-click was disabled (no wonder I couldn’t click Check with the right-click).
Found the success function
There is a string of encrypted codes inside
Obviously flag
var _0x5a3c=['w7bDkcO+wo3Cig3Cq0Q=','N8KrS3hvwr5GwrA4XgXCpwo=','aFxHw49Ww4bCsMOV','fTl2AMKhwphYOxXCl8KEd8O0','wpvCvX4eI8K3P8Ke','w78YwopFw77DtVrCh27DiRkHw7bDuQ=='];var _0x4cf3=function(_0x5a3c3e,_0x4cf3a9){
_0x5a3c3e=_0x5a3c3e-0x0;var _0x46bb75=_0x5a3c[_0x5a3c3e];if(_0x4cf3['pyRNGP']===undefined){
(function(){
var _0x279a73;try{
var _0x25b2df=Function('return\x20(function()\x20'+'{}.constructor(\x22return\x20this\x22)(\x20)'+');');_0x279a73=_0x25b2df();}catch(_0x44bb3a){
_0x279a73=window;}var _0x3a8cf0='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x279a73['atob']||(_0x279a73['atob']=function(_0x5e6cb3){
var _0x251399=String(_0x5e6cb3)['replace'](/=+$/,'');var _0x3be520='';for(var _0x31ea4a=0x0,_0x1689fd,_0x11a08e,_0x1c83ef=0x0;_0x11a08e=_0x251399['charAt'](_0x1c83ef++);~_0x11a08e&&(_0x1689fd=_0x31ea4a%0x4?_0x1689fd*0x40+_0x11a08e:_0x11a08e,_0x31ea4a++%0x4)?_0x3be520+=String['fromCharCode'](0xff&_0x1689fd>>(-0x2*_0x31ea4a&0x6)):0x0){
_0x11a08e=_0x3a8cf0['indexOf'](_0x11a08e);}return _0x3be520;});}());var _0xc16ed0=function(_0x2d2765,_0x4fc2c5){
var _0x48499b=[],_0x3bf0fd=0x0,_0x4ccf46,_0x12f248='',_0x1112ff='';_0x2d2765=atob(_0x2d2765);for(var _0x5e74db=0x0,_0x2a6c1f=_0x2d2765['length'];_0x5e74db<_0x2a6c1f;_0x5e74db++){
_0x1112ff+='%'+('00'+_0x2d2765['charCodeAt'](_0x5e74db)['toString'](0x10))['slice'](-0x2);}_0x2d2765=decodeURIComponent(_0x1112ff);var _0x436da0;for(_0x436da0=0x0;_0x436da0<0x100;_0x436da0++){
_0x48499b[_0x436da0]=_0x436da0;}for(_0x436da0=0x0;_0x436da0<0x100;_0x436da0++){
_0x3bf0fd=(_0x3bf0fd+_0x48499b[_0x436da0]+_0x4fc2c5['charCodeAt'](_0x436da0%_0x4fc2c5['length']))%0x100;_0x4ccf46=_0x48499b[_0x436da0];_0x48499b[_0x436da0]=_0x48499b[_0x3bf0fd];_0x48499b[_0x3bf0fd]=_0x4ccf46;}_0x436da0=0x0;_0x3bf0fd=0x0;for(var _0x54447d=0x0;_0x54447d<_0x2d2765['length'];_0x54447d++){
_0x436da0=(_0x436da0+0x1)%0x100;_0x3bf0fd=(_0x3bf0fd+_0x48499b[_0x436da0])%0x100;_0x4ccf46=_0x48499b[_0x436da0];_0x48499b[_0x436da0]=_0x48499b[_0x3bf0fd];_0x48499b[_0x3bf0fd]=_0x4ccf46;_0x12f248+=String['fromCharCode'](_0x2d2765['charCodeAt'](_0x54447d)^_0x48499b[(_0x48499b[_0x436da0]+_0x48499b[_0x3bf0fd])%0x100]);}return _0x12f248;};_0x4cf3['kjKZbT']=_0xc16ed0;_0x4cf3['fRfqwz']={
};_0x4cf3['pyRNGP']=!![];}var _0x38f5b2=_0x4cf3['fRfqwz'][_0x5a3c3e];if(_0x38f5b2===undefined){
if(_0x4cf3['uRleIp']===undefined){
_0x4cf3['uRleIp']=!![];}_0x46bb75=_0x4cf3['kjKZbT'](_0x46bb75,_0x4cf3a9);_0x4cf3['fRfqwz'][_0x5a3c3e]=_0x46bb75;}else{
_0x46bb75=_0x38f5b2;}return _0x46bb75;};if(this[_0x4cf3('0x0','8)D!')]==0xa)alert(_0x4cf3('0x1','2$t7'));if(this[_0x4cf3('0x2','#Ckz')]==0xf)alert(_0x4cf3('0x3','1vj%'));if(this[_0x4cf3('0x4','%sR9')]==0x14)alert(_0x4cf3('0x5','@2yf'));
The first idea is to decrypt and find related open source projects
Found it too difficult
Later, I simply added this piece of code to the failed function.
In this way, deliberately hitting the mine will prompt the game to end, but the code will continue to be executed.
Get part of the flag
Piece together to get the complete flag
DASCTF{c4a204599255589b065eb366cf514aee}
0x03 Reflection
If you can't play games, don't play games! ! !