Official Query Discussion

Official discussion thread for Query. Please do not post any spoilers or big hints.

What technique makes this “easy”? Heck, what technique makes this “medium”?

Working with an associate we have gone through several layers, using automated and manual techniques, and we’re still not there.

Have we too gone deep into some rabbit hole?

Type your comment> @parasamgate said:

What technique makes this “easy”? Heck, what technique makes this “medium”?

I’m wondering about this myself. Static analysis is giving me a headache and seems like far, far too much work for an “easy” 40 point Misc challenge.

Hi! I got it minutes ago after thinking about it more than one day, but in retrospective, now I think I could have done this in far less time if I had not lost time in rabbit holes.

A little hint: The worst thing you can do here is overthink the final steps. Even when you think you have understood what does the script in general, you will need to take some steps back to get what you want (you can think of it as the script sometimes is capable to know that you are meddling with it, and that affects greatly the final result)

(If this is a very big hint tell me please. This is my first time contributing here and I don’t want to ruin the challenge by accident :disappointed: )

Fascinating, thank you @eriveros – I don’t think you’ve given much away at all.

Could you tell us, knowing the correct technique, how long would it take you to solve another challenge like this?

How many tools did you use?

Type your comment> @eriveros said:

Hi! I got it minutes ago after thinking about it more than one day, but in retrospective, now I think I could have done this in far less time if I had not lost time in rabbit holes.

A little hint: The worst thing you can do here is overthink the final steps. Even when you think you have understood what does the script in general, you will need to take some steps back to get what you want (you can think of it as the script sometimes is capable to know that you are meddling with it, and that affects greatly the final result)

(If this is a very big hint tell me please. This is my first time contributing here and I don’t want to ruin the challenge by accident :disappointed: )

This was actually an amazing hint that doesn’t spoil anything. I’d begun to suspect something like this, but hadn’t gotten around to actually looking for it yet.

+respect

Got it. If I saw a challenge using the same tactic in the future I could solve it in under an hour for sure, I can see how the blood was had so quickly.

Not sure this belongs in misc though?

@parasamgate said:
Fascinating, thank you @eriveros – I don’t think you’ve given much away at all.

Could you tell us, knowing the correct technique, how long would it take you to solve another challenge like this?

How many tools did you use?

I think it would take me at most one hour haha, but it is difficult to not to overestimate your own capabilities after you solve it.

About the tools, I used just a normal text editor, the Firefox browser javascript debugger, some JS prettifiers found on the web and a reasonable amount of patience.

I don’t know if I solved it intended way but if yes then thanks @polarbearer for a very nice challenge.

Great challenge. Really enjoyed it. The trick was continuing on the chosen path, instead of giving up. As @eriveros mentioned, close to the end there was a bit of a rabbit hole that almost made me jump over the flag itself and pursue something far far outside of scope.

thanks @polarbearer

Nice Challenge, and Done.

the fake flag was the funnest part of this challenge.

Hint:

think like a debugger. the script is smart.

1 Like

This was a fun challenge! After a first look a month or two ago, it took me less then half an hour to solve it this time, thanks to @eriveros great hint!
Feel free to reach out via a dm if someone needs a small nudge of sanity check!

I found some code, but it gets stuck in infinite loops, would appreciate a nudge!

This one drives me crazy!

Could I ask for a little hint? I cannot get how the parameters part of the packer is encoded… Thanks in advance!

I have been a long time trying to debug the code. I found some infinite loops and recursive calls, but I don’t have any clue of where is the flag (not the fake one xD). Can someone DM me for a hint?
UPDATE: Done. Feel free to contact me if you are stuck

It’s like scanning all the restaurants in town to find I could have cooked hours ago :smiley:

I was also trapped in those nasty recursions and @7Rocky saved me a heap of trouble!

It was a lot of fun / pain, thanks @polarbearer!!
(also: where do you get these tortured ideas from??)

1 Like

Hi, I’m on the last step. I understand how the encoding function works and the two params that it gets, but I’m not able to get the flag. Also, I surfed around the infinite loops and manage to overpass them. I’m assuming that I am missing something with base64 encoding and I don’t know what. Can someone help me? Thanks!

Quite interesting challenge, which forced me to install nodejs.
Hint: don’t use anything except javascript interpreter. Otherwise you can corrupt the code

I’m pretty stuck on this. I’ve managed to deobfuscate the original script through 2 layers so now have some code. I’ve run the resulting code in the console in DevTools and can see that once you run it and call the resulting function, the result is endless recursion. And that’s where I’m at - I think I need to do something with the two arguments laid out in the deobfuscated script but I feel like I’ve been looking at this for so long now I can’t see the wood for the trees! All the posts on here are pretty old now, so I’m hoping there’s someone out there who can remember how they cracked this one to help point me in the right direction.

Can you give me a hint? right now im stuck at the while loop here while debugging:
(function anonymous() {
eval(function(p, a, c, k, e, d) {
e = function(c) {
return c
};
if (!‘’.replace(/^/, String)) {
while (c--) {
d[c] = k[c] || c
}
k = [function(e) {
return d[e]
}];
e = function() {
return ‘\w+’
};
c = 1
};
while (c–) {
if (k[c]) {
p = p.replace(new RegExp(‘\b’ + e(c) + ‘\b’, ‘g’), k[c])
}
}
return p
}('7 304(){46.49('209').305('306',197)}7 197()…SNIP

I decided to step out leaving that function. Then i found the fake flag: https://SFRCe3NvcnJ5X2J1dF90aGlzX2lzX25vdF95b3VyX2ZsYWd9.htb/

From there i have no clue can you gime some hint to the next step?