[Web.kr]Level 12

 

javascript challenge 라고 뜬다.

소스코드를 살펴보자.

<script>
WorkTimeFun=String.fromCharCode(118,97,114,32,101,110,99,111,61,39,39,59,13,10,118,97,114,32,101,110,99,111,50,61,49,50,54,59,13,10,118,97,114,32,101,110,99,111,51,61,51,51,59,13,10,118,97,114,32,99,107,61,100,111,99,117,109,101,110,116,46,85,82,76,46,115,117,98,115,116,114,40,100,111,99,117,109,101,110,116,46,85,82,76,46,105,110,100,101,120,79,102,40,39,61,39,41,41,59,13,10,32,13,10,32,13,10,102,111,114,40,105,61,49,59,105,60,49,50,50,59,105,43,43,41,13,10,123,13,10,101,110,99,111,61,101,110,99,111,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,105,44,48,41,59,13,10,125,13,10,32,13,10,102,117,110,99,116,105,111,110,32,101,110,99,111,95,40,120,41,13,10,123,13,10,114,101,116,117,114,110,32,101,110,99,111,46,99,104,97,114,67,111,100,101,65,116,40,120,41,59,13,10,125,13,10,32,13,10,105,102,40,99,107,61,61,34,61,34,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,95,40,50,52,48,41,41,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,95,40,50,50,48,41,41,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,95,40,50,51,50,41,41,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,95,40,49,57,50,41,41,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,95,40,50,50,54,41,41,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,95,40,50,48,48,41,41,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,95,40,50,48,52,41,41,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,95,40,50,50,50,45,50,41,41,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,95,40,49,57,56,41,41,43,34,126,126,126,126,126,126,34,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,50,41,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,101,110,99,111,51,41,41,13,10,123,13,10,97,108,101,114,116,40,34,80,97,115,115,119,111,114,100,32,105,115,32,34,43,99,107,46,114,101,112,108,97,99,101,40,34,61,34,44,34,34,41,41,59,13,10,125,13,10);

eval(WorkTimeFun);
</script>

괴상한 숫자들이 들어있다. WorkTimeFun 부분을 크롬 개발자모드 콘솔에 넣어보자.

fromCharCode 함수가 유니코드 문자값을 문자열로 바꿔주는 함수이다.

즉, 난독화 되어 있었던 코드였던 것이다. 이제 추출된 코드를 정리해서 보면 다음과 같다.

var enco = '';
var enco2 = 126;
var enco3 = 33;
var ck = document.URL.substr(document.URL.indexOf('='));
for (i = 1; i < 122; i++) {
    enco = enco + String.fromCharCode(i, 0);
}

function enco_(x) {
    return enco.charCodeAt(x);
}
if (ck == "=" + String.fromCharCode(enco_(240)) + 
    String.fromCharCode(enco_(220)) + 
    String.fromCharCode(enco_(232)) + 
    String.fromCharCode(enco_(192)) + 
    String.fromCharCode(enco_(226)) + 
    String.fromCharCode(enco_(200)) + 
    String.fromCharCode(enco_(204)) + 
    String.fromCharCode(enco_(222 - 2)) + 
    String.fromCharCode(enco_(198)) + 
    "~~~~~~" + 
    String.fromCharCode(enco2) + 
    String.fromCharCode(enco3)) {
    alert("Password is " + ck.replace("=", ""));
}

‘240’, ‘220’ 등 숫자들이 enco_() 함수에 들어가고 해당 함수에서는 charCodeAt함수로 처리하고 리턴한다.

charCodeAt 함수는 문자열을 유니코드 값으로 바꿔주는 함수이다. 즉, fromCharCode의 반대인것 같다.

그렇게 얻은 문자들과 ck와 같으면 password에 ck값이 출력된다.

쨋든 그렇다 카더라~😏

우리가 직접 다 계산할 건 아니고, 그대로 콘솔에 토스해주자.

패스워드 나왔다 :)

Flag : youaregod~~~~~~~!