[C2C CTF 2023] JSWHAT?
Solution
The long input string ends with an =, therefore is likely a base64 encoding.
with open("input.txt", "r") as f:
file = f.read()
import base64
a = base64.b64decode(file)
print(a)
# Beginning of output: b'[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+
The title of the challenge suggests weirdness with JavaScript, so you can try that. As a sidenote, the code works because of how js converts types. Take the following examples to give a sketch for generating a few different values
[] -> [] // represents empty array
[][0] -> undefined // means the array does not have element 0
![] -> false // An array is a non-null object, so it's true, the
// boolean negation of it is therefore false
+[] -> 0 // The + operator converts the operands to int, an array is
// usually converted to int by taking its first element,
// which is in this case undefined.
!+[] -> true // +[] is 0, the boolean negation of 0 is true
+(!+[]) -> 1 // Convert true to int, you get 1
![]+[] -> 'false' // + operator takes two operands, false and an empty array
// it adds them by converting both to strings.
(![]+[])[+(!+[])] -> 'a' // take the 1st element of the string 'false' to get 'a'
Running the output of the python script in a chrome dev console gives:
cyA9ICd9ZDEwZTgxYjlkOGVhNC00YTM5LWI3ZDQtNGFjMi1mNGM0YjM5YmQ5M3tHQUxGJwpyZXZlcnNlZF9zID0gc1s6Oi0xXQpwcmludChyZXZlcnNlZF9zKQ==
Which ends in =. This is clearly a base64 encoded value, decode it to get
with open("input2.txt", "r") as f:
file = f.read()
b = base64.b64decode(file)
print(b.decode('utf-8'))
# Output: }d10e81b9d8ea4-4a39-b7d4-4ac2-f4c4b39bd93{GALF
Reverse this string to get the flag.
Flag
FLAG{39db93b4c4f-2ca4-4d7b-93a4-4ae8d9b18e01d}
Written on May 18, 2023