題目鏈接: http://ctf.idf.cn/index.php?g=game&m=article&a=index&id=43
知識點:js語法
思路:
查看網頁源碼,閱讀js代碼,發現函數實現了加密方法,但是解密的方法並沒有實現,根據加密的部分我們容易寫出解密的方法,如下:
<html>
<body>
<script> /** * Pseudo md5 hash function * @param {string} string * @param {string} method The function method, can be 'ENCRYPT' or 'DECRYPT' * @return {string} */ function pseudoHash(string, method) { // Default method is encryption if (!('ENCRYPT' == method || 'DECRYPT' == method)) { method = 'ENCRYPT'; } // Run algorithm with the right method if ('ENCRYPT' == method) { // Variable for output string var output = ''; // Algorithm to encrypt for (var x = 0, y = string.length, charCode, hexCode; x < y; ++x) { charCode = string.charCodeAt(x); if (128 > charCode) { charCode += 128; } else if (127 < charCode) { charCode -= 128; } charCode = 255 - charCode; hexCode = charCode.toString(16); if (2 > hexCode.length) { hexCode = '0' + hexCode; } output += hexCode; } // Return output return output; } else if ('DECRYPT' == method) { // Algorithm to encrypt // Variable for output string var output = ''; var charCode = ''; var hexCode = 0; for(var i=0; i<string.length; i+=2){ if(string[i] == '0'){ charCode = string[i+1]; } else{ charCode = string[i]+string[i+1]; } hexCode = parseInt(charCode, 16) hexCode = 255 - hexCode if(hexCode > 128){ hexCode -= 128 } else if(hexCode < 128){ hexCode += 128 } output += String.fromCharCode(hexCode); } // Return output return output; } } document.write(pseudoHash('46191d4b494a4e1c4f4a1d4d1a1b484f191d1e4a1e191a4f1d4f4c461e4a4a4f', 'DECRYPT')); </script>
</body>
</html>
解密的結果為“9fb4651c05b2ed70fba5afe0b039a550”,將該值粘入原網頁的密碼輸入框,走你,得到答案“wctf{jS_decRypt__Eaaasy}”