IDF-CTF-简单的js加密 writeup

题目链接: http://ctf.idf.cn/index.php?g=game&m=article&a=index&id=43

知识点:js语法

这里这里→ http://ctf.idf.cn/game/web/43/index.php

思路:

查看网页源码,阅读js代码,发现函数实现了加密方法,但是解密的方法并没有实现,根据加密的部分我们容易写出解密的方法,如下:

<html>
<body>

<script>
/**
 * Pseudo md5 hash function
 * @param {string} string
 * @param {string} method The function method, can be 'ENCRYPT' or 'DECRYPT'
 * @return {string}
 */
function pseudoHash(string, method) {
  // Default method is encryption
  if (!('ENCRYPT' == method || 'DECRYPT' == method)) {
    method = 'ENCRYPT';
  }
  // Run algorithm with the right method
  if ('ENCRYPT' == method) {
    // Variable for output string
    var output = '';
    // Algorithm to encrypt
    for (var x = 0, y = string.length, charCode, hexCode; x < y; ++x) {
      charCode = string.charCodeAt(x);
      if (128 > charCode) {
        charCode += 128;
      } else if (127 < charCode) {
        charCode -= 128;
      }
      charCode = 255 - charCode;
      hexCode = charCode.toString(16);
      if (2 > hexCode.length) {
        hexCode = '0' + hexCode;
      }

      output += hexCode;
    }
    // Return output
    return output;
  } else if ('DECRYPT' == method) {
    // Algorithm to encrypt
    // Variable for output string
    var output = '';
    var charCode = '';
    var hexCode = 0;
    for(var i=0; i<string.length; i+=2){
        if(string[i] == '0'){
            charCode = string[i+1];
        }
        else{
            charCode = string[i]+string[i+1];
        }

        hexCode = parseInt(charCode, 16)
        hexCode = 255 - hexCode
        if(hexCode > 128){
            hexCode -= 128
        }
        else if(hexCode < 128){
            hexCode += 128
        }
        output += String.fromCharCode(hexCode);
    }
    // Return output
    return output;
  }
}
document.write(pseudoHash('46191d4b494a4e1c4f4a1d4d1a1b484f191d1e4a1e191a4f1d4f4c461e4a4a4f', 'DECRYPT'));
</script>

</body>
</html>

解密的结果为“9fb4651c05b2ed70fba5afe0b039a550”,将该值粘入原网页的密码输入框,走你,得到答案“wctf{jS_decRypt__Eaaasy}”

posted @ 2015-07-20 22:20  HitAnyKey  阅读(3796)  评论(0编辑  收藏  举报